Software Guard Extensions
Intel Software Guard Extensions (SGX) is a set of security-related instruction codes that are built into some modern Intel central processing units (CPUs). They allow user-level as well as operating system code to define private regions of memory, called enclaves, whose contents are protected and unable to be either read or saved by any process outside the enclave itself, including processes running at higher privilege levels. SGX is disabled by default and must be opted in to by the user through their motherboard settings on a supported system.
SGX involves encryption by the CPU of a portion of memory. The enclave is decrypted on the fly only within the CPU itself, and even then, only for code and data running from within the enclave itself. The processor thus protects the code from being "spied on" or examined by other code. The code and data in the enclave utilize a threat model in which the enclave is trusted but no process outside it can be trusted (including the operating system itself and any hypervisor), and therefore all of these are treated as potentially hostile. The enclave contents are unable to be read by any code outside the enclave, other than in its encrypted form.. Applications running inside of SGX must be written to be side channel resistant as SGX does not protect against side channel measurement or observation.
SGX is designed to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM). Other applications include concealment of proprietary algorithms and of encryption keys.
Support for SGX in the CPU is indicated in CPUID "Structured Extended feature Leaf", EBX bit 02, but its availability to applications requires BIOS/UEFI support and opt-in enabling which is not reflected in CPUID bits. This complicates the feature detection logic for applications.
Emulation of SGX was added to an experimental version of the QEMU system emulator in 2014. In 2015, researchers at the Georgia Institute of Technology released an open-source simulator named "OpenSGX".
On 27 March 2017 researchers at Austria's Graz University of Technology developed a proof-of-concept that can grab RSA keys from SGX enclaves running on the same system within five minutes by using certain CPU instructions in lieu of a fine-grained timer to exploit cache DRAM side-channels. One countermeasure for this type of attack was presented and published by Daniel Gruss et al. at the USENIX Security Symposium in 2017. Among other published countermeasures, one countermeasure to this type of attack was published on September 28, 2017, a compiler-based tool, DR.SGX, that claims to have superior performance with the elimination of the implementation complexity of other proposed solutions.
The LSDS group at Imperial College London showed a proof of concept that the Spectre speculative execution security vulnerability can be adapted to attack the secure enclave. The Foreshadow attack, disclosed in August 2018, combines speculative execution and buffer overflow to bypass the SGX.
On 8 February 2019, researchers at Austria's Graz University of Technology published findings, which showed that in some cases it is possible to run malicious code from within the enclave itself. The exploit involves scanning through process memory, in order to reconstruct a payload, which can then run code on the system. The paper claims that due to the confidential and protected nature of the enclave, it is impossible for Antivirus software to detect and remove malware residing within it. However, since modern anti-malware and antivirus solutions monitor system calls, and the interaction of the application with the operating system, it should be possible to identify malicious enclaves by their behavior, and this issue is unlikely to be a concern for state-of-the-art antiviruses. Intel issued a statement, stating that this attack was outside the threat model of SGX, that they cannot guarantee that code run by the user comes from trusted sources, and urged consumers to only run trusted code.
MicroScope replay attack
There is a proliferation of Side-channel attack plaguing modern computer architecture. Many of these attacks measure slight, nondeterministic variations in the execution of some code, so the attacker needs many, possibly tens of thousands, of measurements to learn secrets. However, the Microscope attack allows a malicious OS to replay code an arbitrary number of times regardless of the programs actual structure, enabling dozens of side-channel attacks.
Security researchers were able to inject timing specific faults into execution within the enclave, resulting in leakage of information. The attack can be executed remotely, but requires access to the privileged control of the processor's voltage and frequency.
Load Value Injection injects data into a program aiming to replace the value loaded from memory which is then used for a short time before the mistake is spotted and rolled back, during which LVI controls data and control flow.
SGAxe, a SGX vulnerability, extends a speculative execution attack on cache , leaking content of the enclave. This allows an attacker to access private CPU keys used for remote attestation. In other words, a threat actor can bypass Intel's countermeasures to breach SGX's enclaves confidentiality. The SGAxe attack is carried out by extracting attestation keys from SGX's private quoting enclave, that are signed by Intel. The attacker can then masquerade as legitimate Intel machines by signing arbitrary SGX attestation quotes.
- "Intel SGX for Dummies (Intel SGX Design Objectives)". intel.com. 2013-09-26.
- johnm (2017-08-08). "Properly Detecting Intel® Software Guard Extensions (Intel® SGX) in Your Applications". software.intel.com. Retrieved 2019-02-15.
- "Researchers Use Intel SGX To Put Malware Beyond the Reach of Antivirus Software - Slashdot". it.slashdot.org.
- "Intel SGX and Side-Channels". intel.com. 2020-02-28.
- "Intel SGX Details". intel.com. 2017-07-05.
- Intel Architecture Instruction Set Extensions Programming Reference, Intel, AUGUST 2015, page 36 "Structured Extended feature Leaf EAX=07h, EBX Bit 02: SGX"
- "Properly Detecting Intel Software Guard Extensions in Your Applications". intel.com. 2016-05-13.
- "Intel SGX Emulation using QEMU" (PDF). tc.gtisc.gatech.edu. Retrieved 2018-11-02.
- "sslab-gatech/opensgx". GitHub. Retrieved 2016-08-15.
- "wolfSSL At IDF". wolfssl. 2016-08-11.
- "Intel® Pentium® Silver J5005 Processor". Retrieved 2020-07-10.
- Chirgwin, Richard (March 7, 2017). "Boffins show Intel's SGX can leak crypto keys". The Register. Retrieved 1 May 2017.
- Schwarz, Michael; Weiser, Samuel; Gruss, Daniel; Maurice, Clémentine; Mangard, Stefan (2017). "Malware Guard Extension: Using SGX to Conceal Cache Attacks". arXiv:1702.08719 [cs.CR].
- "Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory" (PDF). USENIX. 2017-08-16.
- Brasser, Ferdinand; Capkun, Srdjan; Dmitrienko, Alexandra; Frassetto, Tommaso; Kostiainen, Kari; Müller, Urs; Sadeghi, Ahmad-Reza (2017-09-28). "DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization". arXiv:1709.09917 [cs.CR].
- Sample code demonstrating a Spectre-like attack against an Intel SGX enclave.
- Peter Bright - Jul 10, 2018 9:00 pm UTC (2018-07-10). "New Spectre-like attack uses speculative execution to overflow buffers". Ars Technica. Retrieved 2018-11-02.
- Schwarz, Michael; Weiser, Samuel; Gruss, Daniel (2019-02-08). "Practical Enclave Malware with Intel SGX". arXiv:1902.03256 [cs.CR].
- Bright, Peter (2019-02-12). "Researchers use Intel SGX to put malware beyond the reach of antivirus software". Ars Technica. Retrieved 2019-02-15.
- Skarlatos, Dimitrios; Yan, Mengjia; Gopireddy, Bhargava; Sprabery, Read; Torrellas, Josep; Fletcher, Christopher W. (2019). "MicroScope: enabling microarchitectural replay attacks". Proceedings of the 46th International Symposium on Computer Architecture - ISCA '19. Phoenix, Arizona: ACM Press: 318–331. doi:10.1145/3307650.3322228. ISBN 978-1-4503-6669-4.
- "Plundervolt steals keys from cryptographic algorithms". Rambus Blog. 2019-12-11. Retrieved 2020-03-20.
- "LVI: Hijacking Transient Execution with Load Value Injection". lviattack.eu. Retrieved 2020-03-12.
- "Load Value Injection". software.intel.com. Retrieved 2020-03-12.
- "SGAxe: How SGX Fails in Practice".
- "CacheOut: Leaking Data on Intel CPUs via Cache Evictions".
- "SGAxe & CrossTalk Attacks: New Intel SGX Vulnerability Leaks Data". Hack Reports. 2020-06-12. Retrieved 2020-06-12.
- Intel Software Guard Extensions (Intel SGX) / ISA Extensions, Intel
- Intel Software Guard Extensions (Intel SGX) Programming Reference, Intel, October 2014
- IDF 2015 - Tech Chat: A Primer on Intel Software Guard Extensions, Intel (poster)
- ISCA 2015 tutorial slides for Intel SGX, Intel, June 2015
- McKeen, Frank, et al. (Intel), Innovative Instructions and Software Model for Isolated Execution // Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 2013.
- Joanna Rutkowska, Thoughts on Intel's upcoming Software Guard Extensions (Part 1), August 2013
- SGX: the good, the bad and the downright ugly / Shaun Davenport, Richard Ford (Florida Institute of Technology) / Virus Bulletin, 2014-01-07
- Victor Costan and Srinivas Devadas, Intel SGX Explained, January 2016.
- wolfSSL, October 2016.
- The Security of Intel SGX for Key Protection and Data Privacy Applications / Professor Yehuda Lindell (Bar Ilan University & Unbound Tech), January 2018
- Intel SGX Technology and the Impact of Processor Side-Channel Attacks, March 2020