Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization

Intel Software Guard Extensions (SGX) is a promising hardware-based technology for protecting sensitive computations from potentially compromised system software. However, recent research has shown that SGX is vulnerable to branch-shadowing -- a side channel attack that leaks the fine-grained (branch granularity) control flow of an enclave (SGX protected code), potentially revealing sensitive data to the attacker. The previously-proposed defense mechanism, called Zigzagger, attempted to hide the control flow, but has been shown to be ineffective if the attacker can single-step through the enclave using the recent SGX-Step framework. Taking into account these stronger attacker capabilities, we propose a new defense against branch-shadowing, based on control flow randomization. Our scheme is inspired by Zigzagger, but provides quantifiable security guarantees with respect to a tunable security parameter. Specifically, we eliminate conditional branches and hide the targets of unconditional branches using a combination of compile-time modifications and run-time code randomization. We evaluated the performance of our approach by measuring the run-time overhead of ten benchmark programs of SGX-Nbench in SGX environment

Routing efficiency in wireless sensor-actor networks considering semi-automated architecture

Wireless networks have become increasingly popular and advances in wireless communications and electronics have enabled the development of different kind of networks such as Mobile Ad-hoc Networks (MANETs), Wireless Sensor Networks (WSNs) and Wireless Sensor-Actor Networks (WSANs). These networks have different kind of characteristics, therefore new protocols that fit their features should be developed. We have developed a simulation system to test MANETs, WSNs and WSANs. In this paper, we consider the performance behavior of two protocols: AODV and DSR using TwoRayGround model and Shadowing model for lattice and random topologies. We study the routing efficiency and compare the performance of two protocols for different scenarios. By computer simulations, we found that for large number of nodes when we used TwoRayGround model and random topology, the DSR protocol has a better performance. However, when the transmission rate is higher, the routing efficiency parameter is unstable.Peer ReviewedPostprint (published version

DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization

Recent research has demonstrated that Intel's SGX is vulnerable to various software-based side-channel attacks. In particular, attacks that monitor CPU caches shared between the victim enclave and untrusted software enable accurate leakage of secret enclave data. Known defenses assume developer assistance, require hardware changes, impose high overhead, or prevent only some of the known attacks. In this paper we propose data location randomization as a novel defensive approach to address the threat of side-channel attacks. Our main goal is to break the link between the cache observations by the privileged adversary and the actual data accesses by the victim. We design and implement a compiler-based tool called DR.SGX that instruments enclave code such that data locations are permuted at the granularity of cache lines. We realize the permutation with the CPU's cryptographic hardware-acceleration units providing secure randomization. To prevent correlation of repeated memory accesses we continuously re-randomize all enclave data during execution. Our solution effectively protects many (but not all) enclaves from cache attacks and provides a complementary enclave hardening technique that is especially useful against unpredictable information leakage

Secure Virtualization and Multicore Platforms State-of-the-Art report

SVaM