Foreshadow: Extracting the Keys to the Intel SGX Kingdom


Link: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-van_bulck.pdf

Summary:

 This paper focused on an alternative method to exploit the SGX secure hardware that comes standard in all intel chips post 2013. This paper takes advantage of speculative execution, a protocol in which commands are executed out of order. This causes indirect access to memory for users who should not have this access. Once this mistake happens there are a number of ways that this can be used to extract data from the secret, going so far as to actually get cryptographic key information. More importantly though is the fact that a lot of these vulnerabilities are build into the micro-architecture of the chips so they are extremely hard to patch. This paper has me wondering though how the researchers came across this topic, especially with two similar papers being published during the embargo period within weeks of each other. 

What I liked:

  1. The paper is very topical with the intel SGX vulnerabilities recently

  2. The paper is a very general attack that doesn't go into basic assumptions that need to be in the system.

  3. The paper's attack mechanism doesn't require root access - which kind of prevents it from being able to defend against internal attacks ie when the admin is malicious - also the fact the researchers were able to extract full cryptographically keys

  4. I liked the fact they gave a really good example of when this problem might be used in cloud attacks ie "co-residing cloud tenants" could be attack vectors which is something I didn't even imagine

  5. The paper was very weak on mitigation techniques for Intel, but like that kind of proves how good their attack plan was

What I didn't like:

  1. The paper was released concurrently with the patches - I think that might have been a little bit too soon

  2. The paper didn't go into enough depth on the breaking the SGX sealing and attestation. It left me with the questions regarding the security behind the sealing

  3. The paper kind of jumps in with the idea that everyone knows what speculative execution is - given this is a fairly new concern I'd like it if they explained it out more

  4. I wish they published more in depth details about how they were able to execute an attack like this - like it would be amazing in the real world if they posted code but given the magnitude of the vulnerability I understand why they may not have

  5. This paper could have used a lot more visuals, especially when explaining more about the very dry aspects of caches and how their approach compromises the safeguards that are currently in place

Points of Discussion:

  1. How has the response from large cloud service providers who use SGX (ie Microsoft and IBM) deferred from their smaller startups?

  2. How do Block Chains rely on this secure hardware specifically?

  3. Is the debug enclaves in the production version systems in every computer or are they specific to ones Intel had during testing

  4. How did researchers stumble on to this type of vulnerability?

  5. Has the proprietary nature of Intel's chips helped or hurt the security of its systems.

New Ideas:

  1. Explore how the attestation is arbitrary if Intel has a centralized service for it

  2. Map out the current systems currently in use that haven't been patched for these bugs

  3. Would slowing down the CPU speeds prevent speculative execution? To what degree and how would this compare to current mitigation techniques

  4. How might Intel need to change the micro-architecture of future chips in order to prevent against similar attacks in the future

  5. Is there an approach that can fix the vulnerabilities in architecture over the air ?