Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| pubs:asyncshock [2016-09-17 14:40] – created weichbr | pubs:asyncshock [2025-06-28 14:23] (current) – removed weichbr | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves ====== | ||
| - | ==== Abstract ==== | ||
| - | |||
| - | Intel’s Software Guard Extensions (SGX) provide a new hardware-based | ||
| - | trusted execution environment on Intel CPUs using secure | ||
| - | enclaves that are resilient to accesses by privileged code and physical | ||
| - | attackers. Originally designed for securing small services, SGX bears | ||
| - | promise to protect complex, possibly cloud-hosted, | ||
| - | In this paper, we show that previously considered harmless synchronisation | ||
| - | bugs can turn into severe security vulnerabilities when using SGX. | ||
| - | By exploiting use-after-free and time-of-check-to-time-of-use (TOCTTOU) | ||
| - | bugs in enclave code, an attacker can hijack its control flow or bypass | ||
| - | access control. | ||
| - | |||
| - | We present AsyncShock, a tool for exploiting synchronisation bugs of | ||
| - | multithreaded code running under SGX. AsyncShock achieves this by | ||
| - | only manipulating the scheduling of threads that are used to execute | ||
| - | enclave code. It allows an attacker to interrupt threads by forcing segmentation | ||
| - | faults on enclave pages. Our evaluation using two types of Intel | ||
| - | Skylake CPUs shows that AsyncShock can reliably exploit use-after-free | ||
| - | and TOCTTOU bugs. | ||
| - | |||
| - | |||
| - | ==== Download ==== | ||
| - | |||
| - | [[https:// | ||