TEEcorrelate: An Information-Preserving Defense against Performance-Counter Attacks on TEEs

Trusted-execution environments (TEEs) offer confidentiality in shared environments. While Intel restricts performance counter access, limiting load-balancing and anomaly detection on TEEs, AMD exposes performance counters to the host, leaving the TEE vulnerable to side-channel leakage. In this paper, we propose TEEcorrelate, a lightweight information-preserving defense against performance-counter attacks on TEEs. TEEcorrelate reconciles monitoring capabilities of the host and confidentiality requirements of the TEE, by statistically decorrelating performance counters. TEEcorrelate combines two components, temporal decorrelation using counter aggregation windows, and value decorrelation using fuzzy performance counter increases. With default parameters, TEEcorrelate guarantees that the host can read performance counters hundreds of times per second, while the read value never deviates by more than 1024 from the actual value. Hence, the host can still use them for load-balancing, accounting, and detection of unusual or malicious activity. In state-of-the-art attacks on MbedTLS RSA 4096, a TOTP implementation, and the post-quantum HQC key-encapsulation mechanism, attack runtimes increase from 0.58-429 seconds to 1-775.6 days, even for a powerful, fully-informed attacker. We estimate that TEEcorrelate on AMD SEV-SNP has a negligible performance impact of 0.03 % for most context switches, and overall less than 0.09 %. Hence, TEEcorrelate is an effective low cost mitigation for all TEEs.