SGXPECTRE, new Spectre attack variant compromises Intel SGX

SgxPectre Attacks

The full exposure of Specter and Meltdown processor security flaws earlier this year left the entire computer industry under a serious crisis of confidence, especially with chip giant Intel. Almost all modern microprocessors since 1995 have been affected by these two vulnerabilities, fortunately, no serious threats to exploit them are currently available.

However, researchers at Ohio State University discovered a specter-derived attack that threatened the safe area of the SGX and recently released its details (PDF).

Intel® Software Guard Extensions (Intel® SGX) protects selected code and data from disclosure or modification. Developers can partition their application into CPU-hardened “enclaves” or protected areas of execution in memory that increase security even on compromised platforms. Using this new application-layer trusted execution environment, developers can enable identity and records privacy, secure browsing, and digital rights management (DRM), as well as harden endpoint protection or any high-assurance security use case that needs to safely store secrets or protect data. 

SGXPECTRE Attacks, a new breed of the Spectre attacks on SGX. At a high level, SGXPECTRE exploits the race condition between the injected, speculatively executed memory references, which lead to side-channel observable cache traces, and the latency of the branch resolution.

…SGXPECTRE Attacks are a new type of side-channel attacks against SGX enclaves. SGXPECTRE Attacks
can completely compromise the confidentiality of SGX enclaves. In particular, because vulnerable code patterns exist in most SGX runtime libraries (e.g., Intel SGX SDK, Rust-SGX, Graphene-SGX) and are difficult to be eliminated, the adversary could perform SGXPECTRE Attacks against any enclave programs.

Researchers at Ohio State University have already reported to Intel before the public exposure.

Intel responded in a statement:

We are aware of the research paper from Ohio State and have previously provided information and guidance online about how Intel SGX may be impacted by the side channel analysis vulnerabilities. We anticipate that the existing mitigations for Spectre and Meltdown, in conjunction with an updated software development toolkit for SGX application providers — which we plan to begin making available on March 16th — will be effective against the methods described in that research. We recommend customers make sure they are always using the most recent version of the toolkit.

The security researcher published the source code SgxPectre attack on the github, and demo on your Youtube channel.

Source: ZDNet, Intel