Side channel attack

Feng_C_ · ‎08-02-2016

Hi,

I have a question on SGX side channel attack. As far as I know, the last 12 bits (4K) of the program data's address (operant) is hidden to OS. So I just wanna confirm if the OS may detect the page access pattern (using the address bits except the last 12 bits), which may lead side check attack?

Thanks,

Feng

Juan_d_Intel · ‎08-09-2016

Good thinking. Yes, side-channel attacks based on enclave page access patterns are possible. Have a look at this article: Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems by Yuanzhong Xu, Weidong Cui and Marcus Peinado published at the 2015 IEEE Symposium on Security and Privacy.

Feng_C_ · ‎10-14-2016

Hi,

Thank you for your last reply. Besides memory access pattern, can non-enclave program detect register file access pattern?

Best,

Feng