ShieldMMU: Detecting and Defending against Controlled-Channel Attacks in Shielding Memory System
By: Gang Liu, Ningjie Li, Cen Chen
Potential Business Impact:
Shields computer secrets from sneaky software attacks.
Intel SGX and hypervisors isolate non-privileged programs from other software, ensuring confidentiality and integrity. However, side-channel attacks continue to threaten Intel SGX's security, enabling malicious OS to manipulate PTE present bits, induce page faults, and steal memory access traces. Despite extensive research, existing defenses focus on detection or rely on impractical solutions. This paper presents ShieldMMU, a comprehensive solution for mitigating controlled channel attacks, balancing compatibility, performance, and usability. Leveraging a Merkle Tree-inspired Defense Tree (DD-Tree), ShieldMMU protects PTE integrity by detecting, locating, and restoring attacked PTEs. It identifies MMU page table lookup events and side-channel attacks, promptly restoring PTE parameters to prevent page fault traps and ensure secure non-privileged application operation within SGX. Our experiments confirm ShieldMMU's enhanced security and acceptable latency performance.
Similar Papers
Adaptive and Efficient Dynamic Memory Management for Hardware Enclaves
Operating Systems
Makes secure computer programs run faster.
IOMMU Support for Virtual-Address Remote DMA in an ARMv8 environment
Distributed, Parallel, and Cluster Computing
Lets many computers share information faster.
IOMMU Support for Virtual-Address Remote DMA in an ARMv8 environment
Distributed, Parallel, and Cluster Computing
Makes many computers share memory correctly.