Informer: Protecting Intel SGX from Cross-Core Side Channel Threats

As one of the major threats facing Intel SGX, side-channel attacks have been widely researched and disclosed as actual vulnerabilities in recent years, which can severely harm the integrity and confidentiality of programs protected by SGX. Most existing defense schemes are built based on the assumption that the adversary launches attacks from the same core as the victim, which however have been proved insufficient by newly-emerged cross-core side-channel attacks (e.g. CrossTalk). We present Informer, a defensive approach for SGX against side-channel attacks launched from any location, whether the adversary resides in the same physical CPU core as the victim or not. Informer achieves this goal by creating dummy threads that temporarily monopolize all CPU cores when security-critical codes are being executed, which breaks the essential concurrent execution condition of side-channel attacks. A key challenge is to ensure all those threads are scheduled exclusively to occupy all CPU cores even within an untrusted OS. Informer can defend against side-channel attacks from any core, and only incurs 22% performance overhead in OpenSSL. An additional mechanism is designed to reduce the impact on the operating system, as well as an optional extension to reduce the performance overhead brought to other programs.