Feedback

AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves

Affiliation/Institute
Institut für Betriebssysteme und Rechner
Weichbrodt, Nico;
Affiliation/Institute
IBM Research Zurich
Kurmus, Anil;
Affiliation/Institute
Imperial College London
Pietzuch, Peter;
Affiliation/Institute
Institut für Betriebssysteme und Rechner
Kapitza, Rüdiger

Intel's Software Guard Extensions (SGX) provide a new hardware-based trusted execution environment on Intel CPUs using secure enclaves that are resilient to accesses by privileged code and physical attackers. Originally designed for securing small services, SGX bears promise to protect complex, possibly cloud-hosted, legacy applications. In this paper, we show that previously considered harmless synchronisation bugs can turn into severe security vulnerabilities when using SGX. By exploiting use-after-free and time-of-check-to-time-of-use (TOCTTOU) bugs in enclave code, an attacker can hijack its control flow or bypass access control. We present AsyncShock, a tool for exploiting synchronisation bugs of multithreaded code running under SGX. AsyncShock achieves this by only manipulating the scheduling of threads that are used to execute enclave code. It allows an attacker to interrupt threads by forcing segmentation faults on enclave pages. Our evaluation using two types of Intel Skylake CPUs shows that AsyncShock can reliably exploit use-after-free and TOCTTOU bugs.

Preview

Cite

Citation style:
Could not load citation form.

Access Statistic

Total:
Downloads:
Abtractviews:
Last 12 Month:
Downloads:
Abtractviews:

Rights

Use and reproduction:
All rights reserved