Close

Presentation

SecPaging: Secure Enclave Paging with Hardware-Enforced Protection against Controlled-Channel Attacks
SessionWhat's Your Best Side?
DescriptionAs a prevalent privacy-preserving technology, Trusted Execution Environment has become widely adopted in numerous commercial processors. Nonetheless, they remain susceptible to various controlled-channel attacks. Untrusted operating systems can deduce enclave secrets by manipulating page tables or observing allocation- or swap-based page faults. In this paper, we propose SecPaging, a novel secure enclave paging mechanism based on hardware-enforced and microcode-supported protection to prevent these attacks. First, enclave PTEs are protected through hardware isolation, preventing privileged attackers from malicious tampering or observations. Second, Eager-Allocation mechanism is employed to prevent allocation-based controlled-channel attacks. Besides, Record-Reload mechanism is proposed to prevent swap-based controlled-channel attacks.
Authors
Yunkai Bai
Institute of Information Engineering, Chinese Academy of Sciences
Peinan Li
Institute of Information Engineering, Chinese Academy of Sciences
Yubiao Huang
Chinese Academy of Sciences
Shiwen Wang
Institute of Information Engineering, Chinese Academy of Sciences
Xingbin Wang
Institute of Information Engineering, Chinese Academy of Sciences
Dan Meng
Institute of Information Engineering, Chinese Academy of Sciences
Rui Hou
Institute of Information Engineering, Chinese Academy of Sciences
Event Type
Research Manuscript
TimeWednesday, June 262:30pm - 2:45pm PDT
Location3012, 3rd Floor
Topics
Security
Keywords
Hardware Security: Attack and Defense
Next PresentationNext Presentation
Levioso: Efficient Compiler-Informed Secure Speculation