Brasser et al., 2019 - Google Patents
DR. SGX: Automated and adjustable side-channel protection for SGX using data location randomizationBrasser et al., 2019
View PDF- Document ID
- 2424677988568405810
- Author
- Brasser F
- Capkun S
- Dmitrienko A
- Frassetto T
- Kostiainen K
- Sadeghi A
- Publication year
- Publication venue
- Proceedings of the 35th Annual Computer Security Applications Conference
External Links
Snippet
Recent research has demonstrated that Intel's SGX is vulnerable to software-based side- channel attacks. In a common attack, the adversary monitors CPU caches to infer secret- dependent data accesses patterns. Known defenses have major limitations, as they require …
- 230000004224 protection 0 title description 18
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Brasser et al. | DR. SGX: Automated and adjustable side-channel protection for SGX using data location randomization | |
| Brasser et al. | DR. SGX: hardening SGX enclaves against cache attacks with data location randomization | |
| Brasser et al. | Software grand exposure:{SGX} cache attacks are practical | |
| Wang et al. | New cache designs for thwarting software cache-based side channel attacks | |
| Guanciale et al. | Cache storage channels: Alias-driven attacks and verified countermeasures | |
| Braden et al. | Leakage-Resilient Layout Randomization for Mobile Devices. | |
| Mohammad et al. | Dyfora: Dynamic firmware obfuscation and remote attestation using hardware signatures | |
| Hossain et al. | Hexon: Protecting firmware using hardware-assisted execution-level obfuscation | |
| Zhang et al. | Klotski: Efficient obfuscated execution against controlled-channel attacks | |
| Karimi et al. | Hardware/software obfuscation against timing side-channel attack on a GPU | |
| Lang et al. | Mole: Mitigation of side-channel attacks against sgx via dynamic data location escape | |
| Dhavlle et al. | Imitating functional operations for mitigating side-channel leakage | |
| Shi et al. | Authentication control point and its implications for secure processor design | |
| Aweke et al. | Øzone: Efficient execution with zero timing leakage for modern microarchitectures | |
| Liu et al. | Cost and Effectiveness of TrustZone Defense and Side-Channel Attack on ARM Platform. | |
| Batina et al. | In hardware we trust: Gains and pains of hardware-assisted security | |
| Kaur et al. | A survey on cache timing channel attacks for multicore processors | |
| Bai et al. | HyperTEE: A Decoupled TEE Architecture with Secure Enclave Management | |
| Chiang et al. | Reload+ Reload: Exploiting Cache and Memory Contention Side Channel on AMD SEV | |
| Biernacki et al. | Sequestered encryption: A hardware technique for comprehensive data privacy | |
| Rogers et al. | Security extensions for integrity and confidentiality in embedded processors | |
| Gaudin et al. | A fine-grained dynamic partitioning against cache-based timing attacks via cache locking | |
| Liu et al. | On the cost-effectiveness of trustzone defense on arm platform | |
| Hu et al. | FaultMorse: An automated controlled-channel attack via longest recurring sequence | |
| Singh et al. | Secure processor architectures |