Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Intel

SgxSpectre Attack Can Extract Data From Intel SGX Enclaves (bleepingcomputer.com) 28

An anonymous reader quotes BleepingComputer: A new variation of the Spectre attack has been revealed this week by six scientists from the Ohio State University. Named SgxSpectre, researchers say this attack can extract information from Intel SGX enclaves. Intel Software Guard eXtensions (SGX) is a feature of modern Intel processors that allow an application to create so-called enclaves. This enclave is a hardware-isolated section of the CPU's processing memory where applications can run operations that deal with extremely sensitive details, such as encryption keys, passwords, user data, and more... Neither Meltdown and Spectre were able to extract data from SGX enclaves. This is where SgxSpectre comes in.

According to researchers, SgxSpectre works because of specific code patterns in software libraries that allow developers to implement SGX support into their apps. Vulnerable SGX development kits include the Intel SGX SDK, Rust-SGX, and Graphene-SGX. Academics say an attacker can leverage the repetitive code execution patterns that these SDKs introduce in SGX enclaves and watch for small variations of cache size. This allows for side-channel attacks that allow a threat actor to infer and slowly recover data from secure enclaves.

Intel's recent Spectre patches don't necessarily help, as an attacker can work around these fixes. Intel says an update for the Intel SGX SDK that adds SgxSpectre mitigations will be released on March 16. Apps that implement Google's Retpoline anti-Spectre coding techniques are safe, researchers say.

This discussion has been archived. No new comments can be posted.

SgxSpectre Attack Can Extract Data From Intel SGX Enclaves

Comments Filter:
  • How well do these cache timing attacks happen when you don't control the hardware and all sorts of other activities are swapping stuff in and out of the cache?
  • Rust is perfectly secure! How can so many adamant evangelists be wrong?
    • by HiThere ( 15173 )

      FWIW, this has nothing to do with Rust.

      OTOH, I don't think there's anywhere a claim that things written in Rust are guaranteed to be secure, so that's another problem with your assertion.

      FWIW, this is either a hardware or a microcode flaw, and a high level programming language isn't even going to address the issue.

    • Rust is perfectly secure! How can so many adamant evangelists be wrong?

      I've always found the techno-luddism on slashdot interesting. Technology is awesome and amazing and new things are cool except that actually it reached it's peak in 1989 with ANSI C and basically everything else has been downhill from there and none of the news ideas are anything but bloat and cruft (seriously who actually says "cruft" anyway).

  • by Red_Chaos1 ( 95148 ) on Saturday March 10, 2018 @06:51PM (#56240455)

    ...I can't wait for the decryption keys for UHD BR to be leaked via this method. Being forced to use an SGX enabled Intel rig for an HTPC with UHD BR capability is bullshit.

  • First thing to realize regarding these attacks is that SGX protects from other traditional attacks originating from OS. Therefore, there is increased focus on side channel on Intel SGX. I found www.fortanix.com/assets/Fortanix_Side_Channel_Whitepaper.pdf a very comprehensive document. Side channels operate in every digital system. In fact, one can even harden against Spectre type attacks in SGX just like one would outside SGX.

    The whitepaper is written by Fortanix guys who are invested in SGX so the whitepap

I've noticed several design suggestions in your code.