Trusted execution environments, such as enclaves, allow the processor to run a program without requiring trust in any software, including system software such as the operating system. This makes enclaves particularly relevant in cloud environments where you do not have control of the software running on the machine. However, some indirect attack vectors, known as side channels, are still possible against enclaves as they rely not on explicitly attacking the memory encryption, but on observing information about program execution such as what order pages are accessed or which cache lines are read. This project aims to extend the MIT Sanctum secure processor, which already protects against cache side channels, with control flow independent demand paging. Ordinarily demand paging leaks information about the program’s control flow which could be private.
If you would like to contact us about our work, please scroll down to the people section and click on one of the group leads' people pages, where you can reach out to them directly.