|
Recent advances of isolated execution technologies, especially the emergence of Intel Software Guard eXtension (SGX), revolutionize the model of computer security and empower programs with sensitive data and code to be shielded from untrusted operating systems. However, their security guarantees have not yet been thoroughly investigated against the notorious vector of information leakage side-channel attacks. It is conceivable that side-channel attacks with full control of the underlying operating system are more diverse, efficient and robust than those from unprivileged programs. As a result, side-channel security, or lack thereof, will significantly impact the security promises offered by such technologies.
The objective of the research project is to fully understand risks of side-channel information leakage in such isolated execution environments on untrusted operating systems, by (1) identifying new side-channel attack vectors systematically and automatically using model checking techniques, (2) examining new capabilities of privileged attackers that may lead to more robust and efficient side-channel attacks, and (3) advancing our understanding of the effectiveness of potential solutions to side-channel threats in the underlying context. The study conceptualizes new frameworks for systematically evaluating side-channel security of computer systems, and also provides new insights on side-channel vulnerabilities on untrusted operating systems. More broadly, the project will offer guidelines for industry practices of SGX and an integration of the PI?s research into STEM education.
|
CRII: SaTC: Rethinking Side Channel Security on Untrusted Operating Systems