Open AccessProceedings Article
Foreshadow: extracting the keys to the intel SGX kingdom with transient out-of-order execution
Jo Van Bulck,Marina Minkin,Ofir Weisse,Daniel Genkin,Baris Kasikci,Frank Piessens,Mark Silberstein,Thomas F. Wenisch,Yuval Yarom,Raoul Strackx +9 more
- pp 991-1008
TLDR
This work presents Foreshadow, a practical software-only microarchitectural attack that decisively dismantles the security objectives of current SGX implementations and develops a novel exploitation methodology to reliably leak plaintext enclave secrets from the CPU cache.Abstract:
Trusted execution environments, and particularly the Software Guard eXtensions (SGX) included in recent Intel x86 processors, gained significant traction in recent years. A long track of research papers, and increasingly also real-world industry applications, take advantage of the strong hardware-enforced confidentiality and integrity guarantees provided by Intel SGX. Ultimately, enclaved execution holds the compelling potential of securely offloading sensitive computations to untrusted remote platforms.
We present Foreshadow, a practical software-only microarchitectural attack that decisively dismantles the security objectives of current SGX implementations. Crucially, unlike previous SGX attacks, we do not make any assumptions on the victim enclave's code and do not necessarily require kernel-level access. At its core, Foreshadow abuses a speculative execution bug in modern Intel processors, on top of which we develop a novel exploitation methodology to reliably leak plaintext enclave secrets from the CPU cache. We demonstrate our attacks by extracting full cryptographic keys from Intel's vetted architectural enclaves, and validate their correctness by launching rogue production enclaves and forging arbitrary local and remote attestation responses. The extracted remote attestation keys affect millions of devices.read more
Citations
More filters
Posted Content
Advances and Open Problems in Federated Learning
Peter Kairouz,H. Brendan McMahan,Brendan Avent,Aurélien Bellet,Mehdi Bennis,Arjun Nitin Bhagoji,Kallista Bonawitz,Zachary Charles,Graham Cormode,Rachel Cummings,Rafael G. L. D'Oliveira,Hubert Eichner,Salim El Rouayheb,David Evans,Josh Gardner,Zachary Garrett,Adrià Gascón,Badih Ghazi,Phillip B. Gibbons,Marco Gruteser,Zaid Harchaoui,Chaoyang He,Lie He,Zhouyuan Huo,Ben Hutchinson,Justin Hsu,Martin Jaggi,Tara Javidi,Gauri Joshi,Mikhail Khodak,Jakub Konečný,Aleksandra Korolova,Farinaz Koushanfar,Sanmi Koyejo,Tancrède Lepoint,Yang Liu,Prateek Mittal,Mehryar Mohri,Richard Nock,Ayfer Ozgur,Rasmus Pagh,Mariana Raykova,Hang Qi,Daniel Ramage,Ramesh Raskar,Dawn Song,Weikang Song,Sebastian U. Stich,Ziteng Sun,Ananda Theertha Suresh,Florian Tramèr,Praneeth Vepakomma,Jianyu Wang,Li Xiong,Zheng Xu,Qiang Yang,Felix X. Yu,Han Yu,Sen Zhao +58 more
TL;DR: Motivated by the explosive growth in FL research, this paper discusses recent advances and presents an extensive collection of open problems and challenges.
Journal ArticleDOI
Meltdown: reading kernel memory from user space
Moritz Lipp,Michael Schwarz,Daniel Gruss,Thomas Prescher,Werner Haas,Jann Horn,Stefan Mangard,Paul C. Kocher,Daniel Genkin,Yuval Yarom,Mike Hamburg,Raoul Strackx +11 more
TL;DR: Meltdown as mentioned in this paper exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords, and it does not rely on any software vulnerabilities.
Journal ArticleDOI
A new golden age for computer architecture
TL;DR: Innovations like domain-specific hardware, enhanced security, open instruction sets, and agile chip development will lead the way.
Journal ArticleDOI
A Survey of Distributed Consensus Protocols for Blockchain Networks
TL;DR: A comprehensive review and analysis on the state-of-the-art blockchain consensus protocols is presented in this article, where the authors identify five core components of a blockchain consensus protocol, namely, block proposal, block validation, information propagation, block finalization, and incentive mechanism.
Proceedings ArticleDOI
RIDL: Rogue In-Flight Data Load
Stephan van Schaik,Alyssa Milburn,Sebastian Österlund,Pietro Frigo,Giorgi Maisuradze,Kaveh Razavi,Herbert Bos,Cristiano Giuffrida +7 more
TL;DR: Rogue In-flight Data Load (RIDL), a new class of speculative unprivileged and constrained attacks to leak arbitrary data across address spaces and privilege boundaries, which questions the sustainability of a per-variant, spot mitigation strategy and suggests more fundamental mitigations are needed to contain ever-emerging speculative execution attacks.
References
More filters
Proceedings ArticleDOI
Innovative instructions and software model for isolated execution
Frank Mckeen,Ilya Alexandrovich,Alex Berenzon,Carlos V. Rozas,Hisham Shafi,Vedvyas Shanbhogue,Uday R. Savagaonkar +6 more
TL;DR: This paper analyzes the threats and attacks to applications, then describes the ISA extension for generating a HW based container, and describes the programming model of this container.
Proceedings Article
FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack
Yuval Yarom,Katrina Falkner +1 more
TL;DR: This paper presents FLUSH+RELOAD, a cache side-channel attack technique that exploits a weakness in the Intel X86 processors to monitor access to memory lines in shared pages and recovers 96.7% of the bits of the secret key by observing a single signature or decryption round.
Posted Content
Intel SGX Explained.
Victor Costan,Srinivas Devadas +1 more
TL;DR: In this article, the authors present a detailed and structured presentation of the publicly available information on SGX, a series of intelligent guesses about some important but undocumented aspects of SGX.
Book
An efficient algorithm for exploiting multiple arithmetic units
TL;DR: In this article, the authors describe the methods employed in the floating-point area of the System/360 Model 91 to exploit the existence of multiple execution units and register tagging schemes.
Proceedings ArticleDOI
Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems
TL;DR: In this article, the authors introduce controlled channel attacks, a new type of sidechannel attack that allows an untrusted operating system to extract large amounts of sensitive information from protected applications on systems like Overshadow, Ink Tag or Haven.