Abstract

Intel Trust Domain Extensions (TDX) is a Confidential Virtual Machine (CVM) technology that provides hardware-enforced isolation through Trusted Execution Environments (TEEs). While TDX effectively mitigates interrupt-based stepping attacks, it remains vulnerable to fine-grained timing-based controlled-channel attacks such as T-Time, which exploit precise dwell-time measurements between consecutive page faults to infer secret-dependent control flows even within a single memory page. Existing page-level confinement defenses are insufficient against such timing attacks. In this paper, we propose RandDelay, a lightweight defense mechanism that raises the measurement budget required for a successful T-Time attack by injecting a cryptographically random latency into the SEAMCALL handler of the TDX module. We argue that SEAMCALL is the most practical and effective injection point among mandatory boundary handlers: it lies strictly between the attacker’s timestamp Ts and the victim’s secret-dependent code execution, ensuring that every dwell-time measurement is corrupted by an independent random variable. We further integrate an anomaly-based page-fault rate limiter (RandDelay+) to prevent statistical averaging attacks. Security analysis shows that RandDelay raises the minimum number of measurements required for a successful attack beyond the budget enforced by RandDelay+, rendering the attack impractical under the analytical model and assumed parameter settings. We discuss implementation considerations within the TDX module firmware, expected performance overhead, and generalization to other TEE platforms. This paper contributes a design rationale, a quantitative tuning rule, and an analytical security–overhead model that together provide a deployable baseline for empirical follow-up. The proposed defense has not been experimentally validated on a deployed TDX system; a prototype, simulation, or trace-driven study is identified as essential future work.

Keywords