Primary supervisor
Shujie CuiCo-supervisors
Intel Software Guard Extensions (SGX) is an extension of the x86 instruction set architecture that allows a user process to create trusted execution environments called enclaves, which protect security-critical operations from other privileged software, including the OS kernel and hypervisor. An enclave’s memory is isolated, yet the enclave still shares a variety of resources with untrusted code, e.g., CPU caches, page tables and branch prediction units. This reliance on shared resources and the untrusted OS makes enclaves susceptible to side-channel attacks (SCAs). One type of SCAs exploits the same-core resources by running the attack thread and the victim thread on the same core, which is supported by the Hyperthreading technology.
Student cohort
Aim/outline
The goal of this project is to desgin a practical method that protects SGX enclaves from hyperthreading-based SCAs. The underlying OS and hypervisor are untrusted in the perspective of the enclave. The solution should not rely on any previlege from the OS or the hypervisor. Instead, we design the countermeasure in userspace, such as a pass of the compiler, to instrument the enclave to detect or counter malicious behavour itself in an efficent way.
Required knowledge
- Knowledge of trusted computing and cybersecurity
- Knowledge of the operating system and compiler
- Farmilar with C/C++ programming