Researchers from universities in China, Singapore and Switzerland have announced that they have discovered a new attack method that can break the Intel SGX enclave and steal sensitive data from secure areas of Intel CPUs
This attack, named SmashEx, affects Intel Software Guard eXtensions, commonly known as Intel SGX.
Intel SGX, a feature found in most of the latest Intel processors, allows operating systems and applications to place sensitive data and operations inside an encrypted, secure area of the CPU called the “Enclave”.
SmashEx attacks are where hostile software running on the same operating system exploits the ability of the CPU to pause SGX to break into the enclave and retrieve data.
SGX is designed to protect user-level enclave code from hostile or dangerous OS software.
In order to function properly, SGX’s design allows the OS to interrupt the execution of the enclave through a configurable harware exception at any point in time.
This feature allows the Enclave runtime (e.g. Intel SGX SDK or Microsoft Open Enclave) to support exception and signal handling within the Enclave, but it also exposes the Enclave to reentrancy bugs.
SmashExecute.
SmashEx is an attack that exploits the Enclave SDK, which does not carefully handle reentrancy in order to safely handle complex exceptions in SGX.
The SmashEx proof-of-concept exploit enables code reuse (e.g., ROP) and sensitive data disclosure attacks in enclaves built with vulnerable enclave runtimes.
The researchers said that in tests they conducted, they were able to successfully extract RSA encryption keys from inside the Intel SGX enclave used by servers to encrypt HTTPS traffic, and were able to dump content processed by cURL apps from inside Microsoft Open Enclave, the enclave software toolkit used by Azure servers. They were able to dump the content that the cURL app processes from inside the Microsoft Open Enclave.
Over the past few years, there have been similar attacks to subvert the SGX enclave and retrieve data. Examples from the past include PlunderVolt, SgxSpectre, Foreshadow, BranchScope, Platypus, V0LTpwn, Game of Threads, AsyncShock, The Guard’s Dilemma, and Iago.
In addition, a 2019 survey of the eight most popular Enclave software development kits (software libraries used by app makers to interact with apps and store data within the Enclave) found 35 different vulnerabilities in all tested SDKs, including SGX. We found 35 vulnerabilities in all tested SDKs, including SGX.
But according to the researchers, the SmashEx attack is much more dangerous than the above attacks because it does not just leak the data in the SGX enclave, it can also corrupt the data if necessary.
Provide patches
For more information on this SmashEx attack, please refer to Intel’s and Microsoft’s respective SDKs (Intel SGX SDK (CVE-2021-0186) and Open Enclave SDK (CVE-2021-33767). (CVE-2021-33767), which is now available on a dedicated website.
In order to prevent attacks, applications that store sensitive information in SGX enclaves should incorporate these updates into their code.
However, there are many other SDKs that are affected by the SmashEx attack, including SGX SDKs from Google, Apache, Arm, and others, which the research team says developers will need to issue their own patches for.
- Intel SGX SDK Intel SGX2
- Open Enclave Microsoft SGX1 and SGX2
- Google Asylo Google SGX2
- EdgelessRT Edgeless Systems SGX1 and SGX2
- Rust SGX SDK Apache SGX2
- Teaclave Apache SGX2
- SGX-LKL Imperial College London SGX1 and SGX2
- CoSMIX Technion SGX2
- Veracruz ARM SGX2
Comments