In 2015, Intel, the world’s largest CPU manufacturer, released SGX and the Skylake processor simultaneously. Just as its name implies, it is an extension of IA to enhance the security of software.
Intel Software Guard eXtensions (SGX) is a feature of modern Intel processors, which allows applications to create enclave. Enclave can be understood as a safe environment for data running. We can call it the “small black box”. SGX does not protect software by identifying or isolating malware in the system, but encapsulates the operation of legitimate software on sensitive data (such as encryption keys, passwords, user data, etc.) in the “small black box”, which makes it impossible for malware to access these data.
Earlier this year, two hardware defects known as “Meltdown” and “Spectre” broke the separation between the operating system and applications, allowing attackers to extract information from OS kernels or other applications.
On the x86 system that implements SGX, an attacker can attack other sensitive programs by malware running in a “small black box”, thus breaking the security of SGX. Because the malware also runs in the “small black box”, it is difficult for the anti-virus software on the host to find and clean up the attacker.
Last week, a team of six scientists from Ohio State University unveiled a new attack technique. The team said the new attack technology, named SgxSpectre, could extract data from small black box built by SGX.
The team says SgxSpectre works based on specific code patterns in the software library that allow developers to add SGX support to their applications. These vulnerable development kits include Intel SGX SDK, Rust-SGX SDK and Graphene-SGX SDK.
Attackers can use the repetitive code execution patterns introduced by these development kits in SGX to observe subtle changes in cache size and infer sensitive data stored in “small black boxes”. This is a typical “side-channel attack (SCA)” and is very effective.
The research team emphasized that SgxPectre attacks can completely destroy the confidentiality of SGX’s “small black box”. When the development kits run, there are vulnerable code patterns in the software library, so any code developed using Intel’s official SGXSDK will be affected by the SgxPectre attacks, regardless of the implementation of the “small black box”.
How can we resist such an attack? Trias proposed a solution to this problem, that is, HCGraph — heterogeneous consensus map protocol. Through the combination of a variety of TEE technology to ensure the security of the system, only the attacker grasps the vulnerabilities of multiple technologies or launches a large-scale attack at the same time, it is possible to break through. It greatly increases the cost of hacking to attack the system.
