2018 IEEE Symposium on Security and Privacy (SP) (2018)
San Francisco, CA, US
May 21, 2018 to May 23, 2018
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.2018.00024
Guoxing Chen , The Ohio State University
Wenhao Wang , Indiana University Bloomington & SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences
Tianyu Chen , Indiana University Bloomington
Sanchuan Chen , The Ohio State University
Yinqian Zhang , The Ohio State University
XiaoFeng Wang , Indiana University Bloomington
Ten-Hwang Lai , The Ohio State University
Dongdai Lin , SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences
In this paper, we present HYPERRACE, an LLVM-based tool for instrumenting SGX enclave programs to eradicate all side-channel threats due to Hyper-Threading. HYPERRACE creates a shadow thread for each enclave thread and asks the underlying untrusted operating system to schedule both threads on the same physical core whenever enclave code is invoked, so that Hyper-Threading side channels are closed completely. Without placing additional trust in the operating system's CPU scheduler, HYPERRACE conducts a physical-core co-location test: it first constructs a communication channel between the threads using a shared variable inside the enclave and then measures the communication speed to verify that the communication indeed takes place in the shared L1 data cache-a strong indicator of physical-core co-location. The key novelty of the work is the measurement of communication speed without a trustworthy clock; instead, relative time measurements are taken via contrived data races on the shared variable. It is worth noting that the emphasis of HYPERRACE's defense against Hyper-Threading side channels is because they are open research problems. In fact, HYPERRACE also detects the occurrence of exception- or interrupt-based side channels, the solutions of which have been studied by several prior works.
Hyper-Threading, SGX, HYPERRACE, side-channels
G. Chen et al., "Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races," 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, US, , pp. 388-404.