A few years ago, Intel, the world’s leading supplier of PC microprocessors, introduced an improvement that promised greater data security: Software Guard Extensions (SGX). These are hardware-based control mechanisms that ensure that data is secure even if a computer’s operating system is malicious or under attack. “Operating systems have to perform a huge number of functions, and are highly complex,” explains Shweta Shinde, Assistant Professor in the Department of Computer Science at ETH Zurich. It makes sense, therefore, to shield applications with sensitive data from the operating system. Software Guard Extensions allow this to be done by means of “enclaves”, with certain areas serving to protect the program code of applications that should not be accessed by the operating system.
Shinde and her fellow researchers from the National University of Singapore (NUS) and the Chinese National University of Defense Technology (NUDT) have now discovered a vulnerability in this security architecture. They have been able not only to pull data from these enclaves, but also to run arbitrary code of their own in them. Having made the discovery in early May 2021, the researchers immediately notified Intel and Microsoft, the two companies they knew to be affected. This is the usual procedure in such cases, and the two companies resolved the issue by means of software patches in mid-July. The attack programmed by the researchers over months of work is called SmashEx, and is documented in a paper that has already been published as a preprint and will be presented at the ACM CCS conference on 15 November.
No need to panic, but lessons to be learned
The vulnerability is rated by Intel itself with a CVSS (Common Vulnerability Scoring System) score of 8.2 out of 10. This scoring system indicates the severity of vulnerabilities based on a range of indicators. In this case, according to Shweta Shinde, one of the reasons for the high score is the fact that the problem affected new hardware and a potentially large number of corporate and private customers – Intel processors with the relevant Software Guard Extensions are very widespread. Thus, among other things, Google products were also affected. Intel SGX enclaves are also often used when IT infrastructure is shared between different parties, or when sensitive data is involved – in the banking or healthcare sectors, for example. “The fact that the vulnerability affected a technology designed specifically for sensitive data gives us pause,” says Shinde, “but it’s not a reason to panic.” The problem has been solved for the time being using software patches, but Shinde also recommends hardware adaptation for future processor generations to make them more secure in the long term.