Researchers Show Malicious Code Can Escape Intel SGX Enclaves

Discussion in 'HardForum Tech News' started by AlphaAtlas, Feb 12, 2019.

  1. AlphaAtlas

    AlphaAtlas [H]ard|Gawd Staff Member

    Messages:
    1,713
    Joined:
    Mar 3, 2018
    Today, security researchers published a paper on techniques that can be used to "escape" an Intel Software Guard Extension enclave on modern CPUs. Sample code for the exploit has already been published on Github, and the researchers note that it was successfully tested on an i7-6700K and an i7-8650U. The Register, who reported on the issue before the paper went up, was told that "experts tend to discount attacks involving enclaves because these locked-down code spaces are more constrained than normal system processes." They also posted a response from Intel, which you can read below:

    Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source. In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Grus for their ongoing research and for working with Intel on coordinated vulnerability disclosure.


    Intel is technically correct, but that statement doesn't exclude the possibility of unrelated malware using SGX to hide itself. The research paper's second line says that "Intel's threat model for SGX assumes fully trusted enclaves, yet there is an ongoing debate on whether this threat model is realistic." Thanks to cageymaru for the tip.
     
    Darth Kyrie and cageymaru like this.
  2. Nobu

    Nobu 2[H]4U

    Messages:
    2,760
    Joined:
    Jun 7, 2007
    In other words, untrusted code cannot be trusted, and you may not be safe from untrusted code if it is present on your system, and you may not know you are running untrusted code if it's in the SGX enclave? afa point three, is that because anything in the enclave is ignored, or because it cannot be checked like normal runtime?
     
    Darth Kyrie and jfreund like this.
  3. PhaseNoise

    PhaseNoise [H]ard|Gawd

    Messages:
    1,355
    Joined:
    May 11, 2005
    This sort of thing does always require a chain of trust. SGX is a tool, but not a panacea.
     
  4. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,987
    Joined:
    Nov 15, 2016
    um, from my limited brief reading.. the SGX enclave is meant to protect the code from being looked at, not protect the computer from its own code from getting out
     
  5. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,440
    Joined:
    Jul 11, 2005
    No system can truly be fully secure when the Intel ME is present. So effectively every current Intel system.

    Let's start there and stop trying to deceive us Intel. We want the ability to fully remove ME and all its bullshit.
     
  6. Biznatch

    Biznatch 2[H]4U

    Messages:
    2,194
    Joined:
    Nov 16, 2009
    And lets not forget spectre/meltdown, that are only partially fixed by software that severely reduces performance. Yet intel is still releasing new chips without any mention of fixing their hardware vulnerabilities to negate the need for the patches..... There is seriously no reason anyone should be buying Intel until they fix all their shit.....