An Off-Chip Attack on Hardware Enclaves via the Memory Bus

USENIX Security 2020, 2019.

Cited by: 0|Bibtex|Views23|Links
Keywords:
chip attacklongest increasing subsequencechannel attack256 (0.5MB) (1MB)hardware enclaveMore(34+)
Weibo:
This paper shows how an attacker can break the confidentiality of a hardware enclave with Membuster, an off-chip attack based on snooping the memory bus

Abstract:

This paper shows how an attacker can break the confidentiality of a hardware enclave with Membuster, an off-chip attack based on snooping the memory bus. An attacker with physical access can observe an unencrypted address bus and extract fine-grained memory access patterns of the victim. Membuster is qualitatively different from prior o...More

Code:

Data:

0
Introduction
  • Hardware enclaves [1,2,3,4,5] provide secure execution environments to protect sensitive code and data.
  • A hardware enclave has a small trusted computing base (TCB) including the trusted hardware and program and assumes a strong threat model where even a privileged attacker cannot break the confidentiality and integrity of the execution.
  • Controlled-channel attacks [24] use the OS privilege to trigger page faults for memory access on different pages, to reconstruct secrets from page-granularity access patterns inside the victim program.
  • The threat model of SGX includes physical attacks such as Cold-Boot Attacks [6], which can observe sensitive data from residuals inside DRAM.
  • If all concurrent enclaves require more virtual memory than the EPC size, the OS needs to swap the encrypted EPC pages into regular pages
Highlights
  • Hardware enclaves [1,2,3,4,5] provide secure execution environments to protect sensitive code and data
  • We show that MEMBUSTER can be a substantial threat to hardware enclaves because of its unique traits compared to the existing on-chip attacks (§2.2)
  • How sensitive are the attack results of MEMBUSTER to the last-level cache (LLC) size of the target CPU? We evaluate the MEMBUSTER attack in various settings: (1) the basic attack without any techniques (None); (2) the optimized attack with cache squeezing (SQ); (3) the optimized attack with cache squeezing combined with cross-core cache priming (SQ+PR)
  • We introduced MEMBUSTER, which is a noninterference, fine-grained, stealthy physical side-channel attack on hardware enclaves based on snooping the address lines of the memory bus off-chip
  • We develop an algorithm that can retrieve application secrets from memory bus traces
  • We observe that the cache prefetching features of CPUs can help increase the accuracy of the attack
  • We believe the attack technique is prevalent beyond Intel SGX and can apply to other secure processors or enclave platforms, which do not protect memory buses
Results
  • The authors present the evaluation results of the MEMBUSTER attack, based on the two vulnerable applications described in §4.
  • The authors describe the experimental setup of the MEMBUSTER attack
  • The authors use both physical and simulated experiments to evaluate the effectiveness of MEMBUSTER.
  • All of the experiments have finished in a few seconds, and the acquisition depth is sufficient for logging all the memory requests.
  • To achieve a wider time window, the attacker can choose an analyzer which can filter the requests by addresses [57], or which has a higher acquisition depth [55].
  • The authors were able to successfully perform the attack despite the small sample size because the results match well with the expectations learned from the simulation
Conclusion
  • The authors discuss the limitations, generalization, implications, and mitigations of the MEMBUSTER attack.In this paper, the authors introduced MEMBUSTER, which is a noninterference, fine-grained, stealthy physical side-channel attack on hardware enclaves based on snooping the address lines of the memory bus off-chip.
  • The authors demystify the physical bus-based side channel by reverse-engineering the internals of several hardware components.
  • The authors demonstrated the attack on an actual SGX machine; the attack achieved similar accuracy with much lower overhead than previous attacks such as controlled-channel attacks.
  • The authors believe the attack technique is prevalent beyond Intel SGX and can apply to other secure processors or enclave platforms, which do not protect memory buses
Summary
  • Introduction:

    Hardware enclaves [1,2,3,4,5] provide secure execution environments to protect sensitive code and data.
  • A hardware enclave has a small trusted computing base (TCB) including the trusted hardware and program and assumes a strong threat model where even a privileged attacker cannot break the confidentiality and integrity of the execution.
  • Controlled-channel attacks [24] use the OS privilege to trigger page faults for memory access on different pages, to reconstruct secrets from page-granularity access patterns inside the victim program.
  • The threat model of SGX includes physical attacks such as Cold-Boot Attacks [6], which can observe sensitive data from residuals inside DRAM.
  • If all concurrent enclaves require more virtual memory than the EPC size, the OS needs to swap the encrypted EPC pages into regular pages
  • Objectives:

    The authors' goal is to increase the cache misses on critical addresses, to improve the success rate of the MEMBUSTER attack.
  • Results:

    The authors present the evaluation results of the MEMBUSTER attack, based on the two vulnerable applications described in §4.
  • The authors describe the experimental setup of the MEMBUSTER attack
  • The authors use both physical and simulated experiments to evaluate the effectiveness of MEMBUSTER.
  • All of the experiments have finished in a few seconds, and the acquisition depth is sufficient for logging all the memory requests.
  • To achieve a wider time window, the attacker can choose an analyzer which can filter the requests by addresses [57], or which has a higher acquisition depth [55].
  • The authors were able to successfully perform the attack despite the small sample size because the results match well with the expectations learned from the simulation
  • Conclusion:

    The authors discuss the limitations, generalization, implications, and mitigations of the MEMBUSTER attack.In this paper, the authors introduced MEMBUSTER, which is a noninterference, fine-grained, stealthy physical side-channel attack on hardware enclaves based on snooping the address lines of the memory bus off-chip.
  • The authors demystify the physical bus-based side channel by reverse-engineering the internals of several hardware components.
  • The authors demonstrated the attack on an actual SGX machine; the attack achieved similar accuracy with much lower overhead than previous attacks such as controlled-channel attacks.
  • The authors believe the attack technique is prevalent beyond Intel SGX and can apply to other secure processors or enclave platforms, which do not protect memory buses
Tables
  • Table1: This work (MEMBUSTER) compared to previous sidechannel attacks on SGX. The two boldface rows illustrate what we perceive to be the most important distinctions. The colored cell indicates the attacker has the advantage
  • Table2: Hardware specification for the experiment
  • Table3: MEMBUSTER results for attacking Memcached on an SGX machine
Download tables as Excel
Related work
  • Other On-Chip Attacks. Other on-chip attacks worth mentioning are speculative-based execution side channels like Foreshadow [18] or ZombieLoad [47], branch shadowing side channels [48], denial-of-service attacks (e.g., Rowhammer [49, 50]), or rollback attacks [51, 52].

    Other Off-Chip Side-Channel Attack. DRAM row buffers can be exploited as side-channels between cores or CPUs, as demonstrated in DRAMA [53]. DRAMA shows that by observing the latency of reading or writing to DRAM, the attacker can infer whether the victim has recently accessed the data stored in the same row. DRAMA shows how a softwareonly attacker can use DRAM row buffers as covert channels or side channels. MEMBUSTER further explores how the attacker can directly use the address bus as a side channel.
Funding
  • This work was supported in part by NSF grants CNS-1228839, CNS-1405641, CNS-1700512, NSF CISE Expeditions Award CCF-1730628, as well as gifts from the Sloan Foundation, Alibaba, Amazon Web Services, Ant Financial, ARM, Capital One, Ericsson, Facebook, Google, Intel, Microsoft, Scotiabank, Splunk, and VMware
Reference
  • Intel Software Guard Extensions. //software.intel.com/sgx. Last accessed: December 2, 2019.
    Google ScholarFindings
  • Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. Innovative Instructions and Software Model for Isolated Execution. In HASP, 2013.
    Google ScholarFindings
  • David Lie, Chandramohan A Thekkath, and Mark Horowitz. Implementing an Untrusted Operating System on Trusted Hardware. ACM SIGOPS Operating Systems Review, 37(5):178–192, 2003.
    Google ScholarLocate open access versionFindings
  • Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Keystone: A framework for architecting tees. arXiv preprint arXiv:1907.10119, 2019.
    Findings
  • Victor Costan, Ilia A Lebedev, and Srinivas Devadas. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In USENIX Security, 2016.
    Google ScholarLocate open access versionFindings
  • J Alex Halderman, Seth D Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A Calandrino, Ariel J Feldman, Jacob Appelbaum, and Edward W Felten. Lest we remember: cold-boot attacks on encryption keys. Communications of the ACM, 2009.
    Google ScholarLocate open access versionFindings
  • Christian Priebe, Kapil Vaswani, and Manuel Costa. EnclaveDB - A Secure Database using SGX. In IEEE S&P, 2018.
    Google ScholarLocate open access versionFindings
  • Felix Schuster, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. VC3: Trustworthy Data Analytics in the Cloud. In IEEE S&P, 2015.
    Google ScholarLocate open access versionFindings
  • Tien Tuan Anh Dinh, Prateek Saxena, Ee-Chien Chang, Beng Chin Ooi, and Chunwang Zhang. M2R: Enabling Stronger Privacy in MapReduce Computation. In USENIX Security, 2015.
    Google ScholarLocate open access versionFindings
  • Stefan Brenner, Colin Wulf, David Goltzsche, Nico Weichbrodt, Matthias Lorenz, Christof Fetzer, Peter Pietzuch, and Rüdiger Kapitza. SecureKeeper: Confidential ZooKeeper Using Intel SGX. In Middleware, 2016.
    Google ScholarLocate open access versionFindings
  • Joshua Lind, Oded Naor, Ittay Eyal, Florian Kelbert, Emin Gün Sirer, and Peter Pietzuch. Teechain: A Secure Payment Network with Asynchronous Blockchain Access. In SOSP, 2019.
    Google ScholarLocate open access versionFindings
  • Mitar Milutinovic, Warren He, Howard Wu, and Maxinder Kanwal. Proof of Luck: An Efficient Blockchain Consensus Protocol. In SysTEX, 2016.
    Google ScholarLocate open access versionFindings
  • Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, and Elaine Shi. Town crier: An authenticated data feed for smart contracts. In CCS, 2016.
    Google ScholarLocate open access versionFindings
  • R. Cheng, F. Zhang, J. Kos, W. He, N. Hynes, N. Johnson, A. Juels, A. Miller, and D. Song. Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts. In EuroS&P, 2019.
    Google ScholarLocate open access versionFindings
  • Iddo Bentov, Yan Ji, Fan Zhang, Yunqi Li, Xueyuan Zhao, Lorenz Breidenbach, Philip Daian, and Ari Juels. Tesseract: Real-Time Cryptocurrency Exchange using Trusted Hardware. In CCS, 2017.
    Google ScholarLocate open access versionFindings
  • Olga Ohrimenko, Felix Schuster, Cedric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. Oblivious multi-party machine learning on trusted processors. In USENIX Security, 2016.
    Google ScholarLocate open access versionFindings
  • Shruti Tople, Karan Grover, Shweta Shinde, Ranjita Bhagwan, and Ramachandran Ramjee. Privado: Practical and Secure DNN Inference. ArXiv, 2018.
    Google ScholarLocate open access versionFindings
  • Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-order Execution. In USENIX Security, 2018.
    Google ScholarLocate open access versionFindings
  • Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX. In CCS, 2017.
    Google ScholarLocate open access versionFindings
  • Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. Software Grand Exposure: SGX Cache Attacks Are Practical. In WOOT, 2017.
    Google ScholarLocate open access versionFindings
  • Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In DIMVA, 2017.
    Google ScholarLocate open access versionFindings
  • Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. CacheZoom: How SGX Amplifies the Power of Cache Attacks. In CHES, pages 69–90.
    Google ScholarLocate open access versionFindings
  • Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, and Raoul Strackx. Telling Your Secrets Without Page Faults: Stealthy Page Table-based Attacks on Enclaved Execution. In USENIX Security, 2017.
    Google ScholarLocate open access versionFindings
  • Yuanzhong Xu, Weidong Cui, and Marcus Peinado. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In S&P, 2015.
    Google ScholarLocate open access versionFindings
  • Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari, Elaine Shi, Krste Asanovic, John Kubiatowicz, and Dawn Song. PHANTOM: Practical Oblivious Computation in a Secure Processor. In CCS, 2013.
    Google ScholarLocate open access versionFindings
  • Victor Costan and Srinivas Devadas. Intel SGX Explained. Cryptology ePrint Archive, Report 2016/086, 2016. http://eprint.iacr.org/2016/086.
    Findings
  • Andrew Huang. Keeping Secrets in Hardware: The Microsoft XboxTM Case Study. In CHES, 2003.
    Google ScholarFindings
  • Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Andre Martin, Christof Fetzer, and Mark Silberstein. Varys: Protecting sgx enclaves from practical side-channel attacks. In USENIX ATC, 2018.
    Google ScholarLocate open access versionFindings
  • Guoxing Chen, Wenhao Wang, Tianyu Chen, Sanchuan Chen, Yinqian Zhang, XiaoFeng Wang, Ten-Hwang Lai, and Dongdai Lin. Racing in Hyperspace: Closing HyperThreading Side Channels on SGX with Contrived Data Races. In S&P, 2018.
    Google ScholarLocate open access versionFindings
  • Daniel Gruss, Julian Lettner, Felix Schuster, Olya Ohrimenko, Istvan Haller, and Manuel Costa. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. In USENIX Security, 2017.
    Google ScholarLocate open access versionFindings
  • Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs. In NDSS, 2017.
    Google ScholarLocate open access versionFindings
  • Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, and Yinqian Zhang. Detecting Privileged Side-Channel Attacks in Shielded Execution with DéJà Vu. In AsiaCCS, 2017.
    Google ScholarLocate open access versionFindings
  • Xiao Shaun Wang, Kartik Nayak, Chang Liu, T.-H. Hubert Chan, Elaine Shi, Emil Stefanov, and Yan Huang. Oblivious Data Structures. In CCS, 2014.
    Google ScholarLocate open access versionFindings
  • Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. Path ORAM: An Extremely Simple Oblivious RAM Protocol. In CCS, 2013.
    Google ScholarLocate open access versionFindings
  • Pratyush Mishra, Rishabh Poddar, Jerry Chen, Alessandro Chiesa, and Raluca Ada Popa. Oblix: An efficient oblivious search index. In S&P, 2018.
    Google ScholarLocate open access versionFindings
  • Shaizeen Aga and Satish Narayanasamy. InvisiMem: Smart Memory Defenses for Memory Bus Side Channel. In ISCA, 2017.
    Google ScholarLocate open access versionFindings
  • Amro Awad, Yipeng Wang, Deborah Shands, and Yan Solihin. ObfusMem: A Low-Overhead Access Obfuscation for Trusted Memories. In ISCA, 2017.
    Google ScholarLocate open access versionFindings
  • QEMU: the FAST! processor emulator. https://www.qemu.org/. Last accessed: December 2, 2019.
    Findings
  • Intel Software Guard Extensions Programming Reference. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf. Last accessed: December 2, 2019.
    Findings
  • Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, and Bryan Parno. Komodo: Using verification to disentangle secure-enclave hardware from software. In SOSP, 2017.
    Google ScholarLocate open access versionFindings
  • ARM Security IP CryptoIsland Family. https://www.arm.com/products/silicon-ip-security/cryptoisland. Last accessed: December 2, 2019.
    Findings
  • AMD Secure Encrypted Virtualization. https://developer.amd.com/amd-secure-memoryencryption-sme-amd-secure-encryptedvirtualization-sev/. Last accessed: December 2, 2019.
    Findings
  • Dag Arne Osvik, Adi Shamir, and Eran Tromer. Cache Attacks and Countermeasures: The Case of AES. In CT-RSA, 2006.
    Google ScholarLocate open access versionFindings
  • Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. Last-Level Cache Side-Channel Attacks Are Practical. In S&P, 2015.
    Google ScholarLocate open access versionFindings
  • Yuval Yarom and Katrina Falkner. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-channel Attack. In USENIX Security, 2014.
    Google ScholarLocate open access versionFindings
  • Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. Flush+Flush: A Fast and Stealthy Cache Attack. In DIMVA, 2016.
    Google ScholarLocate open access versionFindings
  • Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, and Daniel Gruss. ZombieLoad: Cross-Privilege-Boundary Data Sampling. In CCS, 2019.
    Google ScholarLocate open access versionFindings
  • Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. Inferring Finegrained Control Flow Inside SGX Enclaves with Branch Shadowing. In USENIX Security, 2017.
    Google ScholarLocate open access versionFindings
  • Yeongjin Jang, Jaehyuk Lee, Sangho Lee, and Taesoo Kim. SGX-Bomb: Locking Down the Processor via Rowhammer Attack. In SysTEX, 2017.
    Google ScholarLocate open access versionFindings
  • Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In CCS, 2016.
    Google ScholarLocate open access versionFindings
  • Marcus Brandenburger, Christian Cachin, Matthias Lorenz, and Rüdiger Kapitza. Rollback and Forking Detection for Trusted Execution Environments using Lightweight Collective Memory. In DSN, 2017.
    Google ScholarLocate open access versionFindings
  • Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, and Srdjan Capkun. ROTE: Rollback Protection for Trusted Execution. In USENIX Security, 2017.
    Google ScholarLocate open access versionFindings
  • Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard. DRAMA: Exploiting Dram Addressing for Cross-CPU Attacks. In USENIX Security, 2016.
    Google ScholarLocate open access versionFindings
  • Chia-che Tsai, Donald E. Porter, and Mona Vij. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In ATC, 2017.
    Google ScholarLocate open access versionFindings
  • JKI Inc. JLA320A. https://www.jkic.co.kr/ddr4protocol-analyzer. Last accessed: December 2, 2019.
    Findings
  • Kibra 480 Analyzer. lecroy_kibra480_datasheet.pdf. Last accessed: December 2, 2019.
    Google ScholarFindings
  • Nexus Technology MA4100. www.nexustechnology.com/products/memoryanalyzers/ma4100-series-memory-analyzer/.
    Findings
  • Last accessed: December 2, 2019.
    Google ScholarFindings
  • [58] Hunspell. http://hunspell.github.io/. Last accessed: December 2, 2019.
    Findings
  • [59] Brad Fitzpatrick. Distributed caching with memcached. Linux journal, 2004(124):5, 2004.
    Google ScholarLocate open access versionFindings
  • [60] Rajesh Nishtala, Hans Fugal, Steven Grimm, Marc Kwiatkowski, Herman Lee, Harry C. Li, Ryan McElroy, Mike Paleczny, Daniel Peek, Paul Saab, David Stafford, Tony Tung, and Venkateshwaran Venkataramani. Scaling Memcache at Facebook. In NSDI, 2013.
    Google ScholarLocate open access versionFindings
  • [61] James Langston. Enhancing the Scalability of Memcached. https://software.intel.com/enus/articles/enhancing-the-scalability-ofmemcached. Last accessed: December 2, 2019.
    Findings
  • [62] Yupeng Zhang, Jonathan Katz, and Charalampos Papamanthou. All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption. In USENIX Security, 2016.
    Google ScholarLocate open access versionFindings
  • [63] Intel 64 and IA-32 Architectures Software Developer’s Manual Volume 3A: System Programming Guide, Part 1. https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32- architectures-software-developer-vol-3apart-1-manual.pdf. Last accessed: December 2, 2019.
    Findings
  • [64] Mengjia Yan, Read Sprabery, Bhargava Gopireddy, Christopher Fletcher, Roy Campbell, and Josep Torrellas. Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World. In S&P, 2019.
    Google ScholarLocate open access versionFindings
  • [65] Khang T Nguyen. Introduction to Cache Allocation Technology in the Intel R Xeon R Processor E5 v4 Family. https://software.intel.com/en-us/articles/introduction-to-cache-allocationtechnology, Febuary 2016.
    Findings
  • [66] Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O’Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. SCONE: Secure Linux Containers with Intel SGX. In OSDI, 2016.
    Google ScholarLocate open access versionFindings
  • [67] Software Guard Extenstion (SGX) SDK for Linux. https://github.com/intel/linux-sgx. Last accessed: December 2, 2019.
    Findings
  • [68] RISC-V ISA Simulator. https://riscv.org/software-tools/risc-v-isa-simulator/. Last accessed: December 2, 2019.
    Findings
  • [69] Spell Checker Oriented Word Lists. http://wordlist.aspell.net/. Last accessed: December 2, 2019.
    Findings
  • [70] Enron Email Dataset. https://www.cs.cmu.edu/~./enron/. Last accessed: December 2, 2019.
    Findings
  • [71] NLTK data 3.4.5 documentation. https://www.nltk.org/data.html. Last accessed: December 2, 2019.
    Findings
  • [72] GNU Privacy Guard. http://www.gnupg.org. Last accessed: December 2, 2019.
    Findings
  • [73] Sajin Sasy, Sergey Gorbunov, and Christopher W. Fletcher. ZeroTrace: Oblivious Memory Primitives from Intel SGX. In NDSS, 2017.
    Google ScholarLocate open access versionFindings
  • [74] J Thomas Pawlowski. Hybrid Memory Cube (HMC). In 2011 IEEE Hot Chips 23 Symposium (HCS), 2011.
    Google ScholarFindings
  • [75] Oliver Kömmerling and Markus G Kuhn. Design Principles for Tamper-Resistant Smartcard Processors. In Smartcard, 1999.
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments