SoK: SGX.Fail: How Stuff Gets eXposed

Stephan Van Schaik; Alex Seto; Thomas Yurek; Adam Batori; Bader Albassam; Daniel Genkin; Andrew Miller; Eyal Ronen; Yuval Yarom; Christina Garman

doi:10.1109/SP54263.2024.00260

SoK: SGX.Fail: How Stuff Gets eXposed

Stephan Van Schaik, Alex Seto, Thomas Yurek, Adam Batori, Bader Albassam, Daniel Genkin, Andrew Miller, Eyal Ronen, Yuval Yarom, Christina Garman

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Intel's Software Guard Extensions (SGX) promises an isolated execution environment, protected from all software running on the machine. As such, numerous works have sought to leverage SGX to provide confidentiality and integrity guarantees for code running in adversarial environments. In the past few years however, SGX has come under heavy fire, threatened by numerous hardware attacks. With Intel repeatedly patching SGX to regain security while consistently launching new (micro)architectures, it is increasingly difficult to track the applicability of various attack techniques across the SGX design landscape.Thus, in this paper we set out to survey and categorize various SGX attacks, their applicability to different SGX architectures, as well as the information leaked by them. We then set out to explore the effectiveness of SGX's update mechanisms in preventing attacks on real-world deployments. Here, we study two commercial SGX applications. First, we investigate the SECRET network, an SGX-backed blockchain aiming to provide privacy-preserving smart contracts. Next, we also consider PowerDVD, a UHD Blu-Ray Digital Rights Management (DRM) software licensed to play discs on PCs. We show that in both cases vendors are unable to meet security goals originally envisioned for their products, presumably due to SGX's long update timelines and the complexities of a manual update process. This in turn forces vendors to make difficult security/usability trade offs, resulting in security compromises.

Original language	English (US)
Title of host publication	Proceedings - 45th IEEE Symposium on Security and Privacy, SP 2024
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	4143-4162
Number of pages	20
ISBN (Electronic)	9798350331301
DOIs	https://doi.org/10.1109/SP54263.2024.00260
State	Published - 2024
Event	45th IEEE Symposium on Security and Privacy, SP 2024 - San Francisco, United States Duration: May 20 2024 → May 23 2024

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
ISSN (Print)	1081-6011

Conference

Conference	45th IEEE Symposium on Security and Privacy, SP 2024
Country/Territory	United States
City	San Francisco
Period	5/20/24 → 5/23/24

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Software
Computer Networks and Communications

Online availability

10.1109/SP54263.2024.00260

Library availability

Discover UIUC Full Text

Cite this

Van Schaik, S., Seto, A., Yurek, T., Batori, A., Albassam, B., Genkin, D., Miller, A., Ronen, E., Yarom, Y., & Garman, C. (2024). SoK: SGX.Fail: How Stuff Gets eXposed. In Proceedings - 45th IEEE Symposium on Security and Privacy, SP 2024 (pp. 4143-4162). (Proceedings - IEEE Symposium on Security and Privacy). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SP54263.2024.00260

SoK: SGX.Fail: How Stuff Gets eXposed. / Van Schaik, Stephan; Seto, Alex; Yurek, Thomas et al.
Proceedings - 45th IEEE Symposium on Security and Privacy, SP 2024. Institute of Electrical and Electronics Engineers Inc., 2024. p. 4143-4162 (Proceedings - IEEE Symposium on Security and Privacy).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Van Schaik, S, Seto, A, Yurek, T, Batori, A, Albassam, B, Genkin, D, Miller, A, Ronen, E, Yarom, Y & Garman, C 2024, SoK: SGX.Fail: How Stuff Gets eXposed. in Proceedings - 45th IEEE Symposium on Security and Privacy, SP 2024. Proceedings - IEEE Symposium on Security and Privacy, Institute of Electrical and Electronics Engineers Inc., pp. 4143-4162, 45th IEEE Symposium on Security and Privacy, SP 2024, San Francisco, United States, 5/20/24. https://doi.org/10.1109/SP54263.2024.00260

@inproceedings{f323585e4ab0467fabee232198d0920b,

title = "SoK: SGX.Fail: How Stuff Gets eXposed",

abstract = "Intel's Software Guard Extensions (SGX) promises an isolated execution environment, protected from all software running on the machine. As such, numerous works have sought to leverage SGX to provide confidentiality and integrity guarantees for code running in adversarial environments. In the past few years however, SGX has come under heavy fire, threatened by numerous hardware attacks. With Intel repeatedly patching SGX to regain security while consistently launching new (micro)architectures, it is increasingly difficult to track the applicability of various attack techniques across the SGX design landscape.Thus, in this paper we set out to survey and categorize various SGX attacks, their applicability to different SGX architectures, as well as the information leaked by them. We then set out to explore the effectiveness of SGX's update mechanisms in preventing attacks on real-world deployments. Here, we study two commercial SGX applications. First, we investigate the SECRET network, an SGX-backed blockchain aiming to provide privacy-preserving smart contracts. Next, we also consider PowerDVD, a UHD Blu-Ray Digital Rights Management (DRM) software licensed to play discs on PCs. We show that in both cases vendors are unable to meet security goals originally envisioned for their products, presumably due to SGX's long update timelines and the complexities of a manual update process. This in turn forces vendors to make difficult security/usability trade offs, resulting in security compromises.",

author = "{Van Schaik}, Stephan and Alex Seto and Thomas Yurek and Adam Batori and Bader Albassam and Daniel Genkin and Andrew Miller and Eyal Ronen and Yuval Yarom and Christina Garman",

note = "This work was supported by the Air Force Office of Scientific Research (AFOSR) under award number FA9550-20-1-0425; an ARC Discovery Early Career Researcher Award DE200101577; an ARC Discovery Project number DP210102670; the Blavatnik ICRC at Tel-Aviv University; the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy - EXC 2092 CASA - 390781972; the National Science Foundation under grant CNS-1954712, CNS-2047991, CNS-2112726 and CNS-1943499; and gifts from Intel and Qualcomm. Parts of this work were undertaken while Yuval Yarom was affiliated with the University of Adelaide and with Data61, CSIRO.; 45th IEEE Symposium on Security and Privacy, SP 2024 ; Conference date: 20-05-2024 Through 23-05-2024",

year = "2024",

doi = "10.1109/SP54263.2024.00260",

language = "English (US)",

series = "Proceedings - IEEE Symposium on Security and Privacy",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "4143--4162",

booktitle = "Proceedings - 45th IEEE Symposium on Security and Privacy, SP 2024",

address = "United States",

}

TY - GEN

T1 - SoK

T2 - 45th IEEE Symposium on Security and Privacy, SP 2024

AU - Van Schaik, Stephan

AU - Seto, Alex

AU - Yurek, Thomas

AU - Batori, Adam

AU - Albassam, Bader

AU - Genkin, Daniel

AU - Miller, Andrew

AU - Ronen, Eyal

AU - Yarom, Yuval

AU - Garman, Christina

N1 - This work was supported by the Air Force Office of Scientific Research (AFOSR) under award number FA9550-20-1-0425; an ARC Discovery Early Career Researcher Award DE200101577; an ARC Discovery Project number DP210102670; the Blavatnik ICRC at Tel-Aviv University; the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy - EXC 2092 CASA - 390781972; the National Science Foundation under grant CNS-1954712, CNS-2047991, CNS-2112726 and CNS-1943499; and gifts from Intel and Qualcomm. Parts of this work were undertaken while Yuval Yarom was affiliated with the University of Adelaide and with Data61, CSIRO.

PY - 2024

Y1 - 2024

N2 - Intel's Software Guard Extensions (SGX) promises an isolated execution environment, protected from all software running on the machine. As such, numerous works have sought to leverage SGX to provide confidentiality and integrity guarantees for code running in adversarial environments. In the past few years however, SGX has come under heavy fire, threatened by numerous hardware attacks. With Intel repeatedly patching SGX to regain security while consistently launching new (micro)architectures, it is increasingly difficult to track the applicability of various attack techniques across the SGX design landscape.Thus, in this paper we set out to survey and categorize various SGX attacks, their applicability to different SGX architectures, as well as the information leaked by them. We then set out to explore the effectiveness of SGX's update mechanisms in preventing attacks on real-world deployments. Here, we study two commercial SGX applications. First, we investigate the SECRET network, an SGX-backed blockchain aiming to provide privacy-preserving smart contracts. Next, we also consider PowerDVD, a UHD Blu-Ray Digital Rights Management (DRM) software licensed to play discs on PCs. We show that in both cases vendors are unable to meet security goals originally envisioned for their products, presumably due to SGX's long update timelines and the complexities of a manual update process. This in turn forces vendors to make difficult security/usability trade offs, resulting in security compromises.

AB - Intel's Software Guard Extensions (SGX) promises an isolated execution environment, protected from all software running on the machine. As such, numerous works have sought to leverage SGX to provide confidentiality and integrity guarantees for code running in adversarial environments. In the past few years however, SGX has come under heavy fire, threatened by numerous hardware attacks. With Intel repeatedly patching SGX to regain security while consistently launching new (micro)architectures, it is increasingly difficult to track the applicability of various attack techniques across the SGX design landscape.Thus, in this paper we set out to survey and categorize various SGX attacks, their applicability to different SGX architectures, as well as the information leaked by them. We then set out to explore the effectiveness of SGX's update mechanisms in preventing attacks on real-world deployments. Here, we study two commercial SGX applications. First, we investigate the SECRET network, an SGX-backed blockchain aiming to provide privacy-preserving smart contracts. Next, we also consider PowerDVD, a UHD Blu-Ray Digital Rights Management (DRM) software licensed to play discs on PCs. We show that in both cases vendors are unable to meet security goals originally envisioned for their products, presumably due to SGX's long update timelines and the complexities of a manual update process. This in turn forces vendors to make difficult security/usability trade offs, resulting in security compromises.

UR - http://www.scopus.com/inward/record.url?scp=85204084041&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85204084041&partnerID=8YFLogxK

U2 - 10.1109/SP54263.2024.00260

DO - 10.1109/SP54263.2024.00260

M3 - Conference contribution

AN - SCOPUS:85204084041

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 4143

EP - 4162

BT - Proceedings - 45th IEEE Symposium on Security and Privacy, SP 2024

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 20 May 2024 through 23 May 2024

ER -

SoK: SGX.Fail: How Stuff Gets eXposed

Abstract

Publication series

Conference

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this