Security Vulnerabilities of SGX and Countermeasures: A Survey

Loading...
Thumbnail Image

Access rights

openAccess

URL

Journal Title

Journal ISSN

Volume Title

A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä

Date

2021-07-13

Department

Department of Communications and Networking

Major/Subject

Mcode

Degree programme

Language

en

Pages

36

Series

ACM COMPUTING SURVEYS, Volume 54, issue 6

Abstract

Trusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of the most representative TEEs that creates an isolated environment on an untrusted operating system, thus providing run-time protection for the execution of security-critical code and data. However, Intel SGX is far from the acme of perfection. It has become a target of various attacks due to its security vulnerabilities. Researchers and practitioners have paid attention to the security vulnerabilities of SGX and investigated optimization solutions in real applications. Unfortunately, existing literature lacks a thorough review of security vulnerabilities of SGX and their countermeasures. In this article, we fill this gap. Specifically, we propose two sets of criteria for estimating security risks of existing attacks and evaluating defense effects brought by attack countermeasures. Furthermore, we propose a taxonomy of SGX security vulnerabilities and shed light on corresponding attack vectors. After that, we review published attacks and existing countermeasures, as well as evaluate them by employing our proposed criteria. At last, on the strength of our survey, we propose some open challenges and future directions in the research of SGX security.

Description

Funding Information: This work was supported in part by the National Natural Science Foundation of China under Grant 62072351 and Grant 61802293; in part by the National Postdoctoral Program for Innovative Talents under Grant BX20180238; in part by the Project funded by China Postdoctoral Science Foundation under Grant 2018M633461; in part by the Academy of Finland under Grant 308087 and Grant 335262; in part by the Shaanxi Innovation Team Project under Grant 2018TD-007; and in part by the 111 Project under Grant B16037. Authors’ addresses: S. F. Fei, W. X. Ding, and H. M. Xie, The State Key Lab of ISN, School of Cyber Engineering, Xidian University, 266 Xinglong Section of Xifeng Road, Xi’an, Shaanxi 710126, China; emails: shufanfei@gmail.com, wxding@xidian.edu.cn, 752099702@qq.com; Z. Yan (corresponding author), The State Key Lab of ISN, School of Cyber Engineering, Xidian University, Xi’an, Shaanxi, China and Department of Communications and Networking, School of Electrical Engineering, Aalto University, Konemiehentie 2, P.O.Box 15400, Espoo 02150, Finland; emails: zyan@xidian.edu.cn, zheng.yan@aalto.fi. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. © 2021 Association for Computing Machinery. 0360-0300/2021/07-ART126 $15.00 https://doi.org/10.1145/3456631 Publisher Copyright: © 2021 ACM.

Keywords

security, side-channel attacks, Trusted execution environment, trustworthiness

Other note

Citation

Fei, S, Yan, Z, Ding, W & Xie, H 2021, ' Security Vulnerabilities of SGX and Countermeasures: A Survey ', ACM Computing Surveys, vol. 54, no. 6, 126 . https://doi.org/10.1145/3456631