Skip to main content

Protecting SGX Enclaves against Hyperthreading-based Side Channel Attacks

Primary supervisor

Shujie Cui


Intel Software Guard Extensions (SGX) is an extension of the x86 instruction set architecture that allows a user process to create trusted execution environments called enclaves, which protect security-critical operations from other privileged software, including the OS kernel and hypervisor. An enclave’s memory is isolated, yet the enclave still shares a variety of resources with untrusted code, e.g., CPU caches, page tables and branch prediction units. This reliance on shared resources and the untrusted OS makes enclaves susceptible to side-channel attacks (SCAs). One type of SCAs exploits the same-core resources by running the attack thread and the victim thread on the same core, which is supported by the Hyperthreading technology. 

Student cohort

Double Semester


The goal of this project is to desgin a practical method that protects SGX enclaves from hyperthreading-based SCAs. The underlying OS and hypervisor are untrusted in the perspective of the enclave. The solution should not rely on any previlege from the OS or the hypervisor. Instead, we design the countermeasure in userspace, such as a pass of the compiler, to instrument the enclave to detect or counter malicious behavour itself in an efficent way. 

Required knowledge

  • Knowledge of trusted computing and cybersecurity 
  • Knowledge of the operating system and compiler
  • Farmilar with C/C++ programming