POSTER: On the Feasibility of Inferring SGX Execution through PMU

Woomin Lee; Taehun Kim; Youngjoo Shin

doi:10.1145/3634737.3659434

POSTER: On the Feasibility of Inferring SGX Execution through PMU

Woomin Lee
, Taehun Kim
, Youngjoo Shin

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

Intel SGX is a power technology designed to establish a trusted execution environment on processors. Despite its promising features, there are various potential attack surfaces like the Performance Monitoring Unit (PMU) that could be exploited to extract security-sensitive data from SGX enclaves. To address this security threat, Intel has introduced anti side-channel interface (ASCI) that disables the PMU when an SGX enclave is running. However, little attention has been paid to performing the security evaluation of the ASCI feature, leaving the possibility of reviving such an attack. In this paper, we study if Intel’s ASCI feature truly hides the internal execution state of SGX enclaves from the PMU to completely eliminate PMU-driven attack surfaces. To achieve this, we design a novel framework that investigates the effect of the running enclave on all possible performance monitoring events. The key idea of our framework is to (i) analyze the linearity between the number of instructions executed within an enclave and the corresponding measured events and (ii) perform single-stepping and zero-stepping attacks with performance monitoring events. Our security evaluation demonstrates that SGX enclave does not leave any footprint on PMUs, except for opt-in (i.e., debug) enclave where a hardware-based protection mechanism is not supported.

Original language	English
Title of host publication	ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security
Publisher	Association for Computing Machinery, Inc
Pages	1952-1954
Number of pages	3
ISBN (Electronic)	9798400704826
DOIs	https://doi.org/10.1145/3634737.3659434
Publication status	Published - 2024 Jul 1
Event	19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024 - Singapore, Singapore Duration: 2024 Jul 1 → 2024 Jul 5

Publication series

Name	ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

Conference

Conference	19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024
Country/Territory	Singapore
City	Singapore
Period	24/7/1 → 24/7/5

Bibliographical note

Publisher Copyright:
© 2024 Copyright held by the owner/author(s).

Keywords

Intel SGX
Performance monitoring event
Side-channel attack

ASJC Scopus subject areas

Computational Theory and Mathematics
Computer Networks and Communications
Computer Science Applications

Access to Document

10.1145/3634737.3659434

Cite this

Lee, W., Kim, T., & Shin, Y. (2024). POSTER: On the Feasibility of Inferring SGX Execution through PMU. In ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (pp. 1952-1954). (ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/3634737.3659434

POSTER: On the Feasibility of Inferring SGX Execution through PMU. / Lee, Woomin; Kim, Taehun; Shin, Youngjoo.
ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2024. p. 1952-1954 (ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, W, Kim, T & Shin, Y 2024, POSTER: On the Feasibility of Inferring SGX Execution through PMU. in ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security. ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, Association for Computing Machinery, Inc, pp. 1952-1954, 19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024, Singapore, Singapore, 24/7/1. https://doi.org/10.1145/3634737.3659434

Lee W, Kim T, Shin Y. POSTER: On the Feasibility of Inferring SGX Execution through PMU. In ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2024. p. 1952-1954. (ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security). doi: 10.1145/3634737.3659434

Lee, Woomin ; Kim, Taehun ; Shin, Youngjoo. / POSTER : On the Feasibility of Inferring SGX Execution through PMU. ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2024. pp. 1952-1954 (ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security).

@inproceedings{af1e0dc2b3c54a90865313ac4c7ac617,

title = "POSTER: On the Feasibility of Inferring SGX Execution through PMU",

abstract = "Intel SGX is a power technology designed to establish a trusted execution environment on processors. Despite its promising features, there are various potential attack surfaces like the Performance Monitoring Unit (PMU) that could be exploited to extract security-sensitive data from SGX enclaves. To address this security threat, Intel has introduced anti side-channel interface (ASCI) that disables the PMU when an SGX enclave is running. However, little attention has been paid to performing the security evaluation of the ASCI feature, leaving the possibility of reviving such an attack. In this paper, we study if Intel{\textquoteright}s ASCI feature truly hides the internal execution state of SGX enclaves from the PMU to completely eliminate PMU-driven attack surfaces. To achieve this, we design a novel framework that investigates the effect of the running enclave on all possible performance monitoring events. The key idea of our framework is to (i) analyze the linearity between the number of instructions executed within an enclave and the corresponding measured events and (ii) perform single-stepping and zero-stepping attacks with performance monitoring events. Our security evaluation demonstrates that SGX enclave does not leave any footprint on PMUs, except for opt-in (i.e., debug) enclave where a hardware-based protection mechanism is not supported.",

keywords = "Intel SGX, Performance monitoring event, Side-channel attack",

author = "Woomin Lee and Taehun Kim and Youngjoo Shin",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s).; 19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024 ; Conference date: 01-07-2024 Through 05-07-2024",

year = "2024",

month = jul,

day = "1",

doi = "10.1145/3634737.3659434",

language = "English",

series = "ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

pages = "1952--1954",

booktitle = "ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security",

}

TY - GEN

T1 - POSTER

T2 - 19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024

AU - Lee, Woomin

AU - Kim, Taehun

AU - Shin, Youngjoo

PY - 2024/7/1

Y1 - 2024/7/1

N2 - Intel SGX is a power technology designed to establish a trusted execution environment on processors. Despite its promising features, there are various potential attack surfaces like the Performance Monitoring Unit (PMU) that could be exploited to extract security-sensitive data from SGX enclaves. To address this security threat, Intel has introduced anti side-channel interface (ASCI) that disables the PMU when an SGX enclave is running. However, little attention has been paid to performing the security evaluation of the ASCI feature, leaving the possibility of reviving such an attack. In this paper, we study if Intel’s ASCI feature truly hides the internal execution state of SGX enclaves from the PMU to completely eliminate PMU-driven attack surfaces. To achieve this, we design a novel framework that investigates the effect of the running enclave on all possible performance monitoring events. The key idea of our framework is to (i) analyze the linearity between the number of instructions executed within an enclave and the corresponding measured events and (ii) perform single-stepping and zero-stepping attacks with performance monitoring events. Our security evaluation demonstrates that SGX enclave does not leave any footprint on PMUs, except for opt-in (i.e., debug) enclave where a hardware-based protection mechanism is not supported.

AB - Intel SGX is a power technology designed to establish a trusted execution environment on processors. Despite its promising features, there are various potential attack surfaces like the Performance Monitoring Unit (PMU) that could be exploited to extract security-sensitive data from SGX enclaves. To address this security threat, Intel has introduced anti side-channel interface (ASCI) that disables the PMU when an SGX enclave is running. However, little attention has been paid to performing the security evaluation of the ASCI feature, leaving the possibility of reviving such an attack. In this paper, we study if Intel’s ASCI feature truly hides the internal execution state of SGX enclaves from the PMU to completely eliminate PMU-driven attack surfaces. To achieve this, we design a novel framework that investigates the effect of the running enclave on all possible performance monitoring events. The key idea of our framework is to (i) analyze the linearity between the number of instructions executed within an enclave and the corresponding measured events and (ii) perform single-stepping and zero-stepping attacks with performance monitoring events. Our security evaluation demonstrates that SGX enclave does not leave any footprint on PMUs, except for opt-in (i.e., debug) enclave where a hardware-based protection mechanism is not supported.

KW - Intel SGX

KW - Performance monitoring event

KW - Side-channel attack

UR - https://www.scopus.com/pages/publications/85199285423

U2 - 10.1145/3634737.3659434

DO - 10.1145/3634737.3659434

M3 - Conference contribution

AN - SCOPUS:85199285423

T3 - ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

SP - 1952

EP - 1954

BT - ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

Y2 - 1 July 2024 through 5 July 2024

ER -

POSTER: On the Feasibility of Inferring SGX Execution through PMU

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this