# SGX Defenses Links: [[SGX]], [[Security]] ## Papers ### (2017) The Heisenberg Defense: Proactively Defending SGX Enclaves against Page-Table-Based Side-Channel Attacks [abstract](https://arxiv.org/abs/1712.08519), [pdf](https://arxiv.org/pdf/1712.08519.pdf) > We present Heisenberg, a proactive defense that provides complete protection against page table based side channels. We guarantee that any attack will either be prevented or detected automatically before {\em any} sensitive information leaks. Consequently, Heisenberg can always securely resume enclave execution -- even when the attacker is still present in the system. > > We present two implementations. Heisenberg-HW relies on very limited hardware features to defend against page-table-based attacks. We use the x86/SGX platform as an example, but the same approach can be applied when protected-module architectures are ported to different platforms as well. > > Heisenberg-SW avoids these hardware modifications and can readily be applied. Unfortunately, it's reliance on Intel Transactional Synchronization Extensions (TSX) may lead to significant performance overhead under real-life conditions. ### (2018) Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks [abstract](https://www.usenix.org/conference/atc18/presentation/oleksenko), [pdf](https://www.usenix.org/system/files/conference/atc18/atc18-oleksenko.pdf)