DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization

TL;DR

DR.SGX introduces a compiler-based data location randomization technique to protect Intel SGX enclaves from cache side-channel attacks, balancing security and performance without developer intervention.

Contribution

It presents a novel, compiler-driven data randomization method that reorders enclave data to thwart cache-based side-channel attacks, requiring no developer effort.

Findings

Effective in breaking data access correlation

Achieves low overhead with adjustable security parameters

No developer assistance needed

Abstract

Recent research has demonstrated that Intel's SGX is vulnerable to software-based side-channel attacks. In a common attack, the adversary monitors CPU caches to infer secret-dependent data accesses patterns. Known defenses have major limitations, as they require either error-prone developer assistance, incur extremely high runtime overhead, or prevent only specific attacks. In this paper, we propose data location randomization as a novel defense against side-channel attacks that target data access patterns. Our goal is to break the link between the memory observations by the adversary and the actual data accesses by the victim. We design and implement a compiler-based tool called DR.SGX that instruments the enclave code, permuting data locations at fine granularity. To prevent correlation of repeated memory accesses we periodically re-randomize all enclave data. Our solution requires no developer assistance and strikes the balance between side-channel protection and performance based on an adjustable security parameter.