Minefield: A Software-only Protection for SGX Enclaves against DVFS Attacks

Andreas Kogler, Daniel Gruss, Michael Schwarz

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

Modern CPUs adapt clock frequencies and voltage levels to workloads to reduce energy consumption and heat dissipation. This mechanism, dynamic voltage and frequency scaling (DVFS), is controlled from privileged software but affects all execution modes, including SGX. Prior work showed that manipulating voltage or frequency can fault instructions and thereby subvert SGX enclaves. Consequently, Intel disabled the overclocking mailbox (OCM) required for software undervolting, also preventing benign use for energy saving.

In this paper, we propose Minefield, the first software-level defense against DVFS attacks. The idea of Minefield is not to prevent DVFS faults but to deflect faults to trap instructions and handle them before they lead to harmful behavior. As groundwork for Minefield, we systematically analyze DVFS attacks and observe a timing gap of at least 57.8 us between every OCM transition, leading to random faults over at least 57000 cycles. Minefield places highly fault-susceptible trap instructions in the victim code during compilation. Like redundancy countermeasures, Minefield is scalable and enables enclave developers to choose a security parameter between 0% and almost 100%, yielding a fine-grained security-performance trade-off. Our evaluation shows a density of 0.75, i.e., one trap after every 1-2 instruction, mitigates all known DVFS attacks in 99% on Intel SGX, incurring an overhead of 148.4% on protected enclaves. However, Minefield has no performance effect on the remaining system. Thus, Minefield is a better solution than hardware- or microcode-based patches disabling the OCM interface.
Originalspracheenglisch
TitelConference Proceedings 31st USENIX Security Symposium
Seiten4147-4164
ISBN (elektronisch)978-1-939133-31-1
PublikationsstatusVeröffentlicht - 2022
Veranstaltung31st USENIX Security Symposium: USENIX Security 2022 - Boston, USA / Vereinigte Staaten
Dauer: 10 Aug. 202212 Aug. 2022
Konferenznummer: 31

Konferenz

Konferenz31st USENIX Security Symposium
KurztitelUSENIX '22
Land/GebietUSA / Vereinigte Staaten
OrtBoston
Zeitraum10/08/2212/08/22

Fingerprint

Untersuchen Sie die Forschungsthemen von „Minefield: A Software-only Protection for SGX Enclaves against DVFS Attacks“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren