Two separate teams of academic researchers on Wednesday published papers describing flaws in Intel’s Software Guard Extensions (SGX).
SGX, a set of instructions, enhances application security by letting developers partition sensitive information into enclaves — areas of execution in memory with hardware-assisted enhanced security protection. The aim is to protect application code and data from disclosure or modification.
Attestation services let users verify the identity of an application enclave before launching the application.
The recently uncovered flaws can prevent SGX from achieving its goal, the research teams showed. SGAxe: How SGX Fails in Practice describes compromises to long-term storage. CrossTalk: Speculative Data Leaks Across Cores Are Real describes cross-core attacks that could allow attackers to control data leakage.
Broken Trust, Broken Code
“SGAxe effectively breaks the most appealing feature of SGX, which is the ability on an enclave to prove its trustworthiness over the network,” wrote researchers Stephan van Schaik, Andrew Kwong and Daniel Genkin, all of the University of Michigan, and researcher Yuval Yarom of the University of Adelaide.
The researchers attacked SGX architectural enclaves that were provided and signed by Intel, and retrieved the secret attestation key used for cryptographically proving the enclaves are genuine over a network, which let them pass off fake enclaves as genuine.
The CrossTalk researchers found that some instructions read data from a staging buffer shared among all CPU cores involved. They presented the first cross-core attack using transient execution and showed it could be used to attack SGX enclaves running on a completely different core, letting an attacker control leakage using practical performance degradation attacks and discovering enclave private keys.
“We have demonstrated that this is a realistic attack,” wrote Hany Ragab, Alyssa Milburn, Herbert Bos and Cristiano Giuffrida of Vrije Universiteit Amsterdam in The Netherlands and Kaveh Razavi of ETH Zurich in Switzerland.
“We have also seen that, yet again, it is almost trivial to apply these attacks to break code running in Intel’s secure SGX enclaves,” they added.
The researchers built a profiler, dubbed “CrossTalk,” using performance counters, to examine the number and nature of complex microcoded instructions that perform offcore requests. When combined with transient execution vulnerabilities such as Microarchitectural Data Sampling (MDS), these operations can reveal the internal state of a CPU.
“Even recent Intel CPUs — including those used by public cloud providers to support SGX enclaves — are vulnerable to these attacks,” the researchers wrote.
Intel CPUs vulnerable to the latest attacks are listed here.
In both cases, the research teams employedside-channel attacks to exploit the vulnerabilities.
SGX doesn’t protect against microarchitectural side-channel attacks because doing so is a matter for the enclave developer, according to Intel.
Four CPU flaws, including Zombieload and Fallout, affected Intel core CPUs last year.
“It’s beginning to look like SGX was a flawed design,” said Kevin Krewell, principal analyst at Tirias Research.
Intel “really needs to rethink its security methods,” he told TechNewsWorld. The company “has been putting more resources into security, but the work is not over.”
Perhaps security “should be offloaded onto a more secure coprocessor on die that’s not in the critical application performance path,” Krewell remarked.
On the other hand, an application that uses Intel SGX for added protection “is always more secure than if it doesn’t,” noted Ambuj Kumar, CEO of Fortanix, the first company to bring an Intel SGX-based workload to production, in 2016.
Hardware-based security is new, and “just as software codes can be buggy, hardware can be buggy too,” Kumar told TechNewsWorld “There is such a thing as a hardware zero-day exploit. Our goal should be to accelerate the cycle of finding these vulnerabilities and fixing them.”
Further, side-channel “is a general problem that affects both hardware and software systems,” he noted. Some can only be mitigated at the application level and others at the CPU level, “so there is not one solution.”
Keeping a Tight Lid on Vulnerabilities
SGX is one of a number of Trusted Execution Environments (TEEs). ARM, AMD and Intel have proposed TEEs, but Intel SGX is currently the leader.
Intel SGX “has gotten its fair share of researchers’ attention,” which leads to several vulnerabilities having been discovered, Kumar said.
“We should welcome these. It’s only when a bug is found that it can be fixed,” he noted.
Intel has “been pretty collaborative” in rolling out updates to fix vulnerabilities, and it works tightly with partners such as Fortanix to minimize the probability of attacks, Kumar noted. “We have no reason to believe any of the Intel SGX vulnerabilities ever reported have ever been exploited.”
Microsoft Azure, IBM and Alibaba are among the large organizations using Fortanix’s Intel SGX-based solutions. IBM has at least 10 corporate customers on its Fortanix-powered IBM Cloud Data Shield depending on SGX for security.
No Harm, No Foul
The SGAxe team notified Intel of its findings in October and Intel indicated it would publish a fix June 9, which it did.
The delay likely was due to testing, Tirias’ Krewell suggested. “Every fix could have its own problems and could introduce new vulnerabilities or software incompabiities.”
Updated systems from Fortanix and others “are not susceptible to these vulnerabilities,” Kumar said.
Microsoft “deployed the security update from Intel to our affected services prior to public disclosure,” a spokesperson said in a statement provided to TechNewsWorld by company rep Emily Chounlamany.
“Our cloud customers were not impacted by these vulnerabilities,” the spokesperson added.
While CPU manufacturers focus on finding and fixing vulnerabilities, companies like Fortanix “exist to mitigate them,” said Kumar. “Standard techniques such as defense in depth can go a long way to provide a more usable and secure system, even in the presence of zero-day vulnerabilities.”
On the whole, hardware-based security is preferable to a software-based solution, Kumar observed. “The unfortunate reality of software-only security is that even if your code is bug-free, your data may be stolen because of a vulnerability in someone else’s code.”