SgxSpectre Attack Can Extract Data from Intel SGX Enclaves
A new variation of the Spectre attack has been revealed this week by six scientists from the Ohio State University. Named SgxSpectre, researchers say this attack can extract information from Intel SGX enclaves.
Intel Software Guard eXtensions (SGX) is a feature of modern Intel processors that allow an application to create so-called enclaves. This enclave is a hardware-isolated section of the CPU's processing memory where applications can run operations that deal with extremely sensitive details, such as encryption keys, passwords, user data, and more.
The Meltdown and Spectre attacks revealed at the start of the year allowed an attacker to break the isolation between OS and apps, and the inter-app isolation, permitting a malicious attacker to retrieve information from the OS kernel or from other apps.
SgxSpectre attacks code patterns in SGX SDKs
But neither Meltdown and Spectre were able to extract data from SGX enclaves. This is where SgxSpectre comes in.
According to researchers, SgxSpectre works because of specific code patterns in software libraries that allow developers to add SGX support to their apps. Vulnerable SGX development kits include the Intel SGX SDK, Rust-SGX, and Graphene-SGX.
Academics say an attacker can leverage the repetitive code execution patterns that these SDKs introduce in SGX enclaves and watch for small variations of cache size. This is a classic "side-channel attack," and is quite effective.
"SgxPectre Attacks can completely compromise the confidentiality of SGX enclaves," researchers say. "[B]ecause vulnerable code patterns exist [...] and are difficult to be eliminated, the adversary could perform SgxPectre Attacks against any enclave programs."
"Because there are vulnerable code patterns inside the SDK runtime libraries, any code developed with Intel's official SGX SDK will be impacted by the attacks. It doesn't matter how the enclave program is implemented," the research team says.
Updates coming for the Intel SGX SDK
Intel's recent Spectre patches don't necessarily help, as an attacker can work around these fixes. Intel says an update for the Intel SGX SDK that adds SgxSpectre mitigations will be released on March 16.
App developers will need to integrate this new SDK version into their SGX-capable apps and issue an update to users.
Apps that implement Google's Retpoline anti-Spectre coding techniques are safe, researchers say.
Below is a video demo the team recorded for the SgxSpectre attack. Proof-of-concept code is available on GitHub, while copies of the team's research paper —titled "SgxSpectre: Attacks: Leaking Enclave Secrets via Speculative Execution"— can be downloaded from here and here.
Besides SgxSpectre, researchers also revealed two new variations of Meltdown and Spectre —named MeltdownPrime and SpectrePrime, respectively.
These new attacks are detailed in a research paper named "MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols." These two attacks also serve to leak data from the kernel and other apps, but with other methods and a little bit faster.