To mitigate interrupt-based stepping attacks (notably using SGX-Step), Intel introduced AEX-Notify, an ISA extension to Intel SGX that aims to prevent deterministic single-stepping. In this work, we introduce AEX-NStep, the first interrupt counting attack on AEX-Notify-enabled Enclaves. We show that deterministic single-stepping is not required for interrupt counting attacks to be practical and that, therefore, AEX-Notify does not entirely prevent such attacks. We specifically show that one of AEX-Notify's security guarantees, obfuscated forward progress, does not hold, and we introduce two new probabilistic interrupt counting attacks. We use these attacks to construct a practical ECDSA key leakage attack on an AEX-Notify-enabled SGX enclave. Our results extend the original security analysis of AEX-Notify and inform the design of future mitigations.

翻译：为缓解基于中断的单步攻击（尤其是使用SGX-Step的攻击），英特尔推出了AEX-Notify——一项旨在阻止确定性单步执行的Intel SGX指令集架构扩展。本工作提出了AEX-NStep，这是首个针对启用AEX-Notify功能的飞地（Enclave）的中断计数攻击。我们证明中断计数攻击在实际应用中并不需要确定性单步执行，因此AEX-Notify并不能完全阻止此类攻击。我们具体揭示了AEX-Notify的安全保证之一——模糊化前向执行进度——并不成立，并提出了两种新的概率性中断计数攻击方法。利用这些攻击，我们在启用AEX-Notify的SGX飞地上构建了可实际实施的ECDSA密钥泄漏攻击。我们的研究成果拓展了AEX-Notify原有的安全分析框架，并为未来防护机制的设计提供了参考依据。