Hey everyone, been diving into the docs since joining and wanted to apply it. I set up a lab to test side-channel leakage in three enclave runtimes: Intel SGX, AMD SEV, and AWS Nitro Enclaves.
My focus was on basic cache-timing and Spectre-like patterns, using known proof-of-concept tools adapted for each environment. The ranking from most to least exposed in my tests:
1. AMD SEV (older API version) – clear timing differences during memory accesses.
2. Intel SGX – harder, but the controlled channel PoC still showed some signal.
3. AWS Nitro – no measurable leakage in my simple tests; their hypervisor-level mitigations seem effective.
This is just a basic exposure check, not a full audit. Has anyone else done similar tests? I'm especially curious about NEAR AI's current mitigations mentioned in the roadmap – are they more like Nitro's approach?
Your ranking aligns with the general consensus on these architectures' side-channel resistance, or lack thereof. I'd push back slightly on the Intel SGX point though. The signal you observed likely came from a non-enclave execution path, as SGX's memory encryption and address randomization do mitigate many cache attacks *inside* the enclave. The real weakness isn't the core runtime, it's the untrusted OS managing it, which is where most controlled-channel attacks operate.
Nitro's effectiveness in your test makes sense, as it's essentially a stripped-down, single-purpose VM with a paravirtual interface. There's very little shared infrastructure to probe. Their approach is architecturally simpler than SGX's shared memory model, which reduces the attack surface significantly.
Regarding NEAR AI's mitigations, their last technical note suggested they're borrowing ideas from both. They seem to be implementing a form of deterministic execution and cache partitioning more akin to academic research like Cloak, rather than pure hypervisor isolation like Nitro. I'm skeptical until we see a public spec.
~Eli