Strongly Secure and Efficient Data Shuffle On Hardware Enclaves

TL;DR

This paper presents a novel approach to achieve cache-miss obliviousness for data shuffling on Intel SGX by leveraging TSX, improving security against memory-access attacks with better performance.

Contribution

It introduces a software-engineered oblivious algorithm using TSX for secure data shuffling on SGX, with techniques to defend against bus-tapping and improved efficiency.

Findings

Achieves cache-miss obliviousness for data shuffling on SGX.

Uses TSX to detect cache misses and prefetch data to prevent attacks.

Outperforms existing methods in performance and transaction abort rate.

Abstract

Mitigating memory-access attacks on the Intel SGX architecture is an important and open research problem. A natural notion of the mitigation is cache-miss obliviousness which requires the cache-misses emitted during an enclave execution are oblivious to sensitive data. This work realizes the cache-miss obliviousness for the computation of data shuffling. The proposed approach is to software-engineer the oblivious algorithm of Melbourne shuffle on the Intel SGX/TSX architecture, where the Transaction Synchronization eXtension (TSX) is (ab)used to detect the occurrence of cache misses. In the system building, we propose software techniques to prefetch memory data prior to the TSX transaction to defend the physical bus-tapping attacks. Our evaluation based on real implementation shows that our system achieves superior performance and lower transaction abort rate than the related work in the existing literature.