Faulty point unit: ABI poisoning attacks on trusted execution environments

Fritz Alder, Jo Van Bulck, Jesse Spielman, David Oswald, Frank Piessens

Research output: Contribution to journalArticlepeer-review

30 Downloads (Pure)


This article analyzes a previously overlooked attack surface that allows unprivileged adversaries to impact floating-point computations in enclaves through the Application Binary Interface (ABI). In a comprehensive study across 7 industry-standard and research enclave shielding runtimes for Intel Software Guard Extensions (SGX), we show that control and state registers of the x87 Floating-Point Unit (FPU) and Intel Streaming SIMD Extensions are not always properly sanitized on enclave entry. We furthermore show that this attack goes beyond the x86 architecture and can also affect RISC-V enclaves. Focusing on SGX, we abuse the adversary’s control over precision and rounding modes as an ABI fault injection primitive to corrupt enclaved floating-point operations. Our analysis reveals that this is especially relevant for applications that use the older x87 FPU, which is still under certain conditions used by modern compilers. We exemplify the potential impact of ABI quality-degradation attacks for enclaved machine learning and for the SPEC benchmarks. We then explore the impact on confidentiality, showing that control over exception masks can be abused as a controlled channel to recover enclaved multiplication operands. Our findings, affecting 5 of 7 studied SGX runtimes and one RISC-V runtime, demonstrate the challenges of implementing high-assurance trusted execution across computing architectures.
Original languageEnglish
Article number13
Pages (from-to)1-26
Number of pages26
JournalDigital Threats: Research and Practice
Issue number2
Publication statusPublished - 8 Feb 2022


  • ABI
  • FPU
  • Intel SGX
  • Trusted execution
  • side channels


Dive into the research topics of 'Faulty point unit: ABI poisoning attacks on trusted execution environments'. Together they form a unique fingerprint.

Cite this