Faulty Point Unit: ABI Poisoning Attacks on Intel SGX

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Authors

Colleges, School and Institutes

External organisations

  • imec-DistriNet, KU Leuven, Belgium

Abstract

This paper analyzes a previously overlooked attack surface that allows unprivileged adversaries to impact supposedly secure floatingpoint computations in Intel SGX enclaves through the Application Binary Interface (ABI). In a comprehensive study across 7 widely used industry-standard and research enclave shielding runtimes, we show that control and state registers of the x87 Floating-Point Unit (FPU) and Intel Streaming SIMD Extensions (SSE) are not always properly sanitized on enclave entry. First, we abuse the adversary’s control over precision and rounding modes as a novel “ABI-level fault injection” primitive to silently corrupt enclaved floating-point operations, enabling a new class of stealthy, integrity-only attacks that disturb the result of SGX enclave computations. Our analysis reveals that this threat is especially relevant for applications that use the older x87 FPU, which is still being used under certain conditions for high-precision operations by modern compilers like gcc. We exemplify the potential impact of ABI-level quality-degradation attacks in a case study of an enclaved machine learning service and in a larger analysis on the SPEC benchmark programs. Second, we explore the impact on enclave confidentiality by showing that the adversary’s control over floating-point exception masks can be abused as an innovative controlled channel to detect FPU usage and to recover enclaved multiplication operands in certain scenarios. Our findings, affecting 5 out of the 7 studied runtimes, demonstrate the fallacy and challenges of implementing high-assurance trusted
execution environments on contemporary x86 hardware. We responsibly disclosed our findings to the vendors and were assigned
two CVEs, leading to patches in the Intel SGX-SDK, Microsoft OpenEnclave, the Rust compiler’s SGX target, and Go-TEE.

Details

Original languageEnglish
Title of host publicationACSAC '20: Annual Computer Security Applications Conference 2020
Publication statusPublished - 7 Dec 2020
EventACSAC '20: Computer Security Applications Conference 2020 - virtual event
Duration: 7 Dec 202011 Dec 2020

Conference

ConferenceACSAC '20: Computer Security Applications Conference 2020
Cityvirtual event
Period7/12/2011/12/20

Keywords

  • Trusted execution, Intel SGX, FPU, ABI, side channels