Research Vulnerability discovered in Intel
Research
Vulnerability discovered in Intel

Vulnerability discovered in Intel

An international research team whose members include an ETH Zurich professor has revealed a vulnerability in the security architecture of Intel processors. Until July, Microsoft and Google products were also affected.
Leo Herrmann 19.10.2021
Hardware-​based control mechanisms are used to make data storage more secure. (Image: AdobeStock)

A few years ago, Intel, the world’s leading supplier of PC microprocessors, introduced an improvement that promised greater data security: Software Guard Extensions (SGX). These are hardware-based control mechanisms that ensure that data is secure even if a computer’s operating system is malicious or under attack. “Operating systems have to perform a huge number of functions, and are highly complex,” explains Shweta Shinde, Assistant Professor in the Department of Computer Science at ETH Zurich. It makes sense, therefore, to shield applications with sensitive data from the operating system. Software Guard Extensions allow this to be done by means of “enclaves”, with certain areas serving to protect the program code of applications that should not be accessed by the operating system.

Shinde and her fellow researchers from the National University of Singapore (NUS) and the Chinese National University of Defense Technology (NUDT) have now discovered a vulnerability in this security architecture. They have been able not only to pull data from these enclaves, but also to run arbitrary code of their own in them. Having made the discovery in early May 2021, the researchers immediately notified Intel and Microsoft, the two companies they knew to be affected. This is the usual procedure in such cases, and the two companies resolved the issue by means of software patches in mid-July. The attack programmed by the researchers over months of work is called SmashEx, and is documented in a paper that has already been published as a preprint and will be presented at the ACM CCS conference on 15 November.

No need to panic, but lessons to be learned

The vulnerability is rated by Intel itself with a CVSS (Common Vulnerability Scoring System) score of 8.2 out of 10. This scoring system indicates the severity of vulnerabilities based on a range of indicators. In this case, according to Shweta Shinde, one of the reasons for the high score is the fact that the problem affected new hardware and a potentially large number of corporate and private customers – Intel processors with the relevant Software Guard Extensions are very widespread. Thus, among other things, Google products were also affected. Intel SGX enclaves are also often used when IT infrastructure is shared between different parties, or when sensitive data is involved – in the banking or healthcare sectors, for example. “The fact that the vulnerability affected a technology designed specifically for sensitive data gives us pause,” says Shinde, “but it’s not a reason to panic.” The problem has been solved for the time being using software patches, but Shinde also recommends hardware adaptation for future processor generations to make them more secure in the long term.

Reference

Cui J, Zhijingcheng Yu J, Shinde S, Saxena P, Cai Z SmashEx: Smashing SGX Enclaves Using Exceptions. Proceedings of the ACM Conference on Computer and Communications Security (CCS) November 2021 doi: 10.1145/3460120.3484821 (Publication still pending. Link to the list of papers to be presented).

Altri articoli
How safe is our money?
Research
ETH Zurich
A new Lab for Science in Diplomacy in Geneva
Research
ETH Zurich
Monitoring gene activities in living cells
Research
ETH Zurich EPFL
Why study biodiversity? Because we depend on it!
Research
Eawag WSL