'For the past two years, modern CPUs—particularly those made by
Intel—have been under siege by an unending series of attacks that make
it possible for highly skilled attackers to pluck passwords,
encryption keys, and other secrets out of silicon-resident memory. On
Tuesday, two separate academic teams disclosed two new and distinctive
exploits that pierce Intel’s Software Guard eXtension, by far the most
sensitive region of the company’s processors.
Abbreviated as SGX, the protection is designed to provide a Fort Knox
of sorts for the safekeeping of encryption keys and other sensitive
data even when the operating system or a virtual machine running on
top is badly and maliciously compromised. SGX works by creating
trusted execution environments that protect sensitive code and the
data it works with from monitoring or tampering by anything else on
Key to the security and authenticity assurances of SGX is its creation
of what are called enclaves, or blocks of secure memory. Enclave
contents are encrypted before they leave the processor and are written
in RAM. They are decrypted only after they return. The job of SGX is
to safeguard the enclave memory and block access to its contents by
anything other than the trusted part of the CPU.
Tuesday’s attacks aren’t the first to defeat SGX. In 2018, a different
team of researchers broke into the fortified Intel region after
building on an attack known as Meltdown, which, along with a similar
attack known as Spectre, ushered in the flurry of processor exploits.
A different team of researchers broke SGX earlier this year.
Intel mitigated the earlier SGX vulnerability by introducing microcode
updates. However, these mitigations did not last, as two new attacks
have sent Intel scrambling anew to devise new defenses. Intel released
the new updates on Tuesday and expects them to be available to end
users in the coming weeks. Depending on the computer, the fix will
either be installed automatically or will require manual intervention.
Users, particularly those who rely on the SGX, should check with the
manufacturer of their machine and ensure that the update is installed
as soon as practical.
The new SGX attacks are known as SGAxe and CrossTalk. Both break into
the fortified CPU region using separate side-channel attacks, a class
of hack that infers sensitive data by measuring timing differences,
power consumption, electromagnetic radiation, sound, or other
information from the systems that store it. The assumptions for both
attacks are roughly the same. An attacker has already broken the
security of the target machine through a software exploit or a
malicious virtual machine that compromises the integrity of the
system. While that’s a tall bar, it’s precisely the scenario that SGX
is supposed to defend against.'
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174