AsyncShock: Exploiting synchronisation bugs in intel SGX enclaves
Weichbrodt N, Kurmus A, Pietzuch P, Kapitza R (2016)
Publication Type: Conference contribution
Publication year: 2016
Journal
Publisher: Springer Verlag
Book Volume: 9878 LNCS
Pages Range: 440-457
Conference Proceedings Title: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Event location: Heraklion, GRC
ISBN: 9783319457437
DOI: 10.1007/978-3-319-45744-4_22
Abstract
Intel’s Software Guard Extensions (SGX) provide a new hardware-based trusted execution environment on IntelCPUs using secure enclaves that are resilient to accesses by privileged code and physical attackers. Originally designed for securing small services, SGX bears promise to protect complex, possibly cloud-hosted, legacy applications. In this paper, we show that previously considered harmless synchronisation bugs can turn into severe security vulnerabilities when using SGX. By exploiting use-after-free and time-of-check-to-time-of-use (TOCTTOU) bugs in enclave code, an attacker can hijack its control flowor bypass access control. We present AsyncShock, a tool for exploiting synchronisation bugs of multithreaded code running under SGX.AsyncShock achieves this by only manipulating the scheduling of threads that are used to execute enclave code. It allows an attacker to interrupt threads by forcing segmentation faults on enclave pages. Our evaluation using two types of Intel Skylake CPUs shows that AsyncShock can reliably exploit use-after-free and TOCTTOU bugs.
Authors with CRIS profile
Involved external institutions
Technische Universität Braunschweig
Germany (DE)
IBM Zurich Research Laboratory
Switzerland (CH)
Imperial College London / The Imperial College of Science, Technology and Medicine
United Kingdom (GB)
Germany (DE)
IBM Zurich Research Laboratory
Switzerland (CH)
Imperial College London / The Imperial College of Science, Technology and Medicine
United Kingdom (GB)
How to cite
APA:
Weichbrodt, N., Kurmus, A., Pietzuch, P., & Kapitza, R. (2016). AsyncShock: Exploiting synchronisation bugs in intel SGX enclaves. In Sokratis Katsikas, Catherine Meadows, Ioannis Askoxylakis, Sotiris Ioannidis (Eds.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 440-457). Heraklion, GRC: Springer Verlag.
MLA:
Weichbrodt, Nico, et al. "AsyncShock: Exploiting synchronisation bugs in intel SGX enclaves." Proceedings of the 21st European Symposium on Research in Computer Security, ESORICS 2016, Heraklion, GRC Ed. Sokratis Katsikas, Catherine Meadows, Ioannis Askoxylakis, Sotiris Ioannidis, Springer Verlag, 2016. 440-457.
BibTeX: Download