No Forking Way: Detecting Cloning Attacks on Intel SGX Applications

TL;DR

This paper introduces CloneBuster, a practical clone detection method for Intel SGX that detects cloning attacks without needing a trusted third party, enhancing security for SGX applications.

Contribution

CloneBuster is the first clone detection mechanism for SGX that operates without a TTP, enabling existing applications to be protected against cloning attacks.

Findings

Approximately 20% of analyzed SGX apps are vulnerable to cloning.

CloneBuster effectively detects clones using a cache-based covert channel.

The mechanism adds minimal performance overhead and a small TCB increase.

Abstract

Forking attacks against TEEs like Intel SGX can be carried out either by rolling back the application to a previous state, or by cloning the application and by partitioning its inputs across the cloned instances. Current solutions to forking attacks require Trusted Third Parties (TTP) that are hard to find in real-world deployments. In the absence of a TTP, many TEE applications rely on monotonic counters to mitigate forking attacks based on rollbacks; however, they have no protection mechanism against forking attack based on cloning. In this paper, we analyze 72 SGX applications and show that approximately 20% of those are vulnerable to forking attacks based on cloning - including those that rely on monotonic counters. To address this problem, we present CloneBuster, the first practical clone-detection mechanism for Intel SGX that does not rely on a TTP and, as such, can be used directly to protect existing applications. CloneBuster allows enclaves to (self-) detect whether another enclave with the same binary is running on the same platform. To do so, CloneBuster relies on a cache-based covert channel for enclaves to signal their presence to (and detect the presence of) clones on the same machine. We show that CloneBuster is robust despite a malicious OS, only incurs a marginal impact on the application performance, and adds approximately 800 LoC to the TCB. When used in conjunction with monotonic counters, CloneBuster allows applications to benefit from a comprehensive protection against forking attacks.