[Info-vax] Intel junk...Intel's SGX blown wide open by, you guessed it, a speculative execution attack

Designed By India H1B Engineers h1b at intel.com
Wed Aug 15 00:58:48 EDT 2018 

These flaws couldn't purposely be designed by foreign interests 
could they?

Speculative execution attacks truly are the gift that keeps on 
giving.

Another day, another speculative execution-based attack. Data 
protected by Intel's SGX—data that's meant to be protected even 
from a malicious or hacked kernel—can be read by an attacker 
thanks to leaks enabled by speculative execution.

Since publication of the Spectre and Meltdown attacks in January 
this year, security researchers have been taking a close look at 
speculative execution and the implications it has for security. 
All high-speed processors today perform speculative execution: 
they assume certain things (a register will contain a particular 
value, a branch will go a particular way) and perform 
calculations on the basis of those assumptions. It's an 
important design feature of these chips that's essential to 
their performance, and it has been for 20 years.

But Meltdown and Spectre showed that speculative execution has 
security implications. Meltdown (on most Intel and some ARM 
processors) allows user applications to read the contents of 
kernel memory. Spectre (on most Intel, AMD, and ARM chips) can 
be used to attack software sandboxes used for JavaScript in 
browsers and, under the right conditions, can allow kernel 
memory or hypervisor memory to be read. In the months since they 
were first publicized, we've seen new variants: speculative 
store bypass, speculative buffer overflows, and even a remotely 
exploitable version of Spectre.

What's in store today? A new Meltdown-inspired attack on Intel's 
SGX, given the name Foreshadow by the researchers who found it. 
Two groups of researchers found the vulnerability independently: 
a team from KU Leuven in Belgium reported it to Intel in early 
January—just before Meltdown and Spectre went public—and a 
second team from the University of Michigan, University of 
Adelaide, and Technion reported it three weeks later.

Continued.

https://arstechnica.com/gadgets/2018/08/intels-sgx-blown-wide-
open-by-you-guessed-it-a-speculative-execution-attack/

More information about the Info-vax mailing list