Scope of SGX Security Issues covered by Gramine
20 views
Skip to first unread message
Leonie Reichert
Apr 4, 2022, 10:12:42 AM4/4/22
to us...@gramineproject.io
Hello,
I am currently working on an application for SGX using Gramine.
For the security analysis I am trying to figure out which known attacks
to SGX are applicable and which ones are covered by Intel or by using
Gramine.
A survey by Nilsson et al. [1] from 2020 discusses a set of attack
vectors which are not stopped by Intel as they expect the developer to
take care of those issues (see section IV. C or see list below).
I am now wondering if Gramine defends against such attacks? Or are they
defined as out of scope for Gramine? Do developers themselves have to
find a way to protect against each of these attacks? Or is there an
established way of applying the defense strategies on top of one another?
Studying published materials on the Gramine website, the mailing list
and the Gramine/Graphene documentation did not make it clear to me which
precautions have to be taken.
The attacks and defenses in question are
* Defenses against branch shadowing attack e.g. by Lee et al. or
Hosseinzadeh et al.
* Protection against interrupts from malicious OS for controlled
channel attacks, such as
- T-SGX by Shih et al.
- Deja Vu by Chen et al.
- Heisenberg Defense by Strackx et al.
- SGX-LAPD by Fu et al. (for systems without TSX)
* Address space layout randomization inside the enclave (e.g. SGX Shield
[2])
For most of these defenses the authors of the respective papers
developed a modified compiler which solved the issue.
I was directed from the Github project to the mailing list, so hopefully
this is now the correct place to ask these questions.
Thank you for your help.
Sincerely,
Leonie Reichert
[1] https://arxiv.org/abs/2006.13598
[2] https://github.com/jaebaek/SGX-Shield
--
Leonie Reichert, M.Sc.
Lehrstuhl für Technische Informatik
Institut für Informatik
Humboldt-Universität zu Berlin
I am currently working on an application for SGX using Gramine.
For the security analysis I am trying to figure out which known attacks
to SGX are applicable and which ones are covered by Intel or by using
Gramine.
A survey by Nilsson et al. [1] from 2020 discusses a set of attack
vectors which are not stopped by Intel as they expect the developer to
take care of those issues (see section IV. C or see list below).
I am now wondering if Gramine defends against such attacks? Or are they
defined as out of scope for Gramine? Do developers themselves have to
find a way to protect against each of these attacks? Or is there an
established way of applying the defense strategies on top of one another?
Studying published materials on the Gramine website, the mailing list
and the Gramine/Graphene documentation did not make it clear to me which
precautions have to be taken.
The attacks and defenses in question are
* Defenses against branch shadowing attack e.g. by Lee et al. or
Hosseinzadeh et al.
* Protection against interrupts from malicious OS for controlled
channel attacks, such as
- T-SGX by Shih et al.
- Deja Vu by Chen et al.
- Heisenberg Defense by Strackx et al.
- SGX-LAPD by Fu et al. (for systems without TSX)
* Address space layout randomization inside the enclave (e.g. SGX Shield
[2])
For most of these defenses the authors of the respective papers
developed a modified compiler which solved the issue.
I was directed from the Github project to the mailing list, so hopefully
this is now the correct place to ask these questions.
Thank you for your help.
Sincerely,
Leonie Reichert
[1] https://arxiv.org/abs/2006.13598
[2] https://github.com/jaebaek/SGX-Shield
--
Leonie Reichert, M.Sc.
Lehrstuhl für Technische Informatik
Institut für Informatik
Humboldt-Universität zu Berlin
Reply all
Reply to author
Forward
0 new messages