MoLE: Mitigation of Side-channel Attacks against SGX via Dynamic Data Location Escape

Numerous works have experimentally shown that Intel Software Guard eXtensions (SGX) is vulnerable to side-channel attacks (SCAs) and related threats, including transient execution attacks. These threats compromise the security of SGX-protected apps. Obfuscating data access patterns is a realistic way to guard against these threats. However, existing defenses impose either too much performance overhead or additional usage restrictions (such as multithreading). Furthermore, these obfuscation schemes may no longer work if the attacker has the capacity to single-step the target application. In this paper, we propose MoLE, a dynamic data location randomization scheme to defend against SCAs and transient execution attacks that target sensitive data within enclaves. By continuously obfuscating the location of sensitive data at runtime, MoLE prevents the adversary from directly obtaining or disclosing data based on data access patterns. MoLE makes use of Transactional Synchronization Extensions (TSX), an Intel CPU feature intended for efficiency in concurrent scenarios, to prevent the adversary from tracking sensitive data by single-stepping enclaved execution. MoLE can also be applied in multi-threaded scenarios under the protection of TSX. We implement MoLE as a semi-automatic compiler-based tool. Evaluation results show that MoLE is practical, offering a tunable trade-off between security and performance.