Software Guard Extensions

Intel Software Guard Extensions (SGX) is a set of central processing unit (CPU) instruction codes from Intel that allows user-level code to allocate private regions of memory, called enclaves, that are protected from processes running at higher privilege levels.^[1] Intel designed SGX to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM).^[2]

Details

Support for SGX in the CPU is indicated in CPUID "Structured Extended feature Leaf", EBX bit 02,^[3] but its availability to applications requires BIOS support and opt-in enabling which is not reflected in CPUID bits. This complicates the feature detection logic for applications.^[4]

Emulation of SGX was added to an experimental version of the QEMU system emulator in 2014.^[5] In 2015, researchers at the Georgia Institute of Technology released an open-source simulator known as OpenSGX.^[6]

It was introduced in 2015 with the sixth generation Intel Core microprocessors based on the Skylake microarchitecture.

One example of SGX used in security was a demo application from wolfSSL^[7] using it for cryptography algorithms. One example of a secure service built using SGX is Fortanix's key management service.^[8] This entire cloud based service is built using SGX servers and designed to provide privacy from cloud providers. An additional example is Numecent using SGX to protect the DRM that is used to authorize application execution with their Cloudpaging application delivery products.

Intel Goldmont Plus (Gemini Lake) microarchitecture will also add support for Intel SGX.

Prime+Probe attack

On 27 March 2017 researchers at Austria's Graz University of Technology developed a proof-of-concept that can grab RSA keys from SGX enclaves running on the same system within five minutes by using certain CPU instructions in lieu of a fine-grained timer to exploit cache DRAM side-channels.^[9]^[10] One countermeasure for this type of attack was presented and published by Daniel Gruss et al. at the USENIX Security Symposium in 2017.^[11] Among other published countermeasures, one countermeasure to this type of attack was published on September 28, 2017, a compiler-based tool, DR.SGX,^[12] that claims to have superior performance with the elimination of the implementation complexity of other proposed solutions.

Spectre-like attack

The LSDS group at Imperial College London showed a proof of concept that the Spectre speculative execution security vulnerability can be adapted to attack the secure enclave.^[13] The Foreshadow attack, disclosed in August 2018, combines speculative execution and buffer overflow to bypass the SGX.^[14]

References

↑ "Intel SGX for Dummies (Intel SGX Design Objectives)". intel.com. 2013-09-26.
↑ "Intel SGX Details". intel.com. 2017-07-05.
↑ Intel Architecture Instruction Set Extensions Programming Reference, Intel, AUGUST 2015, page 36 "Structured Extended feature Leaf EAX=07h, EBX Bit 02: SGX"
↑ "Properly Detecting Intel Software Guard Extensions in Your Applications". intel.com. 2016-05-13.
↑ https://tc.gtisc.gatech.edu/bss/2014/l/final/pjain43.pdf
↑ "sslab-gatech/opensgx". GitHub. Retrieved 2016-08-15.
↑ "wolfSSL At IDF". wolfssl. 2016-08-11.
↑ "Interview with Ambuj Kumar, CEO and Co-founder of Fortanix". virtual-strategy.com. 2017-12-20. Retrieved 2018-07-27.
↑ Chirgwin, Richard (March 7, 2017). "Boffins show Intel's SGX can leak crypto keys". The Register. Retrieved 1 May 2017.
↑ Schwarz, Michael; Weiser, Samuel; Gruss, Daniel; Maurice, Clémentine; Mangard, Stefan (March 1, 2017). "Malware Guard Extension: Using SGX to Conceal Cache Attacks". Graz University of Technology. arXiv:1702.08719. Bibcode:2017arXiv170208719S.
↑ "Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory" (PDF). USENIX. 2017-08-16.
↑ "DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization" (PDF). 2017-09-28.
↑ Sample code demonstrating a Spectre-like attack against an Intel SGX enclave.
↑ https://arstechnica.com/gadgets/2018/07/new-spectre-like-attack-uses-speculative-execution-to-overflow-buffers/

External links

Intel Software Guard Extensions (Intel SGX) / ISA Extensions, Intel
- Intel Software Guard Extensions (Intel SGX) Programming Reference, Intel, October 2014
- IDF 2015 - Tech Chat: A Primer on Intel Software Guard Extensions, Intel (poster)
- ISCA 2015 tutorial slides for Intel SGX, Intel, June 2015
McKeen, Frank, et al. (Intel), Innovative Instructions and Software Model for Isolated Execution // Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 2013.
Joanna Rutkowska, Thoughts on Intel's upcoming Software Guard Extensions (Part 1), August 2013
SGX: the good, the bad and the downright ugly / Shaun Davenport, Richard Ford (Florida Institute of Technology) / Virus Bulletin, 2014-01-07
Victor Costan and Srinivas Devadas, Intel SGX Explained, January 2016.
wolfSSL, October 2016.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] "Intel SGX for Dummies (Intel SGX Design Objectives)". intel.com. 2013-09-26.

[2] "Intel SGX Details". intel.com. 2017-07-05.

[3] Intel Architecture Instruction Set Extensions Programming Reference, Intel, AUGUST 2015, page 36 "Structured Extended feature Leaf EAX=07h, EBX Bit 02: SGX"

[4] "Properly Detecting Intel Software Guard Extensions in Your Applications". intel.com. 2016-05-13.

[5] ttps://tc.gtisc.gatech.edu/bss/2014/l/final/pjain43.pdf

[6] "sslab-gatech/opensgx". GitHub. Retrieved 2016-08-15.

[7] "wolfSSL At IDF". wolfssl. 2016-08-11.

[8] "Interview with Ambuj Kumar, CEO and Co-founder of Fortanix". virtual-strategy.com. 2017-12-20. Retrieved 2018-07-27.

[9] Chirgwin, Richard (March 7, 2017). "Boffins show Intel's SGX can leak crypto keys". The Register. Retrieved 1 May 2017.

[10] Schwarz, Michael; Weiser, Samuel; Gruss, Daniel; Maurice, Clémentine; Mangard, Stefan (March 1, 2017). "Malware Guard Extension: Using SGX to Conceal Cache Attacks". Graz University of Technology. arXiv:1702.08719. Bibcode:2017arXiv170208719S.

[11] "Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory" (PDF). USENIX. 2017-08-16.

[12] "DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization" (PDF). 2017-09-28.

[13] Sample code demonstrating a Spectre-like attack against an Intel SGX enclave.

[14] ttps://arstechnica.com/gadgets/2018/07/new-spectre-like-attack-uses-speculative-execution-to-overflow-buffers/

Intel
Subsidiaries	3Dlabs Altera Comneon Intel Security Mobileye Recon Instruments Virtutech Wind River Systems
Joint ventures	4Group Holdings (50% owned by Technicolor SA) McAfee (49%)
Products	Intel AZ210 3D XPoint Accounts & SSO Amplify Tablet Advanced Programmable Interrupt Controller Cache Acceleration Software Client Initiated Remote Access Direct Media Interface Flexible Display Interface Hella Zippy Intel 1103 Intel Display Power Saving Technology Intel Modular Server System Intel Reader Intel SPSH4 Intel System Development Kit Intel Upgrade Service Intel740 InTru3D IXP1200 OFono Omni-Path Performance acceleration technology Shooting Star Smart Cache SSDs (X25-M) Stable Image Platform Virtual 8086 mode WiDi x86 Intel Clear Video Intel Quick Sync Video
Litigation	Advanced Micro Devices, Inc. v. Intel Corp. High-Tech Employee Antitrust Litigation Intel Corp. v. Advanced Micro Devices, Inc. Intel Corp. v. Hamidi Intel Corporation Inc. v CPM United Kingdom Ltd Silvaco Data Systems v. Intel Corp.
People	Gordon Moore Robert Noyce
Related	Intel Foundation Achievement Award Apple's transition to Intel processors Intel Architecture Labs ASCI Red BiiN Classmate PC Convera Corporation Copy Exactly! Cornell Cup USA Intel Developer Forum Dynamic video memory technology Intel Extreme Masters List of Intel microprocessors List of Intel graphics processing units (2013 or earlier) I/O Acceleration Technology IA-32 Execution Layer IM Flash Technologies The Innovators Inside Inside Films Intel ADX Intel Capital Intel Cluster Ready Intel Compute Stick Intel Ireland Intel Mobile Communications Intel Outstanding Researcher Award Intel SHA extensions Intel Teach List of semiconductor fabrication plants List of Intel manufacturing sites Intel Museum OnCue Intel PRO/Wireless Intel International Science and Engineering Fair Regeneron Science Talent Search Simple Firmware Interface Single-chip Cloud Computer Software Guard Extensions Supervisor Mode Access Prevention Tarari Intel Technology Journal Intel Tera-Scale Timeline of Intel Xircom

Instruction set extensions
SIMD (RISC)	Alpha MVI ARM NEON SVE MIPS MDMX MIPS-3D MXU MIPS SIMD PA-RISC MAX Power ISA VMX SPARC VIS
SIMD (x86)	MMX (1996) 3DNow! (1998) SSE (1999) SSE2 (2001) SSE3 (2004) SSSE3 (2006) SSE4 (2006) SSE5 ~~(2007)~~ AVX (2008) F16C (2009) XOP (2009) FMA (FMA4: 2011, FMA3: 2012) AVX2 (2013) AVX-512 (2015)
Bit manipulation	BMI (ABM: 2007, BMI1: 2012, BMI2: 2013, TBM: 2012) ADX (2014)
Compressed instructions	Thumb MIPS16e ASE
Security and cryptography	AES-NI (2008); 32- and 64-bit ARMv8 also has AES instructions CLMUL (2010) RdRand (2012) SHA (2013) MPX (2015) SGX (2015)
Transactional memory	TSX (2013) ASF
Virtualization	VT-x (2005) AMD-V (2006)
Suspended extensions' dates have been ~~struck through~~.