

# **TLBlur: Compiler-Assisted Automated Hardening against** Controlled Channels on Off-the-Shelf Intel SGX Platforms

Daan Vanoverloop<sup>1</sup>, Andrés Sánchez<sup>2,4</sup>, Flavio Toffalini<sup>2,3</sup>, Frank Piessens<sup>1</sup>, Mathias Payer<sup>2</sup>, Jo Van Bulck<sup>1</sup> <sup>1</sup>DistriNet, KU Leuven, Belgium, <sup>2</sup>EPFL, Switzerland, <sup>3</sup>RUB, Germany, <sup>4</sup>Amazon











# **Intel SGX: Hardware-Level Isolation**







### **Spatial Resolution**



### **Spatial Resolution**







### **Spatial Resolution**





### **Spatial Resolution**



Still possible with AEX-Notify mitigation!



### **Spatial Resolution**





Today at USENIX:

**TLBlur** 





# **TLBlur Overview**







- 1 Instrumentation
- 2 Page-access tracing
- 3 Page Prefetching





