查看文章

Trusted execution environments like Intel SGX allow developers to protect sensitive code in so-called enclaves. These enclaves protect their code and data even in the cases of a compromised OS. However, such enclaves have also been shown to be vulnerable to numerous side-channel attacks. In this paper we propose an idea of self-monitoring enclaves and investigate the viability of using performance counters to detect a side-channel attacks against Intel SGX, specifically the Load Value Injection (LVI) class of attacks. We characterize the footprint of three LVI attack variants and design a prototype detection mechanism. The results show that certain attack variants could be reliably detected using this approach without false positives for a range of benign applications. The results also demonstrate reasonable levels of speed and overhead for the detection mechanism. Finally, we list four requirements for making …