Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization
This addresses a critical security flaw in Intel SGX for protecting sensitive computations, though it is an incremental improvement over prior defenses like Zigzagger.
The paper tackles the vulnerability of Intel SGX to branch-shadowing side-channel attacks by proposing a control flow randomization defense, achieving quantifiable security guarantees with tunable parameters and evaluating it on ten SGX-Nbench programs to measure runtime overhead.
Intel Software Guard Extensions (SGX) is a promising hardware-based technology for protecting sensitive computations from potentially compromised system software. However, recent research has shown that SGX is vulnerable to branch-shadowing -- a side channel attack that leaks the fine-grained (branch granularity) control flow of an enclave (SGX protected code), potentially revealing sensitive data to the attacker. The previously-proposed defense mechanism, called Zigzagger, attempted to hide the control flow, but has been shown to be ineffective if the attacker can single-step through the enclave using the recent SGX-Step framework. Taking into account these stronger attacker capabilities, we propose a new defense against branch-shadowing, based on control flow randomization. Our scheme is inspired by Zigzagger, but provides quantifiable security guarantees with respect to a tunable security parameter. Specifically, we eliminate conditional branches and hide the targets of unconditional branches using a combination of compile-time modifications and run-time code randomization. We evaluated the performance of our approach by measuring the run-time overhead of ten benchmark programs of SGX-Nbench in SGX environment.