DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization

Recent research has demonstrated that Intel's SGX is vulnerable to various software-based side-channel attacks. In particular, attacks that monitor CPU caches shared between the victim enclave and untrusted software enable accurate leakage of secret enclave data. Known defenses assume developer assistance, require hardware changes, impose high overhead, or prevent only some of the known attacks. In this paper we propose data location randomization as a novel defensive approach to address the threat of side-channel attacks. Our main goal is to break the link between the cache observations by the privileged adversary and the actual data accesses by the victim. We design and implement a compiler-based tool called DR.SGX that instruments enclave code such that data locations are permuted at the granularity of cache lines. We realize the permutation with the CPU's cryptographic hardware-acceleration units providing secure randomization. To prevent correlation of repeated memory accesses we continuously re-randomize all enclave data during execution. Our solution effectively protects many (but not all) enclaves from cache attacks and provides a complementary enclave hardening technique that is especially useful against unpredictable information leakage

Probability Based Logic Locking on Integrated Circuits

The demand of integrated circuits (IC)s are increasing and the industry has outsourced the fabrication process to untrusted environments. An adversary at these untrusted facilities can reverse engineer parts of the IC to reveal the original design. IC piracy and overproduction are serious issues that threaten the security and integrity of a system. These ICs can be copied illegally and altered to contain malicious hardware. The pirated ICs can be placed in consumer products which may harm the system or leak sensitive information. Hardware obfuscation is a technique used to protect the original design before it gets fabricated, tested, assembled, and packaged. Hardware obfuscation intends to hide or alter the original design of a circuit to prevent attackers from determining the true design. Logic locking is a type of hardware obfuscation technique where additional key gates are inserted into the circuit. Only the correct key can unlock the functionality of that circuit otherwise the system produces the wrong output. In an effort to hinder these threats on ICs, we have developed a probability-based logic locking technique to protect the design of a circuit. Our proposed technique called ProbLock can be applied to combinational and sequential circuits through a critical selection process. We used a filtering process to select the best location of key gates based on various constraints. The main constraint is based on gate probabilities in the circuit. Each step in the filtering process generates a subset of nodes for each constraint. We also integrated an anti-SAT technique into ProbLock to enhance the security against a specific boolean satisfiability (SAT) attack. We analyzed the correlation between each constraint and adjusted the strength of the constraints before inserting key gates. We adjusted an optimized ProbLock to have a small overhead but high security metric against SAT attacks. We have tested our algorithm on 40 benchmarks from the ISCAS ’85 and ISCAS ’89 suite. ProbLock is evaluated using a SAT attack on the benchmark and measuring how well the attack performs on the locked circuit. Finally, we compared ProbLock to other logic locking techniques and discussed future steps for this project