Attack Overview Speculative execution has been a widely reported and studied vulnerability that focuses on violating memory isolation. For a while Intel’s SGX was thought to be safe from speculative execution, but recent research has shown that this is not the case. The Foreshadow attack is capable of violating all security assumptions surrounding intel SGX and requires a true hardware level patch to fix. Foreshadow is an extension upon Meltdown which allows SGX memory to sit unprotected in the cache. The key to defeating SGX’s protections lies in abusing the legacy permission checks which occur before SGX can implement its own protections. Originally, SGX was thought to be secure as when an invalid memory access occurs all data gets overwritten with a dummy value of –1. This behavior is called “abort page” semantics. In order to defeat this protection, we need to cause a “page fault”. A page fault is part of the legacy permission checks which if failed, deny SGX
WashU Bear Shell Daily
we write about computer security