Daan Vanoverloop, DistriNet, KU Leuven; Andrés Sánchez, EPFL, Amazon; Flavio Toffalini, EPFL, RUB; Frank Piessens, DistriNet, KU Leuven; Mathias Payer, EPFL; Jo Van Bulck, DistriNet, KU Leuven
Intel SGX's vision of secure enclaved execution has been plagued by a continuous line of side channels. Among these, the ability to track enclave page accesses emerged as a particularly versatile and indispensable attack primitive. Despite nearly a decade since the original controlled-channel attack, existing mitigations remain focused on detection rather than prevention or depend on impractical developer annotations and hypothetical hardware extensions. This paper introduces TLBlur, a novel approach that leverages the recent AEX-Notify hardware extension in modern Intel SGX processors to essentially limit the bandwidth of controlled-channel attacks to the anonymity set of recently used pages.
Our defense leverages the fact that page translations served from the processor's Translation Lookaside Buffer (TLB), which is forcibly flushed during enclave interruptions, remain oblivious to adversaries. We introduce practical compile-time instrumentation to seamlessly log page accesses within the protected enclave application. Additionally, we utilize AEX-Notify to implement a custom enclave interrupt handler that hides the N most recently accessed application pages by transparently prefetching them into the hardware TLB. Our evaluation on real-world libraries such as libjpeg, yescrypt, wolfSSL, and OpenSSL yields acceptable performance overheads, improving over prior work with several orders of magnitude.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
