Welcome to Yugen, a space I dedicate to
learning new things.

According to Intel, its Software Guard Extensions (Intel SGX), allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels. What stands out to me is that SGX is a CPU-based defense system and since it allows applications to run in private memory space, overall system vulnerability is reduced. CPU instructions are used to increase access control which prevents data modification, deletion and disclosure and thereby enhances code security. When an application is run inside an enclave, the CPU instantly encrypts it and stores the key and since the key is inside the CPU, it cannot be obtained by inspecting system memory. Spectre is an Intel processor vulnerability but even that did not seem to affect the SGX enclaves as the enclave security was designed in a way that prevented even operating systems from accessing the data in these enclaves.

Till now, Intel SGX seemed impenetrable but this is where SGXPECTRE comes in. This attack exploits the race condition between the injected, speculatively executed memory references which then leads to side-channel observable cache traces and latency of branch resolution.

ÆPIC Leak is an architectural flaw which also enables attacks against SGX enclaves and forces specific data into caches leading to leaked targeted secrets. The Advanced Programmable Interrupt Controller (APIC) mechanism manages and routes interrupts but there exists a bug, an uninitialized memory read, which happens when memory space is not cleared after the CPU is done processing it, causing the leak of old data that is no longer needed.

I found this interesting thread where Dan O'Keeffe from the LSDS group at Imperial College London shared a proof-of-concept Spectre-like attack on Intel SGX enclaves in the Intel community forum and an expert from Intel reviewed it and made several detailed observations. Another interesting article I came across was about the Secret Network which is a protocol that focuses heavily on private transactions. A group of security researchers were examining the network for ÆPIC Leak vulnerabilities and ended up finding the master decryption key for the entire network.The vulnerability was related to Intel’s Software Guard Extensions.

On a concluding note, it may seem that the Intel SGX is not as impenetrable as we originally thought but there are still some incredible applications of this technology. Intel, R3 and Hope for Justice are collaborating to build an application that enables organizations combating modern slavery to confidently share sensitive data related to individual cases. This Data Exchange application takes advantage of the Intel® Software Guard Extensions because it enables multiple organizations to collaborate on shared analysis and validate algorithms while shielding confidential or regulated data from other parties. More details about this collaboration can be found in this article.