English

Malware Guard Extension: Using SGX to Conceal Cache Attacks

Cryptography and Security 2019-05-23 v3

Abstract

In modern computer systems, user processes are isolated from each other by the operating system and the hardware. Additionally, in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine. However, the hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel SGX provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers. In this paper, we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves. Our attack is the first malware running on real SGX hardware, abusing SGX protection features to conceal itself. Furthermore, we demonstrate our attack both in a native environment and across multiple Docker containers. We perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication primitive. The attack works although in SGX enclaves there are no timers, no large pages, no physical addresses, and no shared memory. In a semi-synchronous attack, we extract 96% of an RSA private key from a single trace. We extract the full RSA private key in an automated attack from 11 traces within 5 minutes.

Keywords

Cite

@article{arxiv.1702.08719,
  title  = {Malware Guard Extension: Using SGX to Conceal Cache Attacks},
  author = {Michael Schwarz and Samuel Weiser and Daniel Gruss and Clémentine Maurice and Stefan Mangard},
  journal= {arXiv preprint arXiv:1702.08719},
  year   = {2019}
}

Comments

Extended version of DIMVA 2017 submission

R2 v1 2026-06-22T18:30:39.191Z