In modern Intel processors, there’s a hardware extension available named Software Guard Extension (SGX) to improve the security aspects. It provides a shielded execution environment called ‘enclaves’ to deal with sensitive data and code. This enclave security is designed in such a way that even operating systems aren’t allowed to deal with what’s inside directly.
The concept of SGX is still in its early days, and its adoption is increasing at a rapid pace, including public clouds. When the recent Meltdown and Spectre speculative execution bugs were revealed, the security of enclaves was bound to be questioned. In a newly published paper, a team of scientists from Ohio State University has disclosed SgxSpectre attack variant that’s able to subvert confidential information from SGX enclaves.
The team has said that SgxSpectre is a new breed of Spectre attacks on SGX; it’s able to exploit the “race condition between the injected, speculatively executed memory references.” They’ve chosen a new name to highlight important differences when compared to the original Spectre attack.
To carry out the attack, it’s assumed that the entire OS is compromised and the targeted enclave program could be launched with a software control. This attack is also possible because of the vulnerable code patterns in most SGX runtime libraries, which are difficult to be eliminated.
Moreover, as a result of improper caching due to speculatively executed instructions, the CPU caches could be used to leak information from inside the enclave.
As per Bleeping Computer, an update for the Intel SGX SDK for mitigating SgxSpectre is expected to be released on March 16. Also, the apps that used Google’s Retpoline anti-Spectre measures are safe.