SgxSpectre – Improved Spectre Exploit Revealed


The Spectre is one of the most critical bugs of the modern processors that’s really hard to defend against without hardware upgrade. Although system patches are available, they aren’t the permanent solution. Spectre is hard to exploit, but a new variation of the method can successfully use the vulnerability. This new variation is discovered by six scientists from the Ohio State University. This new attack is able to extract info from Intel SGX enclaves, thus named SgxSpectre.

What is SGX?

The SGX (Intel Software Guard eXtension) is a feature of Intel processors allowing apps to create so-called enclaves that are hardware-isolated sections of the processor’s processing memory where apps run sensitive operations like encryption keys, passwords, user data etc. The Meltdown and Spectre flaws revealed last year shows that such information can be stolen from the processor’s memory due to the bugged system mechanism. However, the classic form of Meltdown or Spectre wasn’t enough to extract data from the SGX enclaves.

How SgxSpectre works

SgxSpectre is the perfect solution that can steal data from the Intel’s SGX enclaves. According to the researchers, the SgxSpectre is capable of doing so because of the specific code pattern in the software libraries that allowed devs to integrated SGX support in their apps. The vulnerable SGX SDKs include Rust-SGX, Graphene-SGX, and Intel SGX.

A hacker, in theory, and practice can leverage the patterns of repetitive code execution that these SDKs introduce in SGX enclaves. Thus, the hacker can watch small variations of cache size. This is the process named “classic side-channel attack” and it’s quite effective in the field.

According to the researchers, SgxSpectre compromises the confidentiality of SGX enclaves completely because of the vulnerable code execution patterns. As these are difficult to eliminate, SgxSpectre attack can be performed against any programs that use the SGX enclave facility.

It’s notable that the concept of SGX enclave is still in the early days. Because of the facilities, its adoption is also quite fast-paced including the public clouds. Almost all the present SGX libraries contain the flawed execution pattern and are extremely hard to remove.

Here’s how it works.

Security incoming

The recent fixes from Intel for Spectre didn’t prove their worth, as those were easy to work around. According to Intel’s reaction to this SgxSpectre, Intel SGX SDK is going to have an update on 16 March 2018. App developers must integrate the new SGX SDK libraries into their SGX-enabled apps and issue updates to the users.

According to the researchers, those apps who use Google’s Retpoline anti-Spectre coding techniques are safe from SgxSpectre. That’s a nice relief that Google’s apps aren’t vulnerable to the new Spectre exploit.

For staying secured, update all the apps in your system as soon as available. It’s important to defend against heinous attackers. The proof-of-concept code is publicly available on GitHub. Here’s also a demonstration that shows the practical usage of SgxSpectre.

Intel announced that they’ll be shipping processors free of Meltdown and Spectre in 2018. However, it’s still not 100% guaranteed that such exploits won’t be available. Take a look how more Meltdown and Spectre flaws may emerge.

Spread the love
  • 45


Please enter your comment!
Please enter your name here