I will describe the recipe of speculative execution attacks, and focus on the recent one called Foreshadow. The first variant of Foreshadow breaks the SGX confidentiality guarantees and enables us to circumvent the SGX remote attestation mechanism. Later, Intel's continued investigation revealed two other variants, with the most devastating one allowing a malicious Guest OS running in a virtual machine to access the host data. I will explain a few less known technical details and will discuss some of its non-technical implications.
When SGX fell victim to speculative execution bugs
Technion, Haifa, Israel
Sondertermin: APB 3105, 10:30
Joint work with Jo Van Bulck, Frank Piessens, Raoul Strackx (imec-DistriNet, KU Leuven), Marina Minkin (Technion & University of Michigan), Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F. Wenisch (University of Michigan), Yuval Yarom (University of Adelaide and CSIRO's Data61).