BEGIN:VCALENDAR VERSION:2.0 PRODID:Linklings LLC BEGIN:VTIMEZONE TZID:America/Los_Angeles X-LIC-LOCATION:America/Los_Angeles BEGIN:DAYLIGHT TZOFFSETFROM:-0800 TZOFFSETTO:-0700 TZNAME:PDT DTSTART:19700308T020000 RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0700 TZOFFSETTO:-0800 TZNAME:PST DTSTART:19701101T020000 RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTAMP:20240626T180034Z LOCATION:3012\, 3rd Floor DTSTART;TZID=America/Los_Angeles:20240626T143000 DTEND;TZID=America/Los_Angeles:20240626T144500 UID:dac_DAC 2024_sess155_RESEARCH012@linklings.com SUMMARY:SecPaging: Secure Enclave Paging with Hardware-Enforced Protection against Controlled-Channel Attacks DESCRIPTION:Research Manuscript\n\nYunkai Bai and Peinan Li (Institute of Information Engineering, Chinese Academy of Sciences); Yubiao Huang (Chine se Academy of Sciences); and Shiwen Wang, Xingbin Wang, Dan Meng, and Rui Hou (Institute of Information Engineering, Chinese Academy of Sciences)\n\ nAs a prevalent privacy-preserving technology, Trusted Execution Environme nt has become widely adopted in numerous commercial processors. Nonetheles s, they remain susceptible to various controlled-channel attacks. Untruste d operating systems can deduce enclave secrets by manipulating page tables or observing allocation- or swap-based page faults. In this paper, we pro pose SecPaging, a novel secure enclave paging mechanism based on hardware- enforced and microcode-supported protection to prevent these attacks. Firs t, enclave PTEs are protected through hardware isolation, preventing privi leged attackers from malicious tampering or observations. Second, Eager-Al location mechanism is employed to prevent allocation-based controlled-chan nel attacks. Besides, Record-Reload mechanism is proposed to prevent swap- based controlled-channel attacks.\n\nTopic: Security\n\nKeyword: Hardware Security: Attack and Defense\n\nSession Chairs: Avani Dave (Intel Corporat ion) and Vincent Immler (Oregon State University) END:VEVENT END:VCALENDAR