Hi,
Anyone tested and implemented SGX in their Kernels? I'm going to have a go at it to better understand the workings.
best regards
Mutex
SGX
Re: SGX
No, no tested. I have never heard of it before. I find it quite interesting and might use it in my kernel. But it seems to have serious security leaks:mutex wrote:Hi,
Anyone tested and implemented SGX in their Kernels? I'm going to have a go at it to better understand the workings.
best regards
Mutex
https://en.wikipedia.org/wiki/Software_ ... ns#Attacks
Greetings
Peter
Re: SGX
Hi,
I think You are right. There is definitely security implications that needs to be addressed in addition to using SGX.
Most of the flaws mentioned is mostly side channel stuff. This is probably the hardest part of computer security in general because it can take so many forms and ways and is often exploited by using different technological domains. Often statistics, physics and electronics in the weirdest combinations. Sometimes easily but often hard to use.
All of them are side channel leak attacks except for the undervolting fault which is more a fault injection attack.
The one with virus using enclave I would not consider a fault... but obviously something to consider.
All of the mentioned leaks above are possible to take countermeasures against from within the enclave making it extremely hard and very unlikely that it would be exploited.
The generic concept and separation of code running in various mode looks very good but as always there should be precautions to stop evil hackers.
An example on how easy side channel leaks can be exploited if implemented badly;
https://youtu.be/cPDDNVKo43w
Best regards
Mutex
I think You are right. There is definitely security implications that needs to be addressed in addition to using SGX.
Most of the flaws mentioned is mostly side channel stuff. This is probably the hardest part of computer security in general because it can take so many forms and ways and is often exploited by using different technological domains. Often statistics, physics and electronics in the weirdest combinations. Sometimes easily but often hard to use.
All of them are side channel leak attacks except for the undervolting fault which is more a fault injection attack.
The one with virus using enclave I would not consider a fault... but obviously something to consider.
All of the mentioned leaks above are possible to take countermeasures against from within the enclave making it extremely hard and very unlikely that it would be exploited.
The generic concept and separation of code running in various mode looks very good but as always there should be precautions to stop evil hackers.
An example on how easy side channel leaks can be exploited if implemented badly;
https://youtu.be/cPDDNVKo43w
Best regards
Mutex
Re: SGX
I admit that I don't understand every technical detail of the LVI attack, only some parts. But this sounds really bad:
Also after learning more about SGX, I think that enclaves are not my first priority for providing protection. Rather LDTs. I must also admit that I haven't thought thoroughly about using paging for security. (Or is paging impossible in long mode anyways?)LVI (lower right) is the next step: we, for the first time, combine Spectre-style code gadgets in the victim application with Meltdown-type illegal data flow from faulting or assisted memory load instructions to bypass existing defenses and inject attacker-controlled data into a victim's transient execution.
Happy hacking
Peter
Re: SGX
How did you get that idea? Turning paging on is literally how you enable long mode. Segmentation is no longer supported, except for base addresses for FS and GS, as well as segment limits on CS, DS, and ES, but only in the highest 4GB of address space.PeterX wrote:(Or is paging impossible in long mode anyways?)
If you are thinking about paging and security, then these days you are going to have to implement PTI. That is, the kernel is unmapped (except for a trampoline) while userspace is running. It kills performance, but it also kills Spectre.
Carpe diem!