Software Guard Extensions

Last updated

Intel Software Guard Extensions (SGX) is a set of instruction codes implementing trusted execution environment that are built into some Intel central processing units (CPUs). They allow user-level and operating system code to define protected private regions of memory, called enclaves. [1] [2] SGX is designed to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM). [3] Other applications include concealment of proprietary algorithms and of encryption keys. [4]

Contents

SGX involves encryption by the CPU of a portion of memory (the enclave). Data and code originating in the enclave are decrypted on the fly within the CPU, [4] protecting them from being examined or read by other code, [4] including code running at higher privilege levels such as the operating system and any underlying hypervisors. [1] [4] [2] While this can mitigate many kinds of attacks, it does not protect against side-channel attacks. [5]

A pivot by Intel in 2021 resulted in the deprecation of SGX from the 11th and 12th generation Intel Core Processors, but development continues on Intel Xeon for cloud and enterprise use. [6] [7]

Details

SGX was first introduced in 2015 with the sixth generation Intel Core microprocessors based on the Skylake microarchitecture.

Support for SGX in the CPU is indicated in CPUID "Structured Extended feature Leaf", EBX bit 02, [8] but its availability to applications requires BIOS/UEFI support and opt-in enabling which is not reflected in CPUID bits. This complicates the feature detection logic for applications. [9]

Emulation of SGX was added to an experimental version of the QEMU system emulator in 2014. [10] In 2015, researchers at the Georgia Institute of Technology released an open-source simulator named "OpenSGX". [11]

One example of SGX used in security was a demo application from wolfSSL [12] using it for cryptography algorithms.

Intel Goldmont Plus (Gemini Lake) microarchitecture also contains support for Intel SGX. [13]

Both in the 11th and 12th generations of Intel Core processors, SGX is listed as "Deprecated" and thereby not supported on "client platform" processors. [6] [14] [15] This removed support of playing Ultra HD Blu-ray discs on officially licensed software, such as PowerDVD. [16] [17] [18]

List of SGX vulnerabilities

Prime+Probe attack

On 27 March 2017 researchers at Austria's Graz University of Technology developed a proof-of-concept that can grab RSA keys from SGX enclaves running on the same system within five minutes by using certain CPU instructions in lieu of a fine-grained timer to exploit cache DRAM side-channels. [19] [20] One countermeasure for this type of attack was presented and published by Daniel Gruss et al. at the USENIX Security Symposium in 2017. [21] Among other published countermeasures, one countermeasure to this type of attack was published on September 28, 2017, a compiler-based tool, DR.SGX, [22] that claims to have superior performance with the elimination of the implementation complexity of other proposed solutions.

Spectre-like attack

The LSDS group at Imperial College London showed a proof of concept that the Spectre speculative execution security vulnerability can be adapted to attack the secure enclave. [23] The Foreshadow attack, disclosed in August 2018, combines speculative execution and buffer overflow to bypass the SGX. [24] A security advisory and mitigation for this attack, also called an L1 Terminal Fault, was originally issued on August 14, 2018 and updated May 11, 2021. [25]

Enclave attack

On 8 February 2019, researchers at Austria's Graz University of Technology published findings, which showed that in some cases it is possible to run malicious code from within the enclave itself. [26] The exploit involves scanning through process memory, in order to reconstruct a payload, which can then run code on the system. The paper claims that due to the confidential and protected nature of the enclave, it is impossible for antivirus software to detect and remove malware residing within it. Intel issued a statement, stating that this attack was outside the threat model of SGX, that they cannot guarantee that code run by the user comes from trusted sources, and urged consumers to only run trusted code. [27]

MicroScope replay attack

There is a proliferation of side-channel attacks plaguing modern computer architectures. Many of these attacks measure slight, nondeterministic variations in the execution of code, so the attacker needs many, possibly tens of thousands, of measurements to learn secrets. However, the MicroScope attack allows a malicious OS to replay code an arbitrary number of times regardless of the programs actual structure, enabling dozens of side-channel attacks. [28] In July 2022, Intel submitted a Linux patch called AEX-Notify to allow the SGX enclave programmer to write a handler for these types of events. [29]

Plundervolt

Security researchers were able to inject timing specific faults into execution within the enclave, resulting in leakage of information. The attack can be executed remotely, but requires access to the privileged control of the processor's voltage and frequency. [30] A security advisory and mitigation for this attack was originally issued on August 14, 2018 and updated on March 20, 2020. [31]

LVI

Load Value Injection [32] [33] injects data into a program aiming to replace the value loaded from memory which is then used for a short time before the mistake is spotted and rolled back, during which LVI controls data and control flow. A security advisory and mitigation for this attack was originally issued on March 10, 2020 and updated on May 11, 2021. [34]

SGAxe

SGAxe, [35] an SGX vulnerability published in 2020, extends a speculative execution attack on cache, [36] leaking content of the enclave. This allows an attacker to access private CPU keys used for remote attestation. [37] In other words, a threat actor can bypass Intel's countermeasures to breach SGX enclaves' confidentiality. The SGAxe attack is carried out by extracting attestation keys from SGX's private quoting enclave that are signed by Intel. The attacker can then masquerade as legitimate Intel machines by signing arbitrary SGX attestation quotes. [38] A security advisory and mitigation for this attack, also called a Processor Data Leakage or Cache Eviction, was originally issued January 27, 2020 and updated May 11, 2021. [39]

ÆPIC leak

In 2022, security researchers discovered a vulnerability in the Advanced Programmable Interrupt Controller (APIC) that allows for an attacker with root/admin privileges to gain access to encryption keys via the APIC by inspecting data transfers from L1 and L2 cache. [40] This vulnerability is the first architectural attack discovered on x86 CPUs. This differs from Spectre and Meltdown which uses a noisy side channel. This exploit currently affects Intel Core 10th, 11th and 12th, and Xeon Ice Lake microprocessors. [41] [42]

SGX malware arguments

There has been a long debate on whether SGX enables creation of superior malware. Oxford University researchers published an article in October 2022 [43] considering attackers' potential advantages and the disadvantages by abusing SGX for malware development. Researchers conclude that while there might be temporary zero-day vulnerabilities to abuse in SGX ecosystem, the core principles and design features of Trusted Execution Environments (TEEs) make malware weaker than a malware-in-the-wild, TEEs make no major contributions to malware otherwise.

See also

Related Research Articles

In cryptography, a timing attack is a side-channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input. Finding secrets through timing information may be significantly easier than using cryptanalysis of known plaintext, ciphertext pairs. Sometimes timing information is combined with cryptanalysis to increase the rate of information leakage.

In the x86 architecture, the CPUID instruction is a processor supplementary instruction allowing software to discover details of the processor. It was introduced by Intel in 1993 with the launch of the Pentium and SL-enhanced 486 processors.

<span class="mw-page-title-main">Intel Core</span> Line of CPUs by Intel

Intel Core is a line of multi-core central processing units (CPUs) for midrange, embedded, workstation, high-end and enthusiast computer markets marketed by Intel Corporation. These processors displaced the existing mid- to high-end Pentium processors at the time of their introduction, moving the Pentium to the entry level. Identical or more capable versions of Core processors are also sold as Xeon processors for the server and workstation markets.

RDRAND is an instruction for returning random numbers from an Intel on-chip hardware random number generator which has been seeded by an on-chip entropy source. Intel introduced the feature around 2012, and AMD added support for the instruction in June 2015.

Transactional Synchronization Extensions (TSX), also called Transactional Synchronization Extensions New Instructions (TSX-NI), is an extension to the x86 instruction set architecture (ISA) that adds hardware transactional memory support, speeding up execution of multi-threaded software through lock elision. According to different benchmarks, TSX/TSX-NI can provide around 40% faster applications execution in specific workloads, and 4–5 times more database transactions per second (TPS).

A trusted execution environment (TEE) is a secure area of a main processor. It helps code and data loaded inside it to be protected with respect to confidentiality and integrity. Data integrity prevents unauthorized entities from outside the TEE from altering data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain DRM schemes described in SGX. This is done by implementing unique, immutable, and confidential architectural security such as Intel Software Guard Extensions which offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a 'secure element' (SE).

Datain use is an information technology term referring to active data which is stored in a non-persistent digital state typically in computer random-access memory (RAM), CPU caches, or CPU registers.

<span class="mw-page-title-main">Intel Management Engine</span> Autonomous computer subsystem

The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards.

<span class="mw-page-title-main">Meltdown (security vulnerability)</span> Microprocessor security vulnerability

Meltdown is one of the two original transient execution CPU vulnerabilities. Meltdown affects Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors. It allows a rogue process to read all memory, even when it is not authorized to do so.

<span class="mw-page-title-main">Spectre (security vulnerability)</span> Processor security vulnerability

Spectre is one of the two original transient execution CPU vulnerabilities, which involve microarchitectural timing side-channel attacks. These affect modern microprocessors that perform branch prediction and other forms of speculation. On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack.

Speculative Store Bypass (SSB) is the name given to a hardware security vulnerability and its exploitation that takes advantage of speculative execution in a similar way to the Meltdown and Spectre security vulnerabilities. It affects the ARM, AMD and Intel families of processors. It was discovered by researchers at Microsoft Security Response Center and Google Project Zero (GPZ). After being leaked on 3 May 2018 as part of a group of eight additional Spectre-class flaws provisionally named Spectre-NG, it was first disclosed to the public as "Variant 4" on 21 May 2018, alongside a related speculative execution vulnerability designated "Variant 3a".

Lazy FPU state leak, also referred to as Lazy FP State Restore or LazyFP, is a security vulnerability affecting Intel Core CPUs. The vulnerability is caused by a combination of flaws in the speculative execution technology present within the affected CPUs and how certain operating systems handle context switching on the floating point unit (FPU). By exploiting this vulnerability, a local process can leak the content of the FPU registers that belong to another process. This vulnerability is related to the Spectre and Meltdown vulnerabilities that were publicly disclosed in January 2018.

<span class="mw-page-title-main">Foreshadow</span> Hardware vulnerability for Intel processors

Foreshadow, known as L1 Terminal Fault (L1TF) by Intel, is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 2018, but was first disclosed to the public on 14 August 2018. The vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third-party clouds. There are two versions: the first version (original/Foreshadow) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG) targets virtual machines (VMs), hypervisors (VMM), operating systems (OS) kernel memory, and System Management Mode (SMM) memory. A listing of affected Intel hardware has been posted.

Spoiler is a security vulnerability on modern computer central processing units that use speculative execution. It exploits side-effects of speculative execution to improve the efficiency of Rowhammer and other related memory and cache attacks. According to reports, all modern Intel Core CPUs are vulnerable to the attack as of 2019. AMD has stated that its processors are not vulnerable.

<span class="mw-page-title-main">Microarchitectural Data Sampling</span> CPU vulnerabilities

The Microarchitectural Data Sampling (MDS) vulnerabilities are a set of weaknesses in Intel x86 microprocessors that use hyper-threading, and leak data across protection boundaries that are architecturally supposed to be secure. The attacks exploiting the vulnerabilities have been labeled Fallout, RIDL, ZombieLoad., and ZombieLoad 2.

Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The archetype is Spectre, and transient execution attacks like Spectre belong to the cache-attack category, one of several categories of side-channel attacks. Since January 2018 many different cache-attack vulnerabilities have been identified.

SWAPGS, also known as Spectre variant 1, is a computer security vulnerability that utilizes the branch prediction used in modern microprocessors. Most processors use a form of speculative execution, this feature allows the processors to make educated guesses about the instructions that will most likely need to be executed in the near future. This speculation can leave traces in the cache, which attackers use to extract data using a timing attack, similar to side-channel exploitation of Spectre.

<span class="mw-page-title-main">Load value injection</span> Microprocessor security vulnerability

Load value injection (LVI) is an attack on Intel microprocessors that can be used to attack Intel's Software Guard Extensions (SGX) technology. It is a development of the previously known Meltdown security vulnerability. Unlike Meltdown, which can only read hidden data, LVI can inject data values, and is resistant to the countermeasures so far used to mitigate the Meltdown vulnerability.

Confidential computing is a security and privacy-enhancing computational technique focused on protecting data in use. Confidential computing can be used in conjunction with storage and network encryption, which protect data at rest and data in transit respectively. It is designed to address software, protocol, cryptographic, and basic physical and supply-chain attacks, although some critics have demonstrated architectural and side-channel attacks effective against the technology.

Downfall, known as Gather Data Sampling (GDS) by Intel, is a computer security vulnerability found in 6th through 11th generations of consumer and 1st through 4th generations of Xeon Intel x86-64 microprocessors. It is a transient execution CPU vulnerability which relies on speculative execution of Advanced Vector Extensions (AVX) instructions to reveal the content of vector registers.

References

  1. 1 2 "Intel SGX for Dummies (Intel SGX Design Objectives)". intel.com. 2013-09-26.
  2. 1 2 johnm (2017-08-08). "Properly Detecting Intel® Software Guard Extensions (Intel® SGX) in Your Applications". software.intel.com. Retrieved 2019-02-15.
  3. "Intel SGX Details". intel.com. 2017-07-05.
  4. 1 2 3 4 "Researchers Use Intel SGX To Put Malware Beyond the Reach of Antivirus Software - Slashdot". it.slashdot.org. 12 February 2019.
  5. "Intel SGX and Side-Channels". intel.com. 2020-02-28.
  6. 1 2 "New Intel chips won't play Blu-ray disks due to SGX deprecation" . Retrieved 2022-01-17.
  7. anrilr (2022-01-20). "Rising to the Challenge — Data Security with Intel Confidential Computing". community.intel.com. Retrieved 2022-04-20.
  8. Intel Architecture Instruction Set Extensions Programming Reference, Intel, AUGUST 2015, page 36 "Structured Extended feature Leaf EAX=07h, EBX Bit 02: SGX"
  9. "Properly Detecting Intel Software Guard Extensions in Your Applications". intel.com. 2016-05-13.
  10. "Intel SGX Emulation using QEMU" (PDF). tc.gtisc.gatech.edu. Retrieved 2018-11-02.
  11. "sslab-gatech/opensgx". GitHub . Retrieved 2016-08-15.
  12. "wolfSSL At IDF". wolfssl. 2016-08-11.
  13. "Intel® Pentium® Silver J5005 Processor" . Retrieved 2020-07-10.
  14. "11th Generation Intel Core Processor Datasheet" . Retrieved 2022-01-15.
  15. "12th Generation Intel Core Processors Datasheet" . Retrieved 2022-01-15.
  16. Mary Stone (January 21, 2022). "Intel discontinues support for UHD Blu-ray discs in its newest PC chips". whathifi.
  17. "CyberLink Support Center".
  18. https://www.cyberlink.com/stat/help/powerdvd/22/pc-mode/enu/98_01_14_how_to_play_uhdbd.html
  19. Chirgwin, Richard (March 7, 2017). "Boffins show Intel's SGX can leak crypto keys". The Register. Retrieved 1 May 2017.
  20. Schwarz, Michael; Weiser, Samuel; Gruss, Daniel; Maurice, Clémentine; Mangard, Stefan (2017). "Malware Guard Extension: Using SGX to Conceal Cache Attacks". arXiv: 1702.08719 [cs.CR].
  21. "Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory" (PDF). USENIX. 2017-08-16.
  22. Brasser, Ferdinand; Capkun, Srdjan; Dmitrienko, Alexandra; Frassetto, Tommaso; Kostiainen, Kari; Müller, Urs; Sadeghi, Ahmad-Reza (2017-09-28). DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization. ACSAC '19: Proceedings of the 35th Annual Computer Security Applications Conference December 2019. pp. 788–800. arXiv: 1709.09917 . doi:10.1145/3359789.3359809. S2CID   19364841.
  23. Sample code demonstrating a Spectre-like attack against an Intel SGX enclave., 19 December 2021
  24. Peter Bright - Jul 10, 2018 9:00 pm UTC (2018-07-10). "New Spectre-like attack uses speculative execution to overflow buffers". Ars Technica. Retrieved 2018-11-02.{{cite web}}: CS1 maint: numeric names: authors list (link)
  25. "CVE - CVE-2018-3615". cve.mitre.org. Retrieved 2022-10-17.
  26. Schwarz, Michael; Weiser, Samuel; Gruss, Daniel (2019-02-08). "Practical Enclave Malware with Intel SGX". arXiv: 1902.03256 [cs.CR].
  27. Bright, Peter (2019-02-12). "Researchers use Intel SGX to put malware beyond the reach of antivirus software". Ars Technica. Retrieved 2019-02-15.
  28. Skarlatos, Dimitrios; Yan, Mengjia; Gopireddy, Bhargava; Sprabery, Read; Torrellas, Josep; Fletcher, Christopher W. (2019). "MicroScope". Proceedings of the 46th International Symposium on Computer Architecture. Isca '19. Phoenix, Arizona: ACM Press. pp. 318–331. doi: 10.1145/3307650.3322228 . ISBN   978-1-4503-6669-4.
  29. "[PATCH] x86/sgx: Allow enclaves to use Asynchrounous Exit Notification". lore.kernel.org. Retrieved 2022-10-17.
  30. "Plundervolt steals keys from cryptographic algorithms". Rambus Blog. 2019-12-11. Retrieved 2020-03-20.
  31. "CVE - CVE-2019-11157". cve.mitre.org. Retrieved 2022-10-17.
  32. "LVI: Hijacking Transient Execution with Load Value Injection". lviattack.eu. Retrieved 2020-03-12.
  33. "Load Value Injection". software.intel.com. Retrieved 2020-03-12.
  34. "CVE - CVE-2020-0551". cve.mitre.org. Retrieved 2022-10-17.
  35. "SGAxe". sgaxe.com.
  36. "CacheOut". cacheoutattack.com.
  37. "Towards Formalization of Enhanced Privacy ID (EPID)-based Remote Attestation in Intel SGX".
  38. "SGAxe & CrossTalk Attacks: New Intel SGX Vulnerability Leaks Data". Hack Reports. 2020-06-12. Retrieved 2020-06-12.
  39. "CVE - CVE-2020-0549". cve.mitre.org. Retrieved 2022-10-17.
  40. "Intel SGX: Not So Safe After All, ÆPIC Leak". The New Stack. 2022-08-16. Retrieved 2022-08-29.
  41. Wilson, Jason R. (2022-08-11). "ÆPIC Leak is an Architectural CPU Bug Affecting 10th, 11th, and 12th Gen Intel Core CPUs". Wccftech. Retrieved 2022-08-29.
  42. "ÆPIC Leak". aepicleak.com. Retrieved 2022-08-29.
  43. Küçük, Kubilay Ahmet; et, al. (October 2022). "SoK: How 'Not' to Architect Your Next-Generation TEE Malware". Hardware and Architectural Support for Security and Privacy (HASP) 2022. Retrieved 2023-04-17.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.