Abstract: A computer-implemented method mitigates side channel attacks in cache memory. The method includes: loading data into a cache line of the cache memory, which includes marking the data as sensitive in metadata of the cache line based on the data being tagged as sensitive; tracking interactions with the data; and determining whether the interactions with the data are not normal based on a preset criteria and the tracked interactions with the data.

Abstract: A method for enabling enclave migration is provided, where the contents of the enclave and its sealed data are transferred from a sending host to a receiving host. An attestation is performed between a security monitor of the sending host and a security monitor of the receiving host, where the attestation includes an exchange of a shared cryptographic key K between the two security monitors. The shared cryptographic key K is used to implement a secure communication channel between the two security monitors. The two security monitors execute, via the secure communication channel, a predetermined transfer protocol. The predetermined transfer protocol includes an initial exchange of verification messages between the security monitors to verify that both security monitors are ready and can execute the transfer, and a subsequent transfer of enclave data between the security monitors.

Abstract: A method for implementing a software update for a selected enclave of a computing system includes obtaining, by a security monitor (SM) of the computing system, the software update for the selected enclave, installing, by the SM, the software update for the selected enclave to provide updated enclave software code, and measuring, by the SM, the updated enclave software code to provide a software update measurement. The updated enclave software code is stored in a memory region isolated from a memory region in which data for the selected enclave is stored. The method further includes transmitting, by the SM, the software update measurement to one or more respective other enclaves that share a memory region with the selected enclave.

Abstract: A method for detecting a microarchitectural attack on a trusted execution environment (TEE) and/or a violation of an expected execution flow of an application running in the TEE includes implementing a counting thread. An eviction set is loaded in a transaction. The eviction set corresponds to a cache set used by an operation of the application such that a transactional abort is received upon the operation being executed. A value of the counting thread is read upon receiving the transactional abort. These steps are repeated for a next operation of the application running in the TEE and an execution time is measured for the operation based on a difference between the values of the counting thread. The measured execution time for the operation is compared with an expected execution time to detect one or more variations that indicate the microarchitectural attack and/or the violation of the expected execution flow.

Abstract: A method provides trusted timing services to an enclave of a computer having memory and a trusted hardware timer. The computer executes a privileged management program and an untrusted operating system. The privileged management program has access to the memory and the trusted hardware timer, has higher privileges than the untrusted operating system, and exposes a system call to the enclave for requesting the trusted timing services. The method includes: receiving, by the privileged management program, a request for timing services from the enclave, via the system call; reserving, by the privileged management program, a memory region of the memory for tracking time; and writing, by the privileged management program, at least one value of the trusted hardware timer into the memory region.

Abstract: A method for detecting a trusted execution environment (TEE) clone application operating on a computing device includes measuring a plurality of read time periods associated with a plurality of monitored cache sets within a memory cache based on executing a first auxiliary thread of a TEE application on the computing device. Each of the read time periods indicating a time period that is used to read data within one of the monitored cache sets. The read time periods are compared with a time threshold to determine one or more cache misses. The TEE clone application is detected as operating on the computing device based on the determined cache misses.

Abstract: A method executes inter-enclave communication via cache memory of a processor. The method includes: instantiating a first enclave such that it is configured to execute a first communication thread, which is configured to read/write data to the cache memory; instantiating a second enclave such that it is configured to execute a second communication thread, which is configured to read/write data to cache memory; executing, by the first enclave, the first communication thread to send message data to the second enclave, executing the first communication thread comprising writing the message data to the cache memory; and executing, by the second enclave, the second communication thread to receive the message data. Executing the second communication thread can include: monitoring the cache memory to determine whether the data message is being sent; and based upon determining the data message is being sent, reading from the cache memory to receive the data message.

Abstract: A method executes inter-enclave communication via cache memory of a processor. The method includes: instantiating a first enclave such that it is configured to execute a first communication thread, which is configured to read/write data to the cache memory; instantiating a second enclave such that it is configured to execute a second communication thread, which is configured to read/write data to cache memory; executing, by the first enclave, the first communication thread to send message data to the second enclave, executing the first communication thread comprising writing the message data to the cache memory; and executing, by the second enclave, the second communication thread to receive the message data. Executing the second communication thread can include: monitoring the cache memory to determine whether the data message is being sent; and based upon determining the data message is being sent, reading from the cache memory to receive the data message.

Abstract: A method for detecting a microarchitectural attack on a trusted execution environment (TEE) and/or a violation of an expected execution flow of an application running in the TEE includes implementing a counting thread. An eviction set is loaded in a transaction. The eviction set corresponds to a cache set used by an operation of the application such that a transactional abort is received upon the operation being executed. A value of the counting thread is read upon receiving the transactional abort. These steps are repeated for a next operation of the application running in the TEE and an execution time is measured for the operation based on a difference between the values of the counting thread. The measured execution time for the operation is compared with an expected execution time to detect one or more variations that indicate the microarchitectural attack and/or the violation of the expected execution flow.

Abstract: A method for detecting a trusted execution environment (TEE) clone application operating on a computing device includes measuring a plurality of read time periods associated with a plurality of monitored cache sets within a memory cache based on executing a first auxiliary thread of a TEE application on the computing device. Each of the read time periods indicating a time period that is used to read data within one of the monitored cache sets. The read time periods are compared with a time threshold to determine one or more cache misses. The TEE clone application is detected as operating on the computing device based on the determined cache misses.