Composable Cachelets: Protecting Enclaves from Cache Side-Channel Attacks

Daniel Townley; Kerem Arikan; Yu David Liu; Dmitry Ponomarev; Oguz Ergin

Composable Cachelets: Protecting Enclaves from Cache Side-Channel Attacks

Daniel Townley
, Kerem Arikan
, Yu David Liu
, Dmitry Ponomarev
, Oguz Ergin

School of Computing

Binghamton University

Peraton Labs
State University of New York Binghamton University
TOBB University of Economics and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

25 Scopus citations

Abstract

The security of isolated execution architectures such as Intel SGX has been significantly threatened by the recent emergence of side-channel attacks. Cache side-channel attacks allow adversaries to leak secrets stored inside isolated enclaves without having direct access to the enclave memory. In some cases, secrets can be leaked even without having the knowledge of the victim application code or having OS-level privileges. We propose the concept of Composable Cachelets (CC), a new scalable strategy to dynamically partition the last-level cache (LLC) for completely isolating enclaves from other applications and from each other. CC supports enclave isolation in caches with the capability to dynamically readjust the cache capacity as enclaves are created and destroyed. We present a cache-aware and enclave-aware operational semantics to help rigorously establish security properties of CC, and we experimentally demonstrate that CC thwarts side-channel attacks on caches with modest performance and complexity impact.

Original language	English
Title of host publication	Proceedings of the 31st USENIX Security Symposium, USENIX Security 2022
Publisher	USENIX Association
Pages	2839-2856
Number of pages	18
ISBN (Electronic)	9781939133311
State	Published - 2022
Event	31st USENIX Security Symposium, USENIX Security 2022 - Boston, United States Duration: Aug 10 2022 → Aug 12 2022

Publication series

Name	Proceedings of the 31st USENIX Security Symposium, Security 2022

Conference

Conference	31st USENIX Security Symposium, USENIX Security 2022
Country/Territory	United States
City	Boston
Period	08/10/22 → 08/12/22

Cite this

@inproceedings{f165b39e857849d1b2158696e76f64a3,

title = "Composable Cachelets: Protecting Enclaves from Cache Side-Channel Attacks",

abstract = "The security of isolated execution architectures such as Intel SGX has been significantly threatened by the recent emergence of side-channel attacks. Cache side-channel attacks allow adversaries to leak secrets stored inside isolated enclaves without having direct access to the enclave memory. In some cases, secrets can be leaked even without having the knowledge of the victim application code or having OS-level privileges. We propose the concept of Composable Cachelets (CC), a new scalable strategy to dynamically partition the last-level cache (LLC) for completely isolating enclaves from other applications and from each other. CC supports enclave isolation in caches with the capability to dynamically readjust the cache capacity as enclaves are created and destroyed. We present a cache-aware and enclave-aware operational semantics to help rigorously establish security properties of CC, and we experimentally demonstrate that CC thwarts side-channel attacks on caches with modest performance and complexity impact.",

author = "Daniel Townley and Kerem Arikan and Liu, \{Yu David\} and Dmitry Ponomarev and Oguz Ergin",

note = "Publisher Copyright: {\textcopyright} USENIX Security Symposium, Security 2022.All rights reserved.; 31st USENIX Security Symposium, USENIX Security 2022 ; Conference date: 10-08-2022 Through 12-08-2022",

year = "2022",

language = "English",

series = "Proceedings of the 31st USENIX Security Symposium, Security 2022",

publisher = "USENIX Association",

pages = "2839--2856",

booktitle = "Proceedings of the 31st USENIX Security Symposium, USENIX Security 2022",

}

Townley, D, Arikan, K, Liu, YD , Ponomarev, D & Ergin, O 2022, Composable Cachelets: Protecting Enclaves from Cache Side-Channel Attacks. in Proceedings of the 31st USENIX Security Symposium, USENIX Security 2022. Proceedings of the 31st USENIX Security Symposium, Security 2022, USENIX Association, pp. 2839-2856, 31st USENIX Security Symposium, USENIX Security 2022, Boston, United States, 08/10/22.

Composable Cachelets: Protecting Enclaves from Cache Side-Channel Attacks. / Townley, Daniel; Arikan, Kerem; Liu, Yu David et al.
Proceedings of the 31st USENIX Security Symposium, USENIX Security 2022. USENIX Association, 2022. p. 2839-2856 (Proceedings of the 31st USENIX Security Symposium, Security 2022).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Composable Cachelets

T2 - 31st USENIX Security Symposium, USENIX Security 2022

AU - Townley, Daniel

AU - Arikan, Kerem

AU - Liu, Yu David

AU - Ponomarev, Dmitry

AU - Ergin, Oguz

PY - 2022

Y1 - 2022

N2 - The security of isolated execution architectures such as Intel SGX has been significantly threatened by the recent emergence of side-channel attacks. Cache side-channel attacks allow adversaries to leak secrets stored inside isolated enclaves without having direct access to the enclave memory. In some cases, secrets can be leaked even without having the knowledge of the victim application code or having OS-level privileges. We propose the concept of Composable Cachelets (CC), a new scalable strategy to dynamically partition the last-level cache (LLC) for completely isolating enclaves from other applications and from each other. CC supports enclave isolation in caches with the capability to dynamically readjust the cache capacity as enclaves are created and destroyed. We present a cache-aware and enclave-aware operational semantics to help rigorously establish security properties of CC, and we experimentally demonstrate that CC thwarts side-channel attacks on caches with modest performance and complexity impact.

AB - The security of isolated execution architectures such as Intel SGX has been significantly threatened by the recent emergence of side-channel attacks. Cache side-channel attacks allow adversaries to leak secrets stored inside isolated enclaves without having direct access to the enclave memory. In some cases, secrets can be leaked even without having the knowledge of the victim application code or having OS-level privileges. We propose the concept of Composable Cachelets (CC), a new scalable strategy to dynamically partition the last-level cache (LLC) for completely isolating enclaves from other applications and from each other. CC supports enclave isolation in caches with the capability to dynamically readjust the cache capacity as enclaves are created and destroyed. We present a cache-aware and enclave-aware operational semantics to help rigorously establish security properties of CC, and we experimentally demonstrate that CC thwarts side-channel attacks on caches with modest performance and complexity impact.

UR - https://www.scopus.com/pages/publications/85140960218

M3 - Conference contribution

T3 - Proceedings of the 31st USENIX Security Symposium, Security 2022

SP - 2839

EP - 2856

BT - Proceedings of the 31st USENIX Security Symposium, USENIX Security 2022

PB - USENIX Association

Y2 - 10 August 2022 through 12 August 2022

ER -

Composable Cachelets: Protecting Enclaves from Cache Side-Channel Attacks

Abstract

Publication series

Conference

Other files and links

Fingerprint

Cite this