改进 Intel TDX 的侧信道保护.pdf

《改进 Intel TDX 的侧信道保护.pdf》由会员分享，可在线阅读，更多相关《改进 Intel TDX 的侧信道保护.pdf（40页珍藏版）》请在三个皮匠报告上搜索。

1、#BHEU BlackHatEventsImproving SideImproving Side-Channel Channel Protections for Intel TDXProtections for Intel TDX*Scott Constable Defensive Security Researcher,Intel Labs,Intel Corporation*Nagaraju(Raju)Kodalapura Principal Engineer,Offensive Security Research,Intel CorporationBaruch Chaikin Princ

2、ipal Engineer,CPU Architecture,Intel Corporation*Speakers#BHEU BlackHatEventsInformation Classification:General Intel Labs Intel Product Security and Assurance(IPAS)research Intel CPU Security Effectiveness Team Intel CPU Architecture Team The TDXdown researchers at TU Lbeck:Luca Wilke,Florian Sieck

3、,Thomas EisenbarthAcknowledgementsScott ConstableNagaraju(Raju)Kodalapura Baruch Chaikin2#BHEU BlackHatEventsInformation Classification:General Intro to Confidential Computing,Intel TDX(Trust Domain Extensions),side-channel Attacks,and malicious single-stepping Pre-TDX PoC(Proof of Concept)TDX-step

4、exploit and mitigation Techniques to bypass the TDX-Step mitigation,and intro to the new ICSSD(Instruction Counting Single-Step Defense)feature Comparison with the SGX-Step mitigationAgenda3#BHEU BlackHatEventsInformation Classification:GeneralWhat is Confidential Computing(CC)?Protects data at rest

5、(in storage,a database,etc.).Data encryption Access controlProtects data in transit(over a network,PCI bus,etc.)HTTPS TLSProtects data in use(within a CPU,XPU,etc.)Hardware-based,attested Trusted Execution Environments(TEEs)such as Intel TDX and Intel SGXThe Focus of CCand4#BHEU BlackHatEventsInform

6、ation Classification:GeneralIntel TDX is a CC technology that provides confidentiality and integrity for data in use by tenant VMs,called Trust Domains(TDs)Objective:Remove the Virtual Machine Monitor(VMM)and other system SW from the TDs TCB TDX Module:Intel-signed security services module responsib