foreshadow extracting the keys to the intel sgx kingdom
play

Foreshadow: Extracting the Keys to the Intel SGX Kingdom with - PowerPoint PPT Presentation

Sep 08, 2022 •41 likes •601 views

Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution Jo Van Bulck 1 Marina Minkin 2 Ofir Weisse 3 Daniel Genkin 3 Baris Kasikci 3 Frank Piessens 1 Mark Silberstein 2 Thomas F. Wenisch 3 Yuval Yarom 4 Raoul

  1. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution Jo Van Bulck 1 Marina Minkin 2 Ofir Weisse 3 Daniel Genkin 3 Baris Kasikci 3 Frank Piessens 1 Mark Silberstein 2 Thomas F. Wenisch 3 Yuval Yarom 4 Raoul Strackx 1 1 imec-DistriNet, KU Leuven 2 Technion 3 University of Michigan 4 University of Adelaide and Data61 USENIX Security, August 2018

  2. Road map Introduction 1 The Foreshadow attack 2 Demo 3 Dismantling Intel SGX security objectives 4 Foreshadow-NG implications 5 Mitigations and conclusion 6

  3. Evolution of “side-channel attack” occurrences in Google Scholar 4000 3000 2000 DO WE JUST SUCK AT... COMPUTERS? YUP. ESPECIALLY SHARED ONES. 1000 1990 1994 1998 2002 2006 2010 2014 2018 Based on github.com/Pold87/academic-keyword-occurrence and xkcd.com/1938/ 1 / 17

  4. Security in a post-Meltdown world Classic attacker-defender race Exploit and patch application-level vulnerabilities (memory safety, side-channels) App OS CPU 2 / 17

  5. Security in a post-Meltdown world Game changer Meltdown Free universal read primitive → kernel page-table isolation App ? ! OS CPU 2 / 17

  6. Rumors: Meltdown immunity for SGX enclaves? “[enclaves] remain protected and completely secure” — International Business Times, February 2018 “[enclave memory accesses] redirected to an abort page, which has no value” — Anjuna Security, Inc., March 2018 3 / 17

  7. Rumors: Meltdown immunity for SGX enclaves? https://wired.com and https://arstechnica.com 3 / 17

  8. Intel SGX promise: Hardware-level isolation and attestation App App Enclave app OS kernel Hypervisor CPU Mem TPM HDD Trusted Untrusted 4 / 17

  9. Intel SGX promise: Hardware-level isolation and attestation App App Enclave app OS kernel Hypervisor CPU Mem TPM HDD Trusted Untrusted 4 / 17

  11. Road map Introduction 1 The Foreshadow attack 2 Demo 3 Dismantling Intel SGX security objectives 4 Foreshadow-NG implications 5 Mitigations and conclusion 6

  12. Building Foreshadow 5 / 17

  13. Building Foreshadow L1 terminal fault challenges 5 / 17

  14. Meltdown recap: Transiently encoding unauthorized memory Unauthorized access 6 / 17

  15. Meltdown recap: Transiently encoding unauthorized memory Unauthorized access Transient out-of-order window oracle array secret idx 6 / 17

  16. Meltdown recap: Transiently encoding unauthorized memory Unauthorized access Transient out-of-order window Exception (discard architectural state) 6 / 17

  17. Meltdown recap: Transiently encoding unauthorized memory Unauthorized access Transient out-of-order window Exception handler oracle array cache hit 6 / 17

  18. Challenge #1: Intel SGX abort page semantics 7 / 17

  19. Challenge #1: Intel SGX abort page semantics Untrusted world view Intra-enclave view Enclaved memory reads 0xFF Access enclaved + unprotected memory 7 / 17

  20. Challenge #1: Intel SGX abort page semantics Untrusted world view Intra-enclave view Enclaved memory reads 0xFF Access enclaved + unprotected memory SGXpectre in-enclave code abuse 7 / 17

  21. Challenge #1: Intel SGX abort page semantics Untrusted world view Intra-enclave view Enclaved memory reads 0xFF Access enclaved + unprotected memory Meltdown “bounces back” ( ∼ mirror) SGXpectre in-enclave code abuse 7 / 17

  22. Building Foreshadow: Evade the abort page Note: SGX MMU sanitizes untrusted address translation SGX? Abort page semantics: An attempt to read from a non-existent or disallowed resource returns all ones for data (abort page). An attempt to write to a non-existent or disallowed physical resource is dropped. This behavior is unrelated to exception type abort (the others being Fault and Trap). https://software.intel.com/en-us/sgx-sdk-dev-reference-enclave-development-basics 8 / 17

  23. Building Foreshadow: Evade the abort page Note: SGX MMU sanitizes untrusted address translation Van Bulck et al. “Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution”, USENIX Security 2017 8 / 17

  24. Building Foreshadow: Evade the abort page Straw man: (Speculative) accesses in non-enclave mode are dropped Van Bulck et al. “Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution”, USENIX Security 2017 8 / 17

  25. Building Foreshadow: Evade the abort page Stone man: Bypass abort page via untrusted page table Van Bulck et al. “Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution”, USENIX Security 2017 8 / 17

  26. Building Foreshadow: Evade the abort page Stone man: Bypass abort page via untrusted page table Unprivileged system call mprotect( secret_ptr & 0xFFF, 0x1000, PROT_NONE ); Van Bulck et al. “Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution”, USENIX Security 2017 8 / 17

  27. Challenge #2: Strict caching requirements 9 / 17

  28. Challenge #2: Strict caching requirements L1 terminal fault Only enclave loads served from L1 reach transient out-of-order execution https://twitter.com/lavados/status/951066835310534656 9 / 17

  29. Challenge #2: Strict caching requirements L1 terminal fault Only enclave loads served from L1 reach transient out-of-order execution Foreshadow present bit ↔ Meltdown supervisor bit 9 / 17

  30. Challenge #2: Strict caching requirements Intel micro-architecture Address translation abort in parallel with L1 lookup (tag comparison) CPU micro-architecture T ag? L1D Pass to out-of-order guest host padrs padrs vadrs PT EPT SGX? walk? walk? 1 2 3 EPCM fail 3a Weisse et al. “Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution” 9 / 17

  31. Building Foreshadow: Loading enclave secrets in L1 1. Preemptive extraction Interrupt victim enclave at page or instruction-level granularity → Memory operands + CPU registers (SSA) SGX-Step Van Bulck et al. “SGX-Step: A practical attack framework for precise enclave execution control”, SysTEX 2017 10 / 17

  32. Building Foreshadow: Loading enclave secrets in L1 1. Preemptive extraction Interrupt victim enclave at page or instruction-level granularity → Memory operands + CPU registers (SSA) SGX-Step 2. Concurrent extraction Intel HyperThreading: co-resident logical CPUs share L1 → Real time memory accesses 10 / 17

  33. Building Foreshadow: Loading enclave secrets in L1 1. Preemptive extraction Interrupt victim enclave at page or instruction-level granularity → Memory operands + CPU registers (SSA) SGX-Step 2. Concurrent extraction Intel HyperThreading: co-resident logical CPUs share L1 → Real time memory accesses 3. Uncached extraction Forcibly reload 4 KiB enclave page: ewb + eldu → Reliably dump entire enclave address space 10 / 17

  34. Building Foreshadow: Loading enclave secrets in L1 Many more optimization techniques + microbenchmarks → see paper! 10 / 17

  35. Road map Introduction 1 The Foreshadow attack 2 Demo 3 Dismantling Intel SGX security objectives 4 Foreshadow-NG implications 5 Mitigations and conclusion 6

  36. Demo time! Based on xkcd.com/285/ 11 / 17

  37. Road map Introduction 1 The Foreshadow attack 2 Demo 3 Dismantling Intel SGX security objectives 4 Foreshadow-NG implications 5 Mitigations and conclusion 6

  38. Establishing trust: Remote attestation and secret provisioning Binding secrets to enclave identity Goal: Secure end-to-end communication channel + local storage App enclave 12 / 17

  39. Establishing trust: Remote attestation and secret provisioning CPU-level key derivation Intel == trusted 3th party (shared CPU master secret ) App enclave EREPORT EGETKEY Quoting Genuine attestation fl ow enclave 12 / 17

  40. Eroding trust: Remote attestation and secret provisioning Foreshadow adversary Extract long-term platform attestation key → forge Intel signatures App enclave Bogus attestation fl ow Quoting EGETKEY enclave 13 / 17

  41. Eroding trust: Remote attestation and secret provisioning Foreshadow domino effects Active man-in-the-middle: read + modify all local and remote secrets (!) App enclave 13 / 17

  42. Road map Introduction 1 The Foreshadow attack 2 Demo 3 Dismantling Intel SGX security objectives 4 Foreshadow-NG implications 5 Mitigations and conclusion 6

  43. Foreshadow-NG: Breaking the virtual memory abstraction L1 terminal fault [Int18] Unmap page → read arbitrary cached physical memory https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault Weisse et al. “Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution” 14 / 17

  44. Foreshadow-NG: Breaking the virtual memory abstraction CPU micro-architecture T ag? L1D Pass to out-of-order guest host vadrs padrs padrs PT EPT SGX? walk? walk? 1 2 3 EPCM fail 3a Weisse et al. “Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution” 15 / 17

  45. Road map Introduction 1 The Foreshadow attack 2 Demo 3 Dismantling Intel SGX security objectives 4 Foreshadow-NG implications 5 Mitigations and conclusion 6

  46. Mitigating Foreshadow 16 / 17

  47. Mitigating Foreshadow Future CPUs (silicon-based changes) https://newsroom.intel.com/editorials/advancing-security-silicon-level/ 16 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

LIBMPK: SOFTWARE ABSTRACTION FOR INTEL MEMORY PROTECTION KEYS (INTEL MPK) Soyeon Park, Sangho

LIBMPK: SOFTWARE ABSTRACTION FOR INTEL MEMORY PROTECTION KEYS (INTEL MPK) Soyeon Park, Sangho

LIBMPK: SOFTWARE ABSTRACTION FOR INTEL MEMORY PROTECTION KEYS (INTEL MPK) Soyeon Park, Sangho Lee, Wen Xu, Hyungon Moon and Taesoo Kim INTRODUCTION SECURITY CRITICAL MEMORY REGIONS NEED PROTECTION JIT page To achieve code execution,

327 views • 32 slides
A common weakness in RSA signatures: extracting public keys from communications and embedded

A common weakness in RSA signatures: extracting public keys from communications and embedded

A common weakness in RSA signatures: extracting public keys from communications and embedded devices Hackito Ergo Sum 24-26 April 2014 Renaud Lifchitz renaud.lifchitz @ oppida.fr Speakers bio French computer security engineer

598 views • 39 slides
Extracting keys from FPGAs, OTP Tokens and Door Locks Side-Channel (and other) Attacks in Practice

Extracting keys from FPGAs, OTP Tokens and Door Locks Side-Channel (and other) Attacks in Practice

Extracting keys from FPGAs, OTP Tokens and Door Locks Side-Channel (and other) Attacks in Practice David Oswald david.oswald@rub.de No, I did not do all this stuff alone Christof Paar Benedikt Driessen Timo Kasper Gregor Leander

1.2k views • 95 slides
Extracting Test Problems from Real Applications John Harrison Intel Corporation Applications

Extracting Test Problems from Real Applications John Harrison Intel Corporation Applications

Extracting Test Problems from Real Applications Extracting Test Problems from Real Applications John Harrison Intel Corporation Applications of theorem proving Traditional type 1 problems Problems from formalization and

707 views • 29 slides
Online Template Attack on ECDSA: Extracting Keys Via The Other Side By: Niels Roelofs, Niels

Online Template Attack on ECDSA: Extracting Keys Via The Other Side By: Niels Roelofs, Niels

Online Template Attack on ECDSA: Extracting Keys Via The Other Side By: Niels Roelofs, Niels Samwel, Lejla Batina and Joan Daemen Africacrypt Conference 2020 July 2020 Side Channel Attack Introduction A side-channel is any unintentional

375 views • 36 slides
Obtaining the Keys to the Kingdom: Secrets of Serial Bibliographic Records Revealed Presentation

Obtaining the Keys to the Kingdom: Secrets of Serial Bibliographic Records Revealed Presentation

Obtaining the Keys to the Kingdom: Secrets of Serial Bibliographic Records Revealed Presentation Notes Mary Grenci, University of Oregon mgrenci@uoregon.edu 1. 2. Interspersed throughout the presentation there are boxes with search tips.

463 views • 15 slides
Still Passing the Hash 15 Years Later Using the Keys to the Kingdom to Access All Your Data

Still Passing the Hash 15 Years Later Using the Keys to the Kingdom to Access All Your Data

Still Passing the Hash 15 Years Later Using the Keys to the Kingdom to Access All Your Data Alva Skip Duckwall Chris Campbell Help Us Get Better! Please Fill Out The Speaker Surveys! Do You Know Who I Am? Alva 'Skip' Duckwall

647 views • 54 slides
Who watches the watchmen?: Utilizing Performance Monitors for Compromising keys of RSA on Intel

Who watches the watchmen?: Utilizing Performance Monitors for Compromising keys of RSA on Intel

Who watches the watchmen?: Utilizing Performance Monitors for Compromising keys of RSA on Intel Platforms Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur CHES 2015 September 15, 2015 CHES 2015 Sarani

637 views • 51 slides
Keys to the Kingdom A presentation to: E-Business 2008 Mike Auty E-Security at WDL Date: 16 th

Keys to the Kingdom A presentation to: E-Business 2008 Mike Auty E-Security at WDL Date: 16 th

Keys to the Kingdom A presentation to: E-Business 2008 Mike Auty E-Security at WDL Date: 16 th October 2008 Overview Securing Systems Passwords Storing Passwords Guessing Passwords What can I do about it?

518 views • 16 slides
Transient Execution Attacks: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck

Transient Execution Attacks: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck

Transient Execution Attacks: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck ISSE Brussels, November 6, 2018 A primer on software security Secure

897 views • 58 slides
Keys to a Winning MBA Applica3on Harvard Club of the

Keys to a Winning MBA Applica3on Harvard Club of the

Keys to a Winning MBA Applica3on Harvard Club of the United Kingdom Alex Leventhal PrepMBA.com When is the Right Time to Apply? Average

497 views • 17 slides
Foreshadow: speculative attacks on SGX and beyond Mark Silberstein Joint work with Jo Van Bulck,

Foreshadow: speculative attacks on SGX and beyond Mark Silberstein Joint work with Jo Van Bulck,

Foreshadow: speculative attacks on SGX and beyond Mark Silberstein Joint work with Jo Van Bulck, Marina Minkin , Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx March 2019 Mark

1.07k views • 70 slides
Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven

Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven

Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck OWASP BeNeLux-Days, November 30, 2018 A primer on software security Secure program: convert all input

1.27k views • 77 slides
2010 2500 keys > 100 uses 1250 keys > 1000 uses 2018 11000 keys >

2010 2500 keys > 100 uses 1250 keys > 1000 uses 2018 11000 keys >

2010 2500 keys > 100 uses 1250 keys > 1000 uses 2018 11000 keys > 100 uses 4450 keys > 1000 uses An excursion in to the world of OSM tagging presets Simon Poole, SOtM 2018 In the beginning Bus

686 views • 50 slides
Extracting INT8 Multipliers from INT18 Multipliers Bogdan Pasca, Martin Langhammer, Gregg

Extracting INT8 Multipliers from INT18 Multipliers Bogdan Pasca, Martin Langhammer, Gregg

Extracting INT8 Multipliers from INT18 Multipliers Bogdan Pasca, Martin Langhammer, Gregg Baeckler, Sergey Gribok Intel Corporation Context Machine learning increase density of small-precision arithmetic INT8 - commonly used for

442 views • 40 slides
Week 7: August 6, 2017 Review The Kingdom The The The The Partial The Prophesied of God

Week 7: August 6, 2017 Review The Kingdom The The The The Partial The Prophesied of God

Week 7: August 6, 2017 Review The Kingdom The The The The Partial The Prophesied of God Pattern of the Kingdom Perished Kingdom Promised Kingdom Kingdom Kingdom Gods Abrahams Remnant of Israel, & Adam & Eve No One

657 views • 41 slides
CSC2542 Planning-Graph Techniques The lecture in 2 weeks will be given by our TA, Christian

CSC2542 Planning-Graph Techniques The lecture in 2 weeks will be given by our TA, Christian

Administrative Announcements Tutorial Time: If youre taking the course for credit, please (re)vist the doodle poll and see whether you can work towards finding a time when we can all meet. Were at an impass! I will be posting a

106 views • 8 slides
Cross-VM Side Channels and Their Use to Extract Private Keys Yinqian Zhang (UNC-Chapel Hill) Ari

Cross-VM Side Channels and Their Use to Extract Private Keys Yinqian Zhang (UNC-Chapel Hill) Ari

Cross-VM Side Channels and Their Use to Extract Private Keys Yinqian Zhang (UNC-Chapel Hill) Ari Juels (RSA Labs) Michael K. Reiter (UNC-Chapel Hill) Thomas Ristenpart (U Wisconsin-Madison) Motivation Security Isolation by Virtualization VM

775 views • 40 slides
Extracting Descriptions of Location Relations from Implicit Textual Networks Andreas Spitz,

Extracting Descriptions of Location Relations from Implicit Textual Networks Andreas Spitz,

Extracting Descriptions of Location Relations from Implicit Textual Networks Andreas Spitz, Gloria Feher, Michael Gertz Heidelberg University, Institute of Computer Science Database Systems Research Group { spitz,gertz }

747 views • 38 slides
Automatic Extraction of Sliced Object State Machines for Component Interfaces Tao Xie David

Automatic Extraction of Sliced Object State Machines for Component Interfaces Tao Xie David

Automatic Extraction of Sliced Object State Machines for Component Interfaces Tao Xie David Notkin Dept. of Computer Science & Engineering University of Washington, Seattle SAVCBS 04 Oct. 2004 1 Motivation Software components

303 views • 29 slides
RECSM Summer School: Scraping the web Pablo Barber a School of International Relations

RECSM Summer School: Scraping the web Pablo Barber a School of International Relations

RECSM Summer School: Scraping the web Pablo Barber a School of International Relations University of Southern California pablobarbera.com Networked Democracy Lab www.netdem.org Course website: github.com/pablobarbera/big-data-upf

571 views • 40 slides
Feature Extraction 7-1 Ronald Peikert SciVis 2007 - Feature Extraction What are features?

Feature Extraction 7-1 Ronald Peikert SciVis 2007 - Feature Extraction What are features?

Feature Extraction 7-1 Ronald Peikert SciVis 2007 - Feature Extraction What are features? Features are inherent properties of data, independent of coordinate frames etc. Dimension of a feature: 0: point feature (often defined by n

840 views • 30 slides
Sequence 7 January 2019 OSU CSE 1 Sequence The Sequence component family allows you to

Sequence 7 January 2019 OSU CSE 1 Sequence The Sequence component family allows you to

Sequence 7 January 2019 OSU CSE 1 Sequence The Sequence component family allows you to manipulate strings of entries of any (arbitrary) type through direct access by position, similar to an array Another generic type like Queue and Set

533 views • 38 slides
Snowball : Extracting Relations from Large Plain-Text Collections Eugene Agichtein Luis Gravano

Snowball : Extracting Relations from Large Plain-Text Collections Eugene Agichtein Luis Gravano

Snowball : Extracting Relations from Large Plain-Text Collections Eugene Agichtein Luis Gravano Department of Computer Science Columbia University 1 Extracting Relations from Documents Text documents hide valuable structured information. If

1.36k views • 50 slides

More recommend