Skip to content
The branch shadowing attack: Proof of concept
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

The branch shadowing attack

Branch shadowing is a side-channel attack on Intel Software Guard Extensions (SGX) that can reveal fine-grained control flows (branch granularity) in an SGX enclave. This attack is possible because SGX does not clear branch history when switching from enclave to non-enclave mode, leaving fine-grained branch direction traces for the outside world to observe, resulting in an accurate branch-prediction-based side channel.

This repository contains partial proof-of-concept code snippets of the branch shadowing attack, including

  1. A modified Linux SGX driver (mal-sgx-driver) to execute and monitor colliding branch instructions with Last Branch Record (LBR) trace
  2. Kernel patch (linux-kernel) and Local Advanced Programmable Interrupt Controller (LAPIC) module (lapic-freq-module) to manipulate timer interrupt frequency
  3. A kernel module to disable L1/L2 cache (disable-cache-module)

More details


Attacking RSA exponentiation


We DO NOT release an end-to-end, fully automated attack and our target program. This is because, currently, our attack needs a lot of manual efforts especially for aligning target and attack branch instructions. However, it does not mean that our attack cannot be automated; with (a lot of) engineering efforts, we believe that our attack can be fully automated.

We have a plan to release a fully-automated version of the branch shadowing attack, but it will not be released in the near future.

Also, the current code attacks target branch instructions when an enclave terminates for simplicity and manageability. Revising the code to attack targets for every timer interrupt is an easy task.


You can’t perform that action at this time.