Obelix: Mitigating Side-Channels through Dynamic Obfuscation
Jan Wichelmann, Anja Rabich, Anna Pätschke, Thomas Eisenbarth
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 5
This talk introduces Obelix, a novel software-based, drop-in countermeasure designed to mitigate a broad spectrum of side-channel attacks against workloads running within **Trusted Execution Environments (TEEs)**. Presented by Jan Wichelmann from the University of Lübeck, the research addresses a critical vulnerability in the security model of TEEs: despite hardware-enforced isolation and memory encryption, these environments remain susceptible to information leakage through observable side channels. Obelix aims to provide a comprehensive solution by employing a dynamic obfuscation engine that conceals both control flow and data flow patterns.
AI review
Obelix presents a novel and comprehensive software-based solution to a critical TEE problem: side-channel leakage. By combining Oblivious RAM for both code and data with instruction latency uniformization via an LLVM compiler extension, it offers a 'drop-in' defense against multiple attack classes. The work provides significant security guarantees, albeit with notable performance overhead.