Monday, June 4, 2018 - 4:00pm to 4:50pm
LINC 200

Speaker Information

Yeongjin Jang
Assistant Prof.
Oregon State University

Abstract

Intel Software Guard Extensions (SGX) is a technology that enables a trusted execution environment, which isolates program execution from untrusted privileged software (such as operating system and hypervisor). SGX provides this protection by providing an isolated memory space, called an enclave, and ensuring data confidentiality and integrity of the enclave from software and hardware attacks. However, because SGX excludes side-channel attacks from its threat model, it is vulnerable to such attacks, and researchers have demonstrated that compromising an enclave is possible.
 
In this talk, I will explain side-channel attacks against Intel SGX. First, I will introduce the foundation of Intel SGX such as architecture, threat model, security guarantees, and use cases. Next, I will introduce a page-fault exception based side-channel attack that compromises the confidentiality of an enclave. Finally, I will present the SGX-BOMB attack, which compromises data integrity of an enclave to ultimately launch a denial-of-service attack on a processor. Because these attacks are practical, system designers need to pay attention to such attacks to keep their SGX applications safe.

Speaker Bio

Yeongjin Jang is an Assistant Professor
in the School of Electrical Engineering and Computer Science (EECS)
at Oregon State University.

His research focus lies in computer systems security in general
and especially in identifying and analyzing emerging attacks to
computer systems to build countermeasures to keep systems secure.

The following keywords describe my research interests:
trustworthy computing, vulnerability discovery and analysis,
developing exploit primitives, jailbreaking, side-channel attack,
penetration test, and malware.

His prior research projects covered in popular media including:
MIT Technology Review, Forbes, Reuters, CBS News, Wired, CNN, Telegraph, and many more.

In addition to the academic works, he has been enjoying capture-the-flag (CTF) contests.
He received the Black Badge from DEF CON, as the winner (team DEFKOR) of DEF CON 23 CTF (2015).

Prior to joining to Oregon State University,
he received his Ph.D. and master's degree in Computer Science from Georgia Tech in 2017 and 2016, respectively,
and he earned his bachelor's degree in Computer Science from KAIST (2010).