{"id":13642065,"url":"https://github.com/jovanbulck/sgx-tutorial-space18","last_synced_at":"2026-01-16T18:27:25.076Z","repository":{"id":85169168,"uuid":"161033656","full_name":"jovanbulck/sgx-tutorial-space18","owner":"jovanbulck","description":"Tutorial: Uncovering and mitigating side-channel leakage in Intel SGX enclaves","archived":false,"fork":false,"pushed_at":"2025-03-17T12:52:18.000Z","size":17972,"stargazers_count":51,"open_issues_count":1,"forks_count":10,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-20T15:44:48.677Z","etag":null,"topics":["attack","enclave","sgx","side-channel","tutorial"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jovanbulck.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-12-09T11:48:19.000Z","updated_at":"2025-04-10T13:17:26.000Z","dependencies_parsed_at":"2023-03-13T04:33:44.624Z","dependency_job_id":null,"html_url":"https://github.com/jovanbulck/sgx-tutorial-space18","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jovanbulck/sgx-tutorial-space18","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jovanbulck%2Fsgx-tutorial-space18","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jovanbulck%2Fsgx-tutorial-space18/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jovanbulck%2Fsgx-tutorial-space18/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jovanbulck%2Fsgx-tutorial-space18/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jovanbulck","download_url":"https://codeload.github.com/jovanbulck/sgx-tutorial-space18/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jovanbulck%2Fsgx-tutorial-space18/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28480795,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack","enclave","sgx","side-channel","tutorial"],"created_at":"2024-08-02T01:01:27.026Z","updated_at":"2026-01-16T18:27:25.054Z","avatar_url":"https://github.com/jovanbulck.png","language":"C","readme":"# Tutorial overview and objectives\n\nThis repository collects presentation material and source code for hands-on\nexercises part of a 3h tutorial taught at the 8th International Conference on\nSecurity, Privacy, and Applied Cryptography Engineering\n([SPACE18](https://space2018.cse.iitk.ac.in/)), held 2018 December 15, Kanpur,\nIndia.\n\n## Abstract\n\nThe inclusion of the Software Guard eXtensions (SGX) in recent Intel processors\nhas been broadly acclaimed for bringing strong hardware-enforced trusted\ncomputing guarantees to mass consumer devices, and for protecting end user data\nin an untrusted cloud environment.  While SGX assumes a very strong attacker\nmodel and indeed even safeguards enclave secrets against a compromised\noperating system, recent research has demonstrated that considerable private\ndata (e.g., full text and images, complete cryptographic keys) may still be\nreconstructed by monitoring subtle side-effects of the enclaved execution.\n\nWe argue that a systematic understanding of such side-channel leakage sources\nis essential for writing intrinsically secure enclave applications, and will be\ninstrumental to the success of this new trusted execution technology.  This\ntutorial and write-up therefore aims to bring a better understanding of current\nstate-of-the-art side-channel attacks and defenses on Intel SGX platforms.\nParticipants will learn how to extract data from elementary example\napplications, thereby recognizing how to avoid common pitfalls and information\nleakage sources in enclave development.\n\n\u003e Jo Van Bulck, Frank Piessens \"Tutorial: Uncovering and mitigating side-channel\n\u003e leakage in Intel SGX enclaves\", 8th International Conference on Security,\n\u003e Privacy, and Applied Cryptography Engineering (SPACE'18). December 2018.\n\n## Tutorial organization\n\nThis tutorial is aimed at a target audience of C programmers with an interest\nin security. The tutorial takes about three hours, with an equal split between\nlectures and practical exercises.\n\n**Note (SGX support).** Since we do not assume that all participants have\naccess to an [SGX-capable](https://github.com/ayeks/SGX-hardware) Intel\nprocessor, plus [linux-sgx](https://github.com/01org/linux-sgx) toolchain, we\nmade sure that all exercises have both an _unprotected_ and _enclaved_ version.\nFor the SPACE2018 tutorial setting, we will provide SSH access to an SGX\nmachine over the local network in order to test the enclaved version.\n\nHowever, to keep pressure on the remote SSH SGX machine low, *we strongly\nadvise to first develop the unprotected attack scenario on your local x86\nmachine, before testing the enclaved version on the remote SGX machine via\nSSH.* Once the unprotected version is working, it should be relatively\nstraightforward to port the attack to an SGX setting.\n\n**Note (solutions).** This git repository includes a\n[`solutions`](https://github.com/jovanbulck/sgx-tutorial-space18/tree/solutions)\nbranch with working attack code for all of the exercises. If you want to solve\nthe exercise challenges on your own, you should of course only verify your\nsolutions after having implemented the attack yourself using the skeleton code\nprovided in the default `master` branch.\n\n\n| Program                   | SGX enclave version      | Description                                        |\n|---------------------------|--------------------------|----------------------------------------------------|\n| **001-pwd**               | 001-sgx-pwd              | Basic _timing_ side-channel attack.                |\n| **002-inc-secret**        | 002-sgx-inc-secret       | Basic _page fault_ side-channel attack.            |\n| **003-flush-and-reload**  | 003-sgx-flush-and-reload | Flush+Reload _cache_ attack on unprotected memory. |\n| **004-str**               | 004-sgx-str              | More subtle _page fault_ side-channel attack.      |\n| **005-rsa**               | 005-sgx-rsa              | Page _fault sequence_ side-channel attack.         |\n\n## License\n\nYou are welcome to re-use all of the material in this repository for your own\nteaching (given appropriate credit). All exercise code is free software,\nlicensed under [GPLv3](https://www.gnu.org/licenses/gpl-3.0).\nPresentation material (slides) are released on a\n[CC-BY](https://creativecommons.org/licenses/by/4.0/) basis. \n\n","funding_links":[],"categories":["Attacks","Side-Channels"],"sub_categories":["Memory Protection"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjovanbulck%2Fsgx-tutorial-space18","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjovanbulck%2Fsgx-tutorial-space18","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjovanbulck%2Fsgx-tutorial-space18/lists"}