SGX 101
  • Home
  • SSLab
  • SGX Bootstrap
    • Overview
    • Enclave
      • Communication between Architectural and Application Enclaves
    • Attestation
      • Inter-process Local Attestation
    • Sealing
    • Real-world Example
    • CCS'17 Tutorial
    • Technion'18 Summer School Program
  • SGX Security
    • Memory Corruption
    • Uninitialized Memory
    • Page-table-based Attacks
    • Cache Attacks
    • Branch Shadowing
    • Row Hammer Attacks
    • Speculative Execution Side Channels
  • Other Resources
  • About Us
Powered by GitBook
On this page
  • Introduction
  • SGX page-table-based attack
  • T-SGX

Was this helpful?

  1. SGX Security

Page-table-based Attacks

PreviousUninitialized MemoryNextCache Attacks

Last updated 5 years ago

Was this helpful?

Introduction

In addition to traditional software attacks, another well-known attack vector against SGX is side channels. The threat model of SGX, which assumes that even privileged software (e.g., an OS and a hypervisor) is untrusted, enables broader and stronger classes of side channels. This section demonstrates one class of side-channel attacks (i.e., page-table-based attacks) that is unique to the SGX settings and our mitigation against the attacks.

SGX page-table-based attack

This video presents the page-table-based attack, which is also known as the controlled-channel attack. By manipulating the page table and hooking the page fault handler, the attacker is able to observe precise page access patterns.

T-SGX

This video shows how T-SGX protect an SGX enclave from page-table-based attacks.