Strongly Secure and Efficient Data Shuffle On Hardware Enclaves
This addresses security vulnerabilities in hardware enclaves for systems requiring data privacy, though it is incremental as it builds on known techniques like Melbourne shuffle.
The paper tackles the problem of mitigating memory-access attacks on Intel SGX by achieving cache-miss obliviousness for data shuffling, resulting in superior performance and lower transaction abort rates compared to existing work.
Mitigating memory-access attacks on the Intel SGX architecture is an important and open research problem. A natural notion of the mitigation is cache-miss obliviousness which requires the cache-misses emitted during an enclave execution are oblivious to sensitive data. This work realizes the cache-miss obliviousness for the computation of data shuffling. The proposed approach is to software-engineer the oblivious algorithm of Melbourne shuffle on the Intel SGX/TSX architecture, where the Transaction Synchronization eXtension (TSX) is (ab)used to detect the occurrence of cache misses. In the system building, we propose software techniques to prefetch memory data prior to the TSX transaction to defend the physical bus-tapping attacks. Our evaluation based on real implementation shows that our system achieves superior performance and lower transaction abort rate than the related work in the existing literature.