Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Wednesday August 15 2018, @02:02AM   Printer-friendly
from the [sigh] dept.

Intel's SGX blown wide open by, you guessed it, a speculative execution attack

Another day, another speculative execution-based attack. Data protected by Intel's SGX—data that's meant to be protected even from a malicious or hacked kernel—can be read by an attacker thanks to leaks enabled by speculative execution.

Since publication of the Spectre and Meltdown attacks in January this year, security researchers have been taking a close look at speculative execution and the implications it has for security. All high-speed processors today perform speculative execution: they assume certain things (a register will contain a particular value, a branch will go a particular way) and perform calculations on the basis of those assumptions. It's an important design feature of these chips that's essential to their performance, and it has been for 20 years.

[...] What's in store today? A new Meltdown-inspired attack on Intel's SGX, given the name Foreshadow by the researchers who found it. Two groups of researchers found the vulnerability independently: a team from KU Leuven in Belgium reported it to Intel in early January—just before Meltdown and Spectre went public—and a second team from the University of Michigan, University of Adelaide, and Technion reported it three weeks later.

SGX, standing for Software Guard eXtensions, is a new feature that Intel introduced with its Skylake processors that enables the creation of Trusted Execution Environments (TEEs). TEEs are secure environments where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). SGX is used to create what are called enclaves: secure blocks of memory containing code and data. The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted on being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from outside the enclave should be blocked.

[...] As with many of the other speculative execution issues, a large part of the fix comes in the form of microcode updates, and in this case, the microcode updates are already released and in the wild and have been for some weeks. With the updated microcode, every time the processor leaves execution of an enclave, it also flushes the level 1 cache. With no data in level 1 cache, there's no scope for the L1TF to take effect. Similarly, with the new microcode leaving, management mode flushes the level 1 cache, protecting SMM data.

Also at Engadget and Wired.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by HiThere on Thursday August 16 2018, @12:45AM

    by HiThere (866) Subscriber Badge on Thursday August 16 2018, @12:45AM (#721977) Journal

    Sure, if you pass mutable data. Not if you only pass immutable data. Unfortunately, C and C++ don't encourage safe parallel programming at all. Go is a lot better, but far from perfect. And too many approaches assume all the nodes will be running identical code. I haven't checked out Julia recently, but the last time I looked it didn't support message passing well, and was mainly useful for matrix manipulation. D doesn't allow you to pass "channels" between nodes. Etc. The language support to make it easy is missing, but the basic processes are reasonably easy. E.g., D has truly immutable values, Go has channels that operate the right way, etc. Perhaps the promised Ruby Guilds will do the job, but Ruby is not a fast language. Even if they get the promised tripling of the speed it won't be fast. But reasonably fast languages CAN do the job, and my preference for garbage collected languages doesn't imply that that's necessary for a good message passing language. (OTOH, do note that for this to work you *cannot* cast away immutability, and should not be able to. Otherwise this can lead to a huge amount of copying.)

    --
    Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2