pubs:asyncshock

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

pubs:asyncshock [2018-06-03 14:10] (current)
Line 1: Line 1:
 +====== AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves ======
  
 +==== Abstract ====
 +
 +Intel’s Software Guard Extensions (SGX) provide a new hardware-based
 +trusted execution environment on Intel CPUs using secure
 +enclaves that are resilient to accesses by privileged code and physical
 +attackers. Originally designed for securing small services, SGX bears
 +promise to protect complex, possibly cloud-hosted, legacy applications.
 +In this paper, we show that previously considered harmless synchronisation
 +bugs can turn into severe security vulnerabilities when using SGX.
 +By exploiting use-after-free and time-of-check-to-time-of-use (TOCTTOU)
 +bugs in enclave code, an attacker can hijack its control flow or bypass
 +access control.
 +
 +We present AsyncShock, a tool for exploiting synchronisation bugs of
 +multithreaded code running under SGX. AsyncShock achieves this by
 +only manipulating the scheduling of threads that are used to execute
 +enclave code. It allows an attacker to interrupt threads by forcing segmentation
 +faults on enclave pages. Our evaluation using two types of Intel
 +Skylake CPUs shows that AsyncShock can reliably exploit use-after-free
 +and TOCTTOU bugs.
 +
 +
 +==== Download ====
 +
 +[[https://www.ibr.cs.tu-bs.de/users/weichbr/papers/esorics2016.pdf|Paper]]
  • pubs/asyncshock.txt
  • Last modified: 2018-06-03 14:10
  • (external edit)