In cybersecurity circles, this has been the year of Spectre and Meltdown, not only because the chip vulnerabilities—first publicly disclosed in January—were so widespread that they're still being cleaned up, but because they've given rise to the discovery of many related flaws. Now, a team of researchers has found a Spectre-like vulnerability that specifically undermines the most secure element of recent Intel chips—and potentially has even broader implications.
Intel's Software Guard Extensions feature, known as SGX, allows programs to establish so-called secure enclaves on Intel processors. These are regions of a chip that are cordoned off to run code that the computer's operating system can't access or change. The secure enclave creates a safe haven for sensitive data, even if malware or another malady compromises the main computer. But a group of researchers, hailing from five academic institutions around the world, found that although SGX can mostly repel Spectre and Meltdown attacks, a related attack can bypass its defenses. They call it Foreshadow.
"There were certain aspects that were surprising and certain aspects that weren't," says microarchitecture security researcher Yuval Yarom, a member of the team that will present its findings at the Usenix security conference in Baltimore on Wednesday. "We thought speculative execution could get some information from SGX, but we weren't sure how much. The amount of information we actually got out—that took us by surprise."
Meltdown, Spectre, and Foreshadow all exploit various flaws in a computing technique known as speculative execution. A processor can run more efficiently by making an educated guess about what operation it will be asked to perform next. A correct prediction saves resources, while work based on an incorrect prediction gets scrapped.
But the system leaves behind clues—how long it takes a processor to fulfill a certain request, for example—that an attacker can use to find weaknesses, ultimately gaining the ability to manipulate what path the speculation takes, and scooping up data at opportune moments that leaks out of a process's data storage cache. Speculative execution attacks tend to be convoluted and difficult to carry out in practice, and Intel emphasizes that none have been seen in the real world. They are important to guard against, though, because a truly motivated attacker could use them to access data and system privileges meant to be off-limits.
From Wired
View Full Article
No entries found