# Page-table-based Attacks

### Introduction

In addition to traditional software attacks, another well-known attack vector against SGX is side channels. The threat model of SGX, which assumes that even privileged software (e.g., an OS and a hypervisor) is untrusted, enables broader and stronger classes of side channels. This section demonstrates one class of side-channel attacks (i.e., page-table-based attacks) that is unique to the SGX settings and our mitigation against the attacks.

### SGX page-table-based attack

This video presents the page-table-based attack, which is also known as the controlled-channel attack. By manipulating the page table and hooking the page fault handler, the attacker is able to observe precise page access patterns.

{% embed url="<https://youtu.be/MCSlgEqNhIA>" %}

### T-SGX

This video shows how T-SGX protect an SGX enclave from page-table-based attacks.

{% embed url="<https://youtu.be/uHt6D-lHl68>" %}

###


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sgx101.gitbook.io/sgx101/sgx-security/page-table-based-attack.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.