Session
Schedule FOSDEM 2020
Hardware-aided Trusted Computing

AMENDMENT A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes

K.4.601
Jo Van Bulck
This talk analyzes the vulnerability space arising in Trusted Execution Environments (TEEs) when interfacing a trusted enclave application with untrusted, potentially malicious code. Considerable research and industry effort has gone into developing TEE runtime libraries with the purpose of transparently shielding enclave application code from an adversarial environment. However, our analysis reveals that shielding requirements are generally not well-understood in real-world TEE runtime implementations. We expose several sanitization vulnerabilities at the level of the Application Binary Interface (ABI) and the Application Programming Interface (API) that can lead to exploitable memory safety and side-channel vulnerabilities in the compiled enclave. Mitigation of these vulnerabilities is not as simple as ensuring that pointers are outside enclave memory. In fact, we demonstrate that state-of-the-art mitigation techniques such as Intel’s edger8r, Microsoft’s “deep copy marshalling”, or even memory-safe languages like Rust fail to fully eliminate this attack surface. Our analysis reveals 35 enclave interface sanitization vulnerabilities in 8 major open-source shielding frameworks for Intel SGX, RISC-V, and Sancus TEEs. We practically exploit these vulnerabilities in several attack scenarios to leak secret keys from the enclave or enable remote code reuse. We have responsibly disclosed our findings, leading to 5 designated CVE records and numerous security patches in the vulnerable open-source projects, including the Intel SGX-SDK, Microsoft Open Enclave, Google Asylo, and the Rust compiler. Please note that this talk was originally scheduled to begin at the later time of 13:00

Additional information

Type devroom

More sessions

2/1/20
Hardware-aided Trusted Computing
Vasily A. Sartakov
K.4.601
abstract
2/1/20
Hardware-aided Trusted Computing
Jethro G. Beekman
K.4.601
Intel Software Guard Extensions (SGX) makes software secure from the outside. Rust makes it secure from the inside. This workshop will introduce you to Rust and the Fortanix® Enclave Development Platform (EDP) for Rust: how it works, what you can do with it, and why Rust is such a good fit for SGX. Please note that this was previously scheduled for 11:15 and replaces the talk on "Introduction to the CoSMIX Compiler" by Yan Michalevsky.
2/1/20
Hardware-aided Trusted Computing
Amaury Chamayou
K.4.601
The Confidential Consortium Framework is an open-source framework for building permissioned confidential multi-party services. It leverages hardware trusted execution environments to provide strong confidentiality, integrity, and high performance. CCF implements consortium-based programmable and auditable governance. Please note that this talk was originally scheduled to begin at the later time of 11:50.
2/1/20
Hardware-aided Trusted Computing
Vasily A. Sartakov
K.4.601
In this talk I will present EActors, an actor framework that is tailored to SGX and offers a more seamless, flexible and efficient use of trusted execution – especially for applications demanding multiple enclaves. EActors disentangles the interaction with enclaves and, among them, from costly execution mode transitions. It features lightweight fine-grained parallelism based on the concept of actors, thereby avoiding costly SGX SDK provided synchronisation constructs. Finally, EActors offers a ...
2/1/20
Hardware-aided Trusted Computing
Rouven Czerwinski
K.4.601
OP-TEE is an open source implementation of the GPD TEE specifications. However deploying OP-TEE inside a real world product requires more than just the integration into the system, since the integrator needs to ensure that all security requirements are met. This talk will outline a common set of these requirements and show the necessary changes based on NXP i.MX6 platforms. Please note that this talk was originally scheduled to begin at the later time of 13:35
2/1/20
Hardware-aided Trusted Computing
Thiago Zagatti
K.4.601
SGX-LKL is a library OS designed to run unmodified Linux binaries inside SGX enclaves. It uses the Linux Kernel Library (LKL) and a modified version of musl to provide system support for complex applications within the enclave. SGX-LKL has support for in-enclave user-level threading, signal handling, and paging. This demo presents an overview of SGX-LKL and demonstrates how popular applications can be ported and executed within SGX-LKL. Please note that this talk was originally scheduled to ...