Leaking Uninitialized Secure Enclave Memory via Structure Padding (Extended Abstract)
نویسندگان
چکیده
Intel Software Guard Extensions (SGX) aims to provide an isolated execution environment, known as an enclave, for a user-level process to maximize its confidentiality and integrity. In this paper, we study how uninitialized data inside a secure enclave can be leaked via structure padding. We found that, during ECALL and OCALL, proxy functions that are automatically generated by the Intel SGX Software Development Kit (SDK) fully copy structure variables from an enclave to the normal memory to return the result of an ECALL function and to pass input parameters to an OCALL function. If the structure variables contain padding bytes, uninitialized enclave memory, which might contain confidential data like a private key, can be copied to the normal memory through the padding bytes. We also consider potential countermeasures against these security threats.
منابع مشابه
ZeroTrace : Oblivious Memory Primitives from Intel SGX
We are witnessing a confluence between applied cryptography and secure hardware systems in enabling secure cloud computing. On one hand, work in applied cryptography has enabled efficient, oblivious data-structure and memory primitives. On the other, secure hardware and the emergence of Intel SGX has enabled a low-overhead and mass market mechanism for isolated execution. By themselves these te...
متن کاملSgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution
This paper presents SGXPECTRE Attacks that exploit the recently disclosed CPU bugs to subvert the confidentiality of SGX enclaves. Particularly, we show that when branch prediction of the enclave code can be influenced by programs outside the enclave, the control flow of the enclave program can be temporarily altered to execute instructions that lead to observable cache-state changes. An advers...
متن کاملDefacement of Colluding Attack Using Blowfish Algorithm
Abstract In web environment, browser extension extends its functionality by retrieving, presenting and traversing the information through web browser. Browser extensions run with ‘high’ privileges which consequences, vulnerable web browser extensions to steal user’s credentials and trap users into leaking sensitive information to unauthorized parties. One of the attack known as Colluding browse...
متن کاملSecure Cloud Micro Services Using Intel SGX
The micro service paradigm targets the implementation of large and scalable systems while enabling fine-grained service-level maintainability. Due to their scalability, such architectures are frequently used in cloud environments, which are often subject to privacy and trust issues hindering the deployment of services dealing with sensitive data. In this paper we investigate the integration of ...
متن کاملBetter Trust Zone: Verifying Security of Enclave-Aware Calculi
Techniques from language-based security, such as security type systems, often provide protection against high-level adversaries but cannot guarantee security against low-level attackers, such as those that can inject code or inspect memory. We model in Coq a securitytyped calculus that includes an abstract model of enclaves, and show that it can provide meaningful security guarantees, even in t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1710.09061 شماره
صفحات -
تاریخ انتشار 2017