Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems

The presence of large numbers of security vulnerabilities in popular feature-rich commodity operating systems has inspired a long line of work on excluding these operating systems from the trusted computing base of applications, while retaining many of their benefits. Legacy applications continue to...

Full description

Saved in:
Bibliographic Details
Main Authors: Yuanzhong Xu, Weidong Cui, Peinado, Marcus
Format: Conference Proceeding
Language:English
Subjects:
Control systems
Data mining
Hardware
Monitoring
Operating systems
Resource management
SGX
side-channel attack
untrusted operating system
Virtual machine monitors
virtualization
Citations: Items that cite this one
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The presence of large numbers of security vulnerabilities in popular feature-rich commodity operating systems has inspired a long line of work on excluding these operating systems from the trusted computing base of applications, while retaining many of their benefits. Legacy applications continue to run on the untrusted operating system, while a small hyper visor or trusted hardware prevents the operating system from accessing the applications' memory. In this paper, we introduce controlled-channel attacks, a new type of side-channel attack that allows an untrusted operating system to extract large amounts of sensitive information from protected applications on systems like Overshadow, Ink Tag or Haven. We implement the attacks on Haven and Ink Tag and demonstrate their power by extracting complete text documents and outlines of JPEG images from widely deployed application libraries. Given these attacks, it is unclear if Over shadow's vision of protecting unmodified legacy applications from legacy operating systems running on off-the-shelf hardware is still tenable.
ISSN:1081-6011
DOI:10.1109/SP.2015.45