SGXlinger: A New Side-Channel Attack Vector Based on Interrupt Latency Against Enclave Execution

Software Guard Extension (SGX) is a new security feature that has been released in recent Intel commodity processors. It is designed to provide a user program with a strongly shielded environment against other components in the system, including the OS, firmware and hardware peripherals. With SGX, developers can securely deploy critical applications on untrusted remote platforms without the concern of information leakage. However, researchers have found several attacks against SGX, suggesting blind reliance on SGX is inadvisable, and promoting the need for a comprehensive study on the security property of SGX. In this paper, we discover a new attack vector SGXlinger to disclose information inside the protected program. Our attack monitors the interrupt latency of the SGX-protected program, and it is the first time that the interrupt latency is leveraged as a side-channel. We develop a framework to repeatedly measure the interrupt latency of an enclave program, and the evaluation shows we can learn coarse-grained information inside the shielded environment. In an experimental setting, we measure that the information leakage rate of the proposed side-channel can reach up to 35 Kbps.