Overview
Three types of enclave interactions for privileged adversaries: (1) pass attacker-controlled arguments through the enclave interface; (2) derive execution metadata during or after enclave invocation through side channels; (3) extract enclave secrets from the CPU’s microarchitectural state through transient execution.
So-called “microarchitectural” attacks go beyond the visible architectural interface of the processor by exploiting subtle, hidden details of the implementation of the underlying CPU (e.g., caches and branch predictors).
Videos
Find some introductory videos for some of our previous projects below.