<![CDATA[PhD Defense by Ming-Wei Shih]]>

627554 event 1571061601 1571061601 <![CDATA[PhD Defense by Ming-Wei Shih]]> Title: Securing Intel SGX against Side-Channel Attacks via Load-Time Synthesis

Ming-Wei Shih
Ph.D. candidate in Computer Science
School of Computer Science
College of Computing
Georgia Institute of Technology

Date: Monday, October 21, 2019
Time: 15:00 - 17:00 (EST)
Location: Coda C1003 Adair

Committee:
------------
Dr. Taesoo Kim (Advisor, School of Computer Science, Georgia Institute of Technology)

Dr. Wenke Lee (School of Computer Science, Georgia Institute of Technology)

Dr. Marcus Peinado (Microsoft Research)

Dr. Brendan D. Saltaformaggio (School of Computer Science, Georgia Institute of Technology)

Dr. Michael Steiner (Intel Labs)

Abstract:
-----------

In response to the growing need for securing user data in the cloud, recent Intel processors have supported a new feature, Intel Software Guard Extensions (SGX). SGX allows a program to execute in isolation from the rest of the underlying system. Thus, even after compromising the system, neither cloud providers nor attackers can gain access to data that the program processes. Unfortunately, recent studies have shown that such isolation is bypassable via side-channel attacks (SCAs). In particular, SCAs against SGX are more critical under the extreme assumption (i.e., attackers compromise the system), allowing attackers to infer fine-grained information from an SGX-protected program.

Toward practical defenses against SCAs on SGX, the first part of the thesis presents two mitigation techniques, SGX-Armor and T-SGX, both of which require neither hardware- nor source-code-level modifications and incur moderate runtime overhead to a program. SGX-Armor is a general-purpose defense based on Address Space Layout Randomization (ASLR) that obfuscates the memory layout of the program, preventing attackers from interpreting side-channel information. Unlike traditional ASLR implementations, SGX-Armor incorporates a provably secure algorithm that shuffles memory layout without revealing the information of the layout through any of the known side channels. T-SGX is a novel defense against controlled-channel attacks that exploit page faults as a side-channel. By using Intel Transactional Synchronization Extensions (TSX) as a primitive that suppresses page faults, T-SGX automatically transfers a program into a protected one at compile time.

The second part of the thesis presents Pridwen, a framework that addresses the challenges of combining multiple mitigation techniques such as SGX-Armor and T-SGX, thereby providing a broader scope of protection against SCAs on SGX. Using load-time synthesis, Pridwen adaptively enforces mitigation schemes to a program in distinct cloud environments. The prototype of Pridwen has supported four mitigation schemes that secure SGX programs again various SCAs while minimizing the incurred runtime overhead according to the configuration of the environment.

]]> <![CDATA[]]> 221981 1788 100811