Finding and Exploiting Bugs in Intel SGX Enclaves

Davi, Lucas
Name of Event:
Cybersecurity Seminar Series, Texas A&M Cybersecurity Center


Trusted execution environments such as Intel Software Guard Extensions (SGX) enforce strong isolation of security-critical code and data. While previous work has focused on side-channel attacks, this talk will investigate memory corruption attacks such as return-oriented programming in the context of SGX. We will demonstrate how an attacker can exploit the Intel SDK libraries to compromise enclaves and steal secret information. In addition, we will investigate the host-to-enclave boundary and its susceptibility to memory corruption attacks and how we can develop analysis approaches to detect vulnerable enclave code.

Presentation video available here