Abstract:Intel SGX is a security solution promising strong and practical security guarantees for trusted computing. However, recent reports demonstrated that such security guarantees of SGX are broken due to access pattern based side-channel attacks, including page fault, cache, branch prediction, and speculative execution. In order to stop these side-channel attackers, Oblivious RAM (ORAM) has gained strong attention from the security community as it provides cryptographically proven protection against access pattern based side-channels. While several proposed systems have successfully applied ORAM to thwart side-channels, those are severely limited in performance and its scalability due to notorious performance issues of ORAM. This paper presents TrustOre, addressing these issues that arise when using ORAM with Intel SGX. TrustOre leverages an external device, FPGA, to implement a trusted storage service within a completed isolated environment secure from side-channel attacks. TrustOre tackles several challenges in achieving such a goal: extending trust from SGX to FPGA without imposing architectural changes, providing a verifiably-secure connection between SGX applications and FPGA, and seamlessly supporting various access operations from SGX applications to FPGA.We implemented TrustOre on the commodity Intel Hybrid CPU-FPGA architecture. Then we evaluated with three state-of-the-art ORAM-based SGX applications, ZeroTrace, Obliviate, and Obfuscuro, as well as an end-to-end key-value store application. According to our evaluation, TrustOre-based applications outperforms ORAM-based original applications ranging from 10x to 43x, while also showing far better scalability than ORAM-based ones. We emphasize that since TrustOre can be deployed as a simple plug-in to SGX machine's PCIe slot, it is readily used to thwart side-channel attacks in SGX, arguably one of the most cryptic and critical security holes today.

TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA

A Survey of Intel SGX and Its Applications.

SGXLock: Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX

The Road to Trust: Building Enclaves within Confidential VMs

SGX-MR: Regulating Dataflows for Protecting Access Patterns of Data-Intensive SGX Applications

The Pyramid Scheme: Oblivious RAM for Trusted Processors

Designing a Provenance Analysis for SGX Enclaves

Efficiently Hardening SGX Enclaves against Memory Access Pattern Attacks via Dynamic Program Partitioning

SGX-LKL: Securing the Host OS Interface for Trusted Execution

Building Your Own Trusted Execution Environments Using FPGA

Trusted IP solution in multi-tenant cloud FPGA platform

SGX-MR-Prot: Efficient and Developer-Friendly Access-Pattern Protection in Trusted Execution Environments

Enjoy the Untrusted Cloud: A Secure, Scalable and Efficient SQL-like Query Framework for Outsourcing Data

Protecting In-memory Data Cache with Secure Enclaves in Untrusted Cloud.

Interface-Based Side Channel Attack Against Intel SGX

Reducing Paging and Exit Overheads in Intel SGX for Oblivious Conjunctive Keyword Search

CacheZoom: How SGX Amplifies The Power of Cache Attacks

Performance Principles for Trusted Computing with Intel SGX

Detecting and Mitigating Cache Side Channel Threats on Intel SGX

Analyzing the Vulnerabilities of External SDRAM on System-on-Chip Field Programmable Gate Array Devices