SGXDump: Repeatable Code Reuse Attack for Extracting SGX Enclave Memory

sgxdump a repeatable code reuse attack n.w
1 / 24
Embed
Share

Explore SGXDump, a code-reuse attack designed to extract memory contents from SGX enclaves by exploiting vulnerabilities in the Intel SGX security solution. Learn about the threat model, attack design, and implementation details in this informative study.

  • SGXDump
  • Code Reuse Attack
  • SGX Enclave
  • Memory Extraction
  • Intel SGX
rayaanacharya
stephanos Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. SGXDump: A Repeatable Code-Reuse Attack for Extracting SGX Enclave Memory

  2. Contents Background Threat Model SGXDump Attack Overview Attack Design Implementation Conclusion

  3. Background Intel s SGX Enclave ASLR Virtual Address Translation

  4. Intels Software Guard Extensions set of instructions that allows a user process to create a secure area called an enclave inside its address space A hardware-based security solution to provide trusted computing environment.

  5. Enclave ASLR Does NOT randomize the section address inside of the enclave In this study, attacker with root privilege can find the base address of the enclave binary at each execution Thus, All the addresses of the necessary ROP Gadgets can be calculated

  6. Virtual Address Translation Virtual addresses need to be translated into physical addresses OS uses a per-process page table(array of page table entries) to manage its memory at the page level

  7. Virtual Address Translation When an instruction accesses a page, its access page is set to 1 When an attacker has root privilege, this access bit can be used as a covert channel 1. Make a probe array(pa[]), which needs 256 consecutive pages for a page size of 4KB 2. Assume that process acquires 1 byte of secret information s then uses it to access pa[s*4096] - Attacker can obtain s by monitoring pa[] s access bit

  8. Threat Model The primary goal of SGXDump is to extract the memory s entire contents, including any code and data in the target enclave by using the ROP payload assume that the target application running the enclave has a memory corruption vulnerability (e.g., a stack buffer overflow) suppose that the attacker can acquire root privilege, so has complete control of the OS

  9. Threat Model Thus, we assume that the attacker can install a kernel module for checking the access bit of the victim process

  10. SGXDump Attack Overview SGXDump Probe Array Monitor

  11. SGXDump Turns enclave memory values into virtual page numbers in the accessed PTE(Page Table Entry) Reads one byte from enclave memory Binary-shifts the value to the left twelve times Multiplying 4096 to the value Adds base address of the probe array to the value Uses the value as index to access the probe array Sets access bit of PTE to 1

  12. SGXDump The value that SGXDump read from the enclave memory can be recovered based on the index of the accessed probe array To obtain the entire contents, SGXDump iterates until it reaches the end of the memory

  13. Probe Array Monitoring Detect a change in a PTE Recover the value by locating the accessed page number in the PTE Clears the access bit in the PTE and continues To leak data correctly, uses semaphore

  14. Probe Array Monitoring Sync Four-byte memory in target application s stack Uses zero to indicate SGXDump to read next byte Uses starting address of a waiting loop in SGXDump

  15. Attack Design Choosing the Probe Array Conditions of Memory area for Probe Array Mapped Memory area No access by other threads Memory area outside of the Enclave

  16. Attack Design Choosing the Probe Array Finding the satisfying area Analyze memory mapping information of the target process /proc/pid/maps

  17. Attack Design Choosing the Probe Array

  18. Attack Design Choosing the Probe Array Finding the satisfying area Analyze memory mapping information of the target process /proc/pid/maps Check if a thread uses the possible memory area

  19. Attack Design Identifying the Enclave s Base Address Intel s SGX does NOT allow dynamic linking Need a customized ROP payload for each target enclave Only Enclave base address is random in ASLR environment ROP Payload can be constructed correctly with base address

  20. Attack Design SGXDump ROP Payload Structure

  21. Attack Design Synchronization and Data Leak via PAM

  22. Implementation

  23. Implementation Evaluation

  24. Conclusion If memory vulnerability is found on A SGX Application Enclave memory can be leaked easily Presented ROP attack to retrieve the enclave s entire memory Does NOT leave any system logs making the attack more stealthy

Related


Mass Media and Communication for the Academic Year 2020/2021

Mass Media and Communication for the Academic Year 2020/2021

claire
10 Essential Skills to Consider When You Hire a PHP Developer

10 Essential Skills to Consider When You Hire a PHP Developer

henery
Media Ecology: Impact of Communication Technology

Media Ecology: Impact of Communication Technology

ellery
Introduction to PHP Development for Web Services

Introduction to PHP Development for Web Services

meghn
Development of Multiclock Cycle in Processor

Development of Multiclock Cycle in Processor

dbote
Salinity in Seawater: Density, Composition, and Variations

Salinity in Seawater: Density, Composition, and Variations

kyliann
Database Connectivity Methods in PHP Explained

Database Connectivity Methods in PHP Explained

meey256
PHP File I/O Functions and Query Strings Explained

PHP File I/O Functions and Query Strings Explained

dan_men
Introduction to PHP Scripting Language and Operators

Introduction to PHP Scripting Language and Operators

keleigh
The Fetch-Decode-Execute Cycle in Computer Processing

The Fetch-Decode-Execute Cycle in Computer Processing

riverl
Comparison Study Between ExoMars and Sample Fetch Rover Visual Localization Algorithms

Comparison Study Between ExoMars and Sample Fetch Rover Visual Localization Algorithms

fitz_21
Modern Web Development Techniques

Modern Web Development Techniques

mrece
Human Interaction with Media - The Media Equation by Reeves and Nass

Human Interaction with Media - The Media Equation by Reeves and Nass

kean239
Drive Business Growth The Power of Hiring Expert PHP Developers for Your Team

Drive Business Growth The Power of Hiring Expert PHP Developers for Your Team

Kelvin1
How to Hire PHP Developers_ A Complete Step-by-Step Guide (1)

How to Hire PHP Developers_ A Complete Step-by-Step Guide (1)

ridh
PHP Developer Hire_ Build Better Websites with Ease

PHP Developer Hire_ Build Better Websites with Ease

ridh
CSE 502: Computer Architecture

CSE 502: Computer Architecture

shny780
WEB APPLICATIONS IN PHP

WEB APPLICATIONS IN PHP

trrs830
PHP Comments, Variables, Echo & Operations Basics

PHP Comments, Variables, Echo & Operations Basics

mang277
AJAX and PHP

AJAX and PHP

audryana
PHP Functions and File I/O Basics

PHP Functions and File I/O Basics

bjah
Types of Media in Advertising: Traditional vs. New Age

Types of Media in Advertising: Traditional vs. New Age

coughlan_k

More Related Content