Sat, 20. Oct. 2018

Novel attack techniques against Intel SGX security technology

The Intel Software Guard Extensions (Intel SGX) are designed to protect sensitive data and program code from misuse. In collaboration with University of Padova, Italy and TU Darmstadt, Germany, we show the danger of zero-day attacks against this technology.

The Intel Software Guard Extensions (Intel SGX) are part of the new x86 architecture designed to shield sensitive, security-critical data and program code from the rest of the system in a protected environment - a so-called enclave. For example, a password manager can be safely executed in such an enclave, even if the rest of the system is compromised by malware. Intel SGX have been standard since the introduction of the Skylake processors in 2015. They are integrated in all newer notebooks, desktop computers and servers with Intel technology.

Due to its widespread use, Intel SGX is a much-noticed topic in security research. All of the proven attack options are based on so-called side-channel attacks, in which cryptographic keys, for example, are read and sent to the attacker.

In contrast, Prof. Lucas Davi and his colleagues from the University of Padua and the Technical University of Darmstadt are investigating the possibilities of zero-day attacks. These attacks exploit errors in the application code of the enclave and therefore require few privileges of the attacker. In particular, the researchers have developed attacks that use the Return-Oriented Programming (ROP) attack method. The attacks work even if the code in the enclave memory is protected by randomization. The only requirement is that the application code has been developed using Intel's SGX Software Development Kit (SDK).

Talks at the Embedded Systems Week and the USENIX Security Symposium

Last week, Prof. Davi gave an invited lecture about the investigated memory attacks at the Embedded Systems Week in Turin.  The slides are available on our website.

he research paper was first published in August 2018 at the renowned Tier A Security Symposium USENIX Security Symposium in Baltimore. The full paper, the slides of the presentation and a video of the lecture are available on the USENIX Security website.