Spectre has another evil sibling that compromises the safe zone created by Intel SGX
The start of 2018 marked a cataclysm of sorts for the computer industry in general and Intel in particular. The twin Meltdown-Spectre vulnerabilities affecting virtually all modern microprocessors built since 1995 were revealed in all their horror. The only upside is that no serious threat we are currently aware of has emerged to leverage these flaws.
Newer Intel microprocessors are provided with Software Guard Extensions (SGX) which allow software programs to run in their own little safe corner of the processor. These safe areas are created on demand and have their own memory, isolated from other system software like hypervisors and the operating system itself.
Should be awesome, right? Well, guess what, not so much.
Ohio State University researchers have uncovered a new variant of the Spectre vulnerability and documented it in a recently released paper. The new menace is dubbed SgxPectre. It allows the safe areas created by SGX to be cracked open like nuts. Their research shows that Intel SGX is not all it's cracked up to be and is vulnerable to attack.
A lot of the speed and efficiency we take for granted today is because of finely tuned speculative execution. Intel microprocessors try to predict what software wants to do next. The research paper explains the SgxPectre vulnerability abuses this branch prediction ability to tease information out of the safe area created by SGX.
The Ohio State University researchers were kind enough to report their findings to Intel before they published their paper. Intel issued this statement in response:
The ray of light is, like the original Meltdown-Spectre vulnerabilities themselves, SgxPectre can be mitigated over time. This mitigation will come on March 16th in the form of a new SGX software development kit (SDK) and microcode updates for affected microprocessors. Let's just pray Intel gets it right out of the gate this time, unlike the first attempt.“We are aware of the research paper from Ohio State and have previously provided information and guidance online about how Intel SGX may be impacted by the side channel analysis vulnerabilities. We anticipate that the existing mitigations for Spectre and Meltdown, in conjunction with an updated software development toolkit for SGX application providers -- which we plan to begin making available on March 16th -- will be effective against the methods described in that research. We recommend customers make sure they are always using the most recent version of the toolkit.”