SGX 101
  • Home
  • SSLab
  • SGX Bootstrap
    • Overview
    • Enclave
      • Communication between Architectural and Application Enclaves
    • Attestation
      • Inter-process Local Attestation
    • Sealing
    • Real-world Example
    • CCS'17 Tutorial
    • Technion'18 Summer School Program
  • SGX Security
    • Memory Corruption
    • Uninitialized Memory
    • Page-table-based Attacks
    • Cache Attacks
    • Branch Shadowing
    • Row Hammer Attacks
    • Speculative Execution Side Channels
  • Other Resources
  • About Us
Powered by GitBook
On this page
  • System Design
  • Defense
  • Attack
  • Publications

Was this helpful?

SSLab

PreviousHomeNextSGX Bootstrap

Last updated 5 years ago

Was this helpful?

SSLab represents the from Georgia Institute of Technology led by .

We have been actively working on SGX related research. These research projects can be broadly classified into three different categories: System Design, Defense, and Attack.

System Design

  • : An open-source platform for SGX research that consists of a QEMU-based emulator and a software development kit (SDK)

  • S-NFV: A protection scheme for network function virtualization (NFV) applications that uses SGX to secure the applications' internal states

  • AirBox: A secure design of edge function platforms using SGX for ensuring code integrity and data confidentiality of an edge function

  • : A design of Tor that enhances the security and privacy of the protocol by utilizing SGX

Defense

  • : A compiler-level approach that incorporates Intel TSX to prevent SGX enclaves from controlled-channel attacks

  • : A software-based design of SGX enclaves that enables fine-grained address space layout randomization (ASLR)

Attack

  • Branch Shadowing: A novel side-channel attack against SGX exploiting branch history states preserved across an SGX mode switch and last branch record (LBR)

  • Dark ROP: A novel blind return-oriented programming (ROP) attack against SGX exploiting uninitialized registers across an enclave exit

  • SGX-Bomb: A rowhammer attack against SGX resulting in processor lockdown, i.e., a cold reboot is necessary to use the machine again

  • SGX-Bleed: A vulnerability that can leak uninitialized SGX memory through structure padding

Publications

Leaking Uninitialized Secure Enclave Memory via Structure Padding (Extended Abstract, arXiv.org)

SGX-Bomb: Locking Down the Processor via Rowhammer Attack (SysTEX 2017)

Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing (Security 2017)

Hacking in Darkness: Return-oriented Programming against Secure Enclaves (Security 2017)

Enhancing Security and Privacy of Tor's Ecosystem by using Trusted Execution Environments (NSDI 2017)

SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs (NDSS 2017)

T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs (NDSS 2017)

Fast, Scalable and Secure Onloading of Edge Functions using AirBox (SEC 2016)

S-NFV: Securing NFV states by using SGX (SDNNFVSEC 2016)

OpenSGX: An Open Platform for SGX Research (NDSS 2016)

Systems Software & Security Lab
Prof. Taesoo Kim
OpenSGX
SGX-Tor
T-SGX
SGX-Shield
[pdf]
[pdf]
[pdf]
[pdf]
[pdf]
[pdf]
[pdf]
[pdf]
[pdf]
[pdf]