Practical Enclave Malware with Intel SGX Michael Schwarz, Samuel - - PowerPoint PPT Presentation
Practical Enclave Malware with Intel SGX Michael Schwarz, Samuel Weiser, Daniel Gruss June 20, 2019 - DIMVA19 Graz University of Technology www.tugraz.at Outline SGX 2 Michael Schwarz , Samuel Weiser, Daniel Gruss Graz University of
Practical Enclave Malware with Intel SGX
Michael Schwarz, Samuel Weiser, Daniel Gruss June 20, 2019 - DIMVA’19 Graz University of Technology Outline
www.tugraz.atSGX
2 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Outline
www.tugraz.atSGX
2 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Outline
www.tugraz.atSGX
2 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Outline
www.tugraz.at 2 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX
www.tugraz.at Application Untrusted part Operating System 3 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX
www.tugraz.at Application Untrusted part Create Enclave Operating System 3 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX
www.tugraz.at Application Trusted part Call Gate Untrusted part Create Enclave Trusted Fnc. Operating System 3 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX
www.tugraz.at Application Trusted part Call Gate Untrusted part Create Enclave Call Trusted Fnc. Trusted Fnc. Operating System 3 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX
www.tugraz.at Application Trusted part Call Gate Untrusted part Create Enclave Call Trusted Fnc. Trusted Fnc. Operating System 3 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX
www.tugraz.at Application Trusted part Call Gate Untrusted part Create Enclave Call Trusted Fnc. Trusted Fnc. Operating System 3 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX
www.tugraz.at Application Trusted part Call Gate Untrusted part Create Enclave Call Trusted Fnc. Trusted Fnc. Return Operating System 3 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX
www.tugraz.at Application Trusted part Call Gate Untrusted part Create Enclave Call Trusted Fnc. Trusted Fnc. Return Operating System 3 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX
www.tugraz.at Application Trusted part Call Gate Untrusted part Create Enclave Call Trusted Fnc. . . . Trusted Fnc. Return Operating System 3 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX
www.tugraz.at Application Trusted part Call Gate Untrusted part Create Enclave Call Trusted Fnc. . . . Trusted Fnc. Return Operating System 3 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology What if?
www.tugraz.at What if?
www.tugraz.at What if?
www.tugraz.at What if?
www.tugraz.at Threat Model
www.tugraz.atIntel’s Statement
[...] Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source [...]
5 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX Limitations
www.tugraz.atClassical exploits cannot be mounted within SGX:
6 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX Limitations
www.tugraz.atClassical exploits cannot be mounted within SGX:
SGX Limitations
www.tugraz.atClassical exploits cannot be mounted within SGX:
SGX Limitations
www.tugraz.atClassical exploits cannot be mounted within SGX:
SGX Limitations
www.tugraz.atClassical exploits cannot be mounted within SGX:
State-of-the-art Malicious Enclaves
www.tugraz.at State-of-the-art Malicious Enclaves
www.tugraz.at State-of-the-art Malicious Enclaves
www.tugraz.at TEE-REX
www.tugraz.atT E E R EX
8 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Attack Overview
www.tugraz.atEnclave Code Data Stack
9 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Attack Overview
www.tugraz.atEnclave Code Data Stack Read Primitive
Gadget(TAP)
9 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Attack Overview
www.tugraz.atEnclave Code Data Stack Read Primitive
Gadget(TAP) Write Primitive
Cave(CLAW)
9 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Attack Overview
www.tugraz.atEnclave Code Data Stack Read Primitive
Gadget(TAP) Write Primitive
Cave(CLAW) ROP injection
chain 9 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Attack Overview
www.tugraz.atEnclave Code Data Stack Read Primitive
Gadget(TAP) Write Primitive
Cave(CLAW) ROP injection
chain 9 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Attack Overview
www.tugraz.atEnclave Code Data Stack Read Primitive
Gadget(TAP) Write Primitive
Cave(CLAW) ROP injection
chain execute 9 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Attack Overview
www.tugraz.atEnclave Code Data Stack Read Primitive
Gadget(TAP) Write Primitive
Cave(CLAW) ROP injection
chain execute 9 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Problems
www.tugraz.at Problems
www.tugraz.at Problems
www.tugraz.at Transactional Memory
www.tugraz.at Transactional Memory
www.tugraz.at Transactional Memory
www.tugraz.at Transactional Memory
www.tugraz.at Transactional Memory
www.tugraz.at Transactional Memory
www.tugraz.at Thread 1 Thread 0 Cache 12 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Transactional Memory
www.tugraz.at Thread 1 Thread 0 Cache xbegin xend else path Transactional Memory
www.tugraz.at Thread 1 Thread 0 Cache mov xbegin mov xend else path Transactional Memory
www.tugraz.at Thread 1 Thread 0 Cache mov mov xbegin mov mov xend else path Transactional Memory
www.tugraz.at Thread 1 Thread 0 Cache mov mov mov xbegin mov mov mov xend else path Transactional Memory
www.tugraz.at Thread 1 Thread 0 Cache mov mov mov xbegin mov mov mov xend else path TAP
www.tugraz.at TAP
www.tugraz.at TAP
www.tugraz.at TAP
www.tugraz.at TAP
www.tugraz.at Valid Valid Valid Invalid Invalid Valid Invalid InvalidHost Memory
14 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology TAP
www.tugraz.at Valid Valid Valid Invalid Invalid Valid Invalid InvalidHost Memory
14 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology TAP
www.tugraz.at Valid Valid Valid Invalid Invalid Valid Invalid InvalidHost Memory
14 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology TAP
www.tugraz.at Valid Valid Valid Invalid Invalid Valid Invalid InvalidHost Memory
14 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology TAP
www.tugraz.at Valid Valid Valid Invalid Invalid Valid Invalid InvalidHost Memory
14 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology TAP
www.tugraz.at Valid Valid Valid Invalid Invalid Valid Invalid InvalidHost Memory
14 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology TAP
www.tugraz.at Valid Valid Valid Invalid Invalid Valid Invalid InvalidHost Memory
14 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology TAP
www.tugraz.at Valid Valid Valid Invalid Invalid Valid Invalid InvalidHost Memory
14 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology TAP
www.tugraz.at TAP
www.tugraz.at TAP
www.tugraz.at TAP
www.tugraz.at CLAW
www.tugraz.at CLAW
www.tugraz.at CLAW
www.tugraz.at→ No architectural write
16 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology CLAW
www.tugraz.at→ No architectural write
CLAW
www.tugraz.atHost Memory
R/O R/O R/O N/A N/A R/W N/A N/AX
17 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology CLAW
www.tugraz.atHost Memory
R/O R/O R/O N/A N/A R/W N/A N/AX
17 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology CLAW
www.tugraz.atHost Memory
R/O R/O R/O N/A N/A R/W N/A N/AX
17 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology CLAW
www.tugraz.atHost Memory
R/O R/O R/O N/A N/A R/W N/A N/AX
17 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology TAP+CLAW
www.tugraz.at TAP+CLAW
www.tugraz.at→ Robust write-anything-anywhere primitive
18 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology TAP+CLAW
www.tugraz.at→ Robust write-anything-anywhere primitive → Store malicious payload
18 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX ROP
www.tugraz.at SGX ROP
www.tugraz.at SGX ROP
www.tugraz.at SGX ROP
www.tugraz.at SGX ROP
www.tugraz.atStack
... ... Original saved RIP Original saved RBP Saved RIP Saved RBP Saved RIP Saved RBP leave; ret
20 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX ROP
www.tugraz.atStack
... ... Original saved RIP Original saved RBP Saved RIP Saved RBP Saved RIP Saved RBP
Fake stack frame
leave; ret
20 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX ROP
www.tugraz.atStack
... ... Original saved RIP Original saved RBP Saved RIP Saved RBP Saved RIP Saved RBP
Fake stack frame
ROP Chain leave; ret
20 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX ROP
www.tugraz.atStack
... ... Original saved RIP Original saved RBP Saved RIP Saved RBP Saved RIP Saved RBP
Fake stack frame
ROP Chain
Original saved RIP Original saved RBPleave; ret
20 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology SGX ROP
www.tugraz.atStack
... ... Injected RIP Injected RBP Saved RIP Saved RBP Saved RIP Saved RBP
Fake stack frame
ROP Chain
Original saved RIP Original saved RBPleave; ret
20 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Gadgets
www.tugraz.at64.8 MB writable data mprotect ROP gadgets SGX Several pages writable data mprotect ROP gadgets
21 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Full Exploit
www.tugraz.atbinary
22 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Full Exploit
www.tugraz.atbinary
Full Exploit
www.tugraz.atbinary
Full Exploit
www.tugraz.atbinary
→ Securely and stealthily deploying zero days
22 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Try It!
www.tugraz.athttps://github.com/IAIK/SGXROP
23 Michael Schwarz, Samuel Weiser, Daniel Gruss — Graz University of Technology Design Problems
www.tugraz.at Design Problems
www.tugraz.at Design Problems
www.tugraz.at Design Problems
www.tugraz.at Takeaways
www.tugraz.atTakeaways
Thank you!
Practical Enclave Malware with Intel SGX
Michael Schwarz (@misc0110), Samuel Weiser, Daniel Gruss June 20, 2019 - DIMVA’19 Graz University of Technology