Faulty Point Unit: ABI Poisoning Attacks on Intel SGX

F. Alder, Jo Van Bulck, David F. Oswald, F. Piessens
{"title":"Faulty Point Unit: ABI Poisoning Attacks on Intel SGX","authors":"F. Alder, Jo Van Bulck, David F. Oswald, F. Piessens","doi":"10.1145/3427228.3427270","DOIUrl":null,"url":null,"abstract":"This paper analyzes a previously overlooked attack surface that allows unprivileged adversaries to impact supposedly secure floating-point computations in Intel SGX enclaves through the Application Binary Interface (ABI). In a comprehensive study across 7 widely used industry-standard and research enclave shielding runtimes, we show that control and state registers of the x87 Floating-Point Unit (FPU) and Intel Streaming SIMD Extensions (SSE) are not always properly sanitized on enclave entry. First, we abuse the adversary’s control over precision and rounding modes as a novel “ABI-level fault injection” primitive to silently corrupt enclaved floating-point operations, enabling a new class of stealthy, integrity-only attacks that disturb the result of SGX enclave computations. Our analysis reveals that this threat is especially relevant for applications that use the older x87 FPU, which is still being used under certain conditions for high-precision operations by modern compilers like gcc. We exemplify the potential impact of ABI-level quality-degradation attacks in a case study of an enclaved machine learning service and in a larger analysis on the SPEC benchmark programs. Second, we explore the impact on enclave confidentiality by showing that the adversary’s control over floating-point exception masks can be abused as an innovative controlled channel to detect FPU usage and to recover enclaved multiplication operands in certain scenarios. Our findings, affecting 5 out of the 7 studied runtimes, demonstrate the fallacy and challenges of implementing high-assurance trusted execution environments on contemporary x86 hardware. We responsibly disclosed our findings to the vendors and were assigned two CVEs, leading to patches in the Intel SGX-SDK, Microsoft OpenEnclave, the Rust compiler’s SGX target, and Go-TEE.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Annual Computer Security Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3427228.3427270","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7

Abstract

This paper analyzes a previously overlooked attack surface that allows unprivileged adversaries to impact supposedly secure floating-point computations in Intel SGX enclaves through the Application Binary Interface (ABI). In a comprehensive study across 7 widely used industry-standard and research enclave shielding runtimes, we show that control and state registers of the x87 Floating-Point Unit (FPU) and Intel Streaming SIMD Extensions (SSE) are not always properly sanitized on enclave entry. First, we abuse the adversary’s control over precision and rounding modes as a novel “ABI-level fault injection” primitive to silently corrupt enclaved floating-point operations, enabling a new class of stealthy, integrity-only attacks that disturb the result of SGX enclave computations. Our analysis reveals that this threat is especially relevant for applications that use the older x87 FPU, which is still being used under certain conditions for high-precision operations by modern compilers like gcc. We exemplify the potential impact of ABI-level quality-degradation attacks in a case study of an enclaved machine learning service and in a larger analysis on the SPEC benchmark programs. Second, we explore the impact on enclave confidentiality by showing that the adversary’s control over floating-point exception masks can be abused as an innovative controlled channel to detect FPU usage and to recover enclaved multiplication operands in certain scenarios. Our findings, affecting 5 out of the 7 studied runtimes, demonstrate the fallacy and challenges of implementing high-assurance trusted execution environments on contemporary x86 hardware. We responsibly disclosed our findings to the vendors and were assigned two CVEs, leading to patches in the Intel SGX-SDK, Microsoft OpenEnclave, the Rust compiler’s SGX target, and Go-TEE.
故障点单元:ABI中毒攻击英特尔SGX
本文分析了以前被忽视的攻击面,该攻击面允许无特权的攻击者通过应用程序二进制接口(Application Binary Interface, ABI)影响英特尔SGX飞地中被认为是安全的浮点计算。在对7个广泛使用的行业标准和研究enclave屏蔽运行时的全面研究中,我们表明x87浮点单元(FPU)和英特尔流SIMD扩展(SSE)的控制和状态寄存器并不总是在enclave入口上得到适当的清理。首先,我们滥用对手对精度和舍入模式的控制,作为一种新的“abi级故障注入”原语,无声地破坏包围的浮点运算,从而实现一类新的隐身,仅完整性的攻击,干扰SGX包围计算的结果。我们的分析表明,这种威胁与使用老式x87 FPU的应用程序尤其相关,在某些条件下,现代编译器(如gcc)仍在使用老式x87 FPU进行高精度操作。我们在一个封闭机器学习服务的案例研究和对SPEC基准程序的更大分析中举例说明了abi级质量退化攻击的潜在影响。其次,我们通过展示对手对浮点异常掩码的控制可以被滥用为一种创新的控制通道,以检测FPU使用情况并在某些情况下恢复包围的乘法操作数,从而探索对飞地机密性的影响。我们的发现影响了所研究的7个运行时中的5个,证明了在当代x86硬件上实现高保证可信执行环境的谬误和挑战。我们负责任地向供应商披露了我们的发现,并分配了两个cve,导致英特尔SGX- sdk,微软OpenEnclave, Rust编译器的SGX目标和Go-TEE中的补丁。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信