Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGX

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

Load Value Injection (LVI) uses Meltdown-type data flows in Spectre-like confused-deputy attacks. LVI has been demonstrated in practical attacks on Intel SGX enclaves, and consequently, mitigations were deployed that incur tremendous overheads of factor 2 to 19. However, as we discover, on fixed hardware LVI-NULL leakage is still present. Hence, to mitigate LVI-NULL in SGX enclaves on LVI-fixed CPUs, the expensive mitigations would still be necessary.
In this paper, we propose a lightweight mitigation focused on LVI-NULL in SGX, LVI-NULLify. We systematically analyze and categorize LVI-NULL variants. Our analysis reveals that previously proposed mitigations targeting LVI-NULL are not effective. Our novel mitigation addresses this problem by repurposing segmentation, a fast legacy hardware mechanism that x86 already uses for every memory operation. LVI-NULLify consists of a modified SGX-SDK and a compiler extension which put the enclave in control of LVI-NULL-exploitable memory locations. We evaluate LVI-NULLify on the LVI-fixed Comet Lake CPU and observe a performance overhead below 10% for the worst case, which is substantially lower than previous defenses with a prohibitive overhead of 1220% in the worst case. We conclude that LVI-NULLify is a practical solution to protect SGX enclaves against LVI-NULL today.
Original languageEnglish
Title of host publication31th USENIX Security Symposium (USENIX Security 22)
Number of pages17
Publication statusPublished - 10 Aug 2022
Event31st USENIX Security Symposium: USENIX Security '22 - Boston, United States
Duration: 10 Aug 202212 Aug 2022
Conference number: 31

Conference

Conference31st USENIX Security Symposium
Abbreviated titleUSENIX '22
Country/TerritoryUnited States
CityBoston
Period10/08/2212/08/22

Keywords

  • security
  • side channel
  • cache attacks
  • transient execution

Fingerprint

Dive into the research topics of 'Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGX'. Together they form a unique fingerprint.

Cite this