English

Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization

Cryptography and Security 2018-10-04 v1

Abstract

Intel Software Guard Extensions (SGX) is a promising hardware-based technology for protecting sensitive computations from potentially compromised system software. However, recent research has shown that SGX is vulnerable to branch-shadowing -- a side channel attack that leaks the fine-grained (branch granularity) control flow of an enclave (SGX protected code), potentially revealing sensitive data to the attacker. The previously-proposed defense mechanism, called Zigzagger, attempted to hide the control flow, but has been shown to be ineffective if the attacker can single-step through the enclave using the recent SGX-Step framework. Taking into account these stronger attacker capabilities, we propose a new defense against branch-shadowing, based on control flow randomization. Our scheme is inspired by Zigzagger, but provides quantifiable security guarantees with respect to a tunable security parameter. Specifically, we eliminate conditional branches and hide the targets of unconditional branches using a combination of compile-time modifications and run-time code randomization. We evaluated the performance of our approach by measuring the run-time overhead of ten benchmark programs of SGX-Nbench in SGX environment.

Keywords

Cite

@article{arxiv.1808.06478,
  title  = {Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization},
  author = {Shohreh Hosseinzadeh and Hans Liljestrand and Ville Leppänen and Andrew Paverd},
  journal= {arXiv preprint arXiv:1808.06478},
  year   = {2018}
}
R2 v1 2026-06-23T03:38:25.073Z