I have a question on SGX side channel attack. As far as I know, the last 12 bits (4K) of the program data's address (operant) is hidden to OS. So I just wanna confirm if the OS may detect the page access pattern (using the address bits except the last 12 bits), which may lead side check attack?
Good thinking. Yes, side-channel attacks based on enclave page access patterns are possible. Have a look at this article: Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems by Yuanzhong Xu, Weidong Cui and Marcus Peinado published at the 2015 IEEE Symposium on Security and Privacy.