1. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution 2018 Attacks IntelSGX TEE Usenix
    Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx
    [View PDF on usenix.org]
    [Show BibTex Citation]

    @inproceedings {217543,
    author = {Jo Van Bulck and Marina Minkin and Ofir Weisse and Daniel Genkin and Baris Kasikci and Frank Piessens and Mark Silberstein and Thomas F. Wenisch and Yuval Yarom and Raoul Strackx},
    title = {Foreshadow: Extracting the Keys to the Intel {SGX} Kingdom with Transient Out-of-Order Execution},
    booktitle = {27th {USENIX} Security Symposium ({USENIX} Security 18)},
    year = {2018},
    isbn = {978-1-939133-04-5},
    address = {Baltimore, MD},
    pages = {991{\textendash}1008},
    url = {https://www.usenix.org/conference/usenixsecurity18/presentation/bulck},
    publisher = {{USENIX} Association},
    month = aug,
    }

Trusted execution environments, and particularly the Software Guard eXtensions (SGX) included in recent Intel x86 processors, gained significant traction in recent years. A long track of research papers, and increasingly also real-world industry applications, take advantage of the strong hardware-enforced confidentiality and integrity guarantees provided by Intel SGX. Ultimately, enclaved execution holds the compelling potential of securely offloading sensitive computations to untrusted remote platforms.

We present Foreshadow, a practical software-only microarchitectural attack that decisively dismantles the security objectives of current SGX implementations. Crucially, unlike previous SGX attacks, we do not make any assumptions on the victim enclave’s code and do not necessarily require kernel-level access. At its core, Foreshadow abuses a speculative execution bug in modern Intel processors, on top of which we develop a novel exploitation methodology to reliably leak plaintext enclave secrets from the CPU cache. We demonstrate our attacks by extracting full cryptographic keys from Intel’s vetted architectural enclaves, and validate their correctness by launching rogue production enclaves and forging arbitrary local and remote attestation responses. The extracted remote attestation keys affect millions of devices.

  1.