SGXL: Security and Performance for Enclaves Using Large Pages

1Citations
Citations of this article
19Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Intel's SGX architecture offers clients of public cloud computing platforms the ability to create hardware-protected enclaves whose contents are protected from privileged system software. However, SGX relies on system software for enclave memory management. In a sequence of recent papers, researchers have demonstrated that this reliance allows a malicious OS/hypervisor to snoop on the page addresses being accessed from within an enclave via various channels. This page address stream can then be used to infer secrets if the enclave's page access pattern depends upon the secret and this constitutes an important class of side-channels. We propose SGXL, a hardware-software co-designed system that significantly increases the difficulty of any page address-based side-channels through the use of large pages. A large page maps address ranges at a much larger granularity than the default page size (at least 512× larger). SGXL thus significantly lowers resolution of the leaked page address stream and could practically throttle all flavors of page-address based side-channels. We detail the modifications needed to SGX's software stack and the (minor) hardware enhancements required for SGXL to guarantee the use of large pages in the presence of adversarial system software. We empirically show that SGXL could be one of those rare systems that enhances security with the potential of improving performance as well.

Cite

CITATION STYLE

APA

Yadalam, S., Ganapathy, V., & Basu, A. (2021). SGXL: Security and Performance for Enclaves Using Large Pages. ACM Transactions on Architecture and Code Optimization, 18(1). https://doi.org/10.1145/3433983

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free