Contributed by SSLab

We have been actively working on SGX related research. These research projects can be broadly classified into three different categories: System Design, Defense, and Attack.

System Design

  • OpenSGX: An open-source platform for SGX research that consists of a QEMU-based emulator and a software development kit (SDK)
  • S-NFV: A protection scheme for network function virtualization (NFV) applications that uses SGX to secure the applications' internal states
  • AirBox: A secure design of edge function platforms using SGX for ensuring code integrity and data confidentiality of an edge function
  • SGX-Tor: A design of Tor that enhances the security and privacy of the protocol by utilizing SGX

Defense

  • T-SGX: A compiler-level approach that incorporates Intel TSX to prevent SGX enclaves from controlled-channel attacks
  • SGX-Shield: A software-based design of SGX enclaves that enables fine-grained address space layout randomization (ASLR)

Attack

  • Branch Shadowing: A novel side-channel attack against SGX exploiting branch history states preserved across an SGX mode switch and last branch record (LBR)
  • Dark ROP: A novel blind return-oriented programming (ROP) attack against SGX exploiting uninitialized registers across an enclave exit
  • SGX-Bomb: A rowhammer attack against SGX resulting in processor lockdown, i.e., a cold reboot is necessary to use the machine again
  • SGX-Bleed: A vulnerability that can leak uninitialized SGX memory through structure padding

Publications

  • Leaking Uninitialized Secure Enclave Memory via Structure Padding (Extended Abstract, arXiv.org) [paper]
  • SGX-Bomb: Locking Down the Processor via Rowhammer Attack (SysTEX 2017) [paper]
  • Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing (Security 2017) [paper]
  • Hacking in Darkness: Return-oriented Programming against Secure Enclaves (Security 2017) [paper]
  • Enhancing Security and Privacy of Tor's Ecosystem by using Trusted Execution Environments (NSDI 2017) [paper]
  • SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs (NDSS 2017) [paper]
  • T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs (NDSS 2017) [paper]
  • Fast, Scalable and Secure Onloading of Edge Functions using AirBox (SEC 2016) [paper]
  • S-NFV: Securing NFV states by using SGX (SDNNFVSEC 2016) [paper]
  • OpenSGX: An Open Platform for SGX Research (NDSS 2016) [paper]