Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization

Shohreh Hosseinzadeh, Hans Liljestrand, Ville Leppanen, Andrew Paverd

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review


Intel Software Guard Extensions (SGX) is a promising hardware-based technology for protecting sensitive computation from potentially compromised system software. However, recent research has shown that SGX is vulnerable to branch-shadowing -- a side channel attack that leaks the fine-grained (branch granularity) control flow of an enclave (SGX protected code), potentially revealing sensitive data to the attacker. The previously-proposed defense mechanism, called Zigzagger, attempted to hide the control flow, but has been shown to be ineffective if the attacker can single-step through the enclave using the recent SGX-Step framework. Taking into account these stronger attacker capabilities, we propose a new defense against branch-shadowing, based on control flow randomization. Our scheme is inspired by Zigzagger, but provides quantifiable security guarantees with respect to a tunable security parameter. Specifically, we eliminate conditional branches and hide the targets of unconditional branches using a combination of compile-time modifications and run-time code randomization. We evaluated the performance of our approach using ten benchmarks from SGX-Nbench. Although we considered the worst-case scenario (whole program instrumentation), our results show that, on average, our approach results in less than 18% performance loss and less than 1.2 times code size increase.
Original languageEnglish
Title of host publicationSysTEX '18
Subtitle of host publicationProceedings of the 3rd Workshop on System Software for Trusted Execution
Number of pages6
ISBN (Electronic)978-1-4503-5998-6
Publication statusPublished - 15 Oct 2018
MoE publication typeA4 Article in a conference publication
EventWorkshop on System Software for Trusted Execution - Beanfield Centre, Toronto, Canada
Duration: 15 Oct 201815 Oct 2018
Conference number: 3


WorkshopWorkshop on System Software for Trusted Execution
Abbreviated titleSysTEX
Internet address


Dive into the research topics of 'Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization'. Together they form a unique fingerprint.

Cite this