acm-header
Sign In

Communications of the ACM

Home/News/Intel SGX is Vulnerable to an Unfixable Flaw That.../Full Text
ACM TechNews

Intel SGX is Vulnerable to an Unfixable Flaw That Can Steal Crypto Keys and More

By Ars Technica
March 11, 2020
Comments
View as: Print Mobile App Share:
An Intel chip.

A team of international researchers disclosed a previously undiscovered vulnerability that steals information from Intel's Software Guard eXtensions.

Credit: Intel

A team of international researchers from Worcester Polytechnic Institute, the University of Michigan, Katholieke Universiteit Leuven in Belgium, Graz University of Technology in Austria, Australian digital research network Data61, and Australia’s University of Adelaide disclosed a previously undiscovered vulnerability that steals information from Intel's Software Guard eXtensions (SGX), a kind of digital vault for securing users' most sensitive data.

The proof-of-concept attack—called Load Value Injection (LVI)—stems from speculative execution. The exploit allows for the raiding of information stored in the SGX enclave.

Said the researchers, “Unlike all previous Meltdown-type attacks, LVI cannot be transparently mitigated in existing processors and necessitates expensive software patches, which may slow down Intel SGX enclave computations up to 19 times."

From Ars Technica
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account