MSc. Ferdinand Brasser

Research Assistant

Mornewegstraße 30
D-64293 Darmstadt
GERMANY

Building: S4|14
Room:4.1.17
Phone:+49 (0)6151 / 16 - 25331
Email:ferdinand.brasser(a-t)trust.tu-darmstadt.de
Website:https://www.trust.informatik.tu-darmstadt.de/people/ferdinand-brasser/

 

Vita

Since 2013

Research Assistant

at EC SPRIDE

and Technische Universität Darmstadt, Germany

2010-2013

M.Sc. IT Security

at Technische Universität Darmstadt, Germany

2007-2010

B.Sc. Informatik

at Fachhochschule Braunschweig/Wolfenbüttel, Germany.

 

 

Publications

DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization

Author Ferdinand Brasser, Srdjan Capkun, Alexandra Dmitrienko, Tommaso Frassetto, Kari Kostiainen, Urs Müller, Ahmad-Reza Sadeghi
Date September 2017
Kind Techreport
KeyTUD-CS-2017-0255
Research Areas System Security Lab
Abstract Recent research has demonstrated that Intel's SGX is vulnerable to various software-based side-channel attacks. In particular, attacks that monitor CPU caches shared between the victim enclave and untrusted software enable accurate leakage of secret enclave data. Known defenses assume developer assistance, require hardware changes, impose high overhead, or prevent only some of the known attacks. In this paper we propose data location randomization as a novel defensive approach to address the threat of side-channel attacks. Our main goal is to break the link between the cache observations by the privileged adversary and the actual data accesses by the victim. We design and implement a compiler-based tool called DR.SGX that instruments enclave code such that data locations are permuted at the granularity of cache lines. We realize the permutation with the CPU's cryptographic hardware-acceleration units providing secure randomization. To prevent correlation of repeated memory accesses we continuously re-randomize all enclave data during execution. Our solution effectively protects many (but not all) enclaves from cache attacks and provides a complementary enclave hardening technique that is especially useful against unpredictable information leakage.
Website https://arxiv.org/abs/1709.09917
[Export this entry to BibTeX]

Important Copyright Notice:

The documents contained in these directories are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang