Affiliation:
1. imec-DistriNet, KU Leuven, Belgium
2. University of Birmingham, Edgbaston
Abstract
This article analyzes a previously overlooked attack surface that allows unprivileged adversaries to impact floating-point computations in enclaves through the Application Binary Interface (ABI). In a comprehensive study across 7 industry-standard and research enclave shielding runtimes for Intel Software Guard Extensions (SGX), we show that control and state registers of the x87 Floating-Point Unit (FPU) and Intel Streaming SIMD Extensions are not always properly sanitized on enclave entry. We furthermore show that this attack goes beyond the x86 architecture and can also affect RISC-V enclaves. Focusing on SGX, we abuse the adversary’s control over precision and rounding modes as an ABI fault injection primitive to corrupt enclaved floating-point operations. Our analysis reveals that this is especially relevant for applications that use the older x87 FPU, which is still under certain conditions used by modern compilers. We exemplify the potential impact of ABI quality-degradation attacks for enclaved machine learning and for the SPEC benchmarks. We then explore the impact on confidentiality, showing that control over exception masks can be abused as a controlled channel to recover enclaved multiplication operands. Our findings, affecting 5 of 7 studied SGX runtimes and one RISC-V runtime, demonstrate the challenges of implementing high-assurance trusted execution across computing architectures.
Funder
Engineering and Physical Sciences Research Council
European Union’s Horizon 2020 research and innovation programme
Research Fund KU Leuven
Flemish Research Programme Cybersecurity
Intel Corporation
Research Foundation – Flanders
Publisher
Association for Computing Machinery (ACM)
Reference63 articles.
1. Fritz Alder, N Asokan, Arseny Kurnikov, Andrew Paverd, and Michael Steiner. 2019. S-faas: Trustworthy and accountable function-as-a-service using Intel SGX. In Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop. 185–199.
2. Pedro Antonino Wojciech Aleksander Wołoszyn and AW Roscoe. 2021. Guardian: Symbolic validation of orderliness in SGX enclaves. In Proceedings of the 2021 on Cloud Computing Security Workshop . Association for Computing Machinery 111–123. DOI:10.1145/3474123.3486755
3. ARM. 2021. Arm Architecture Reference Manual Armv8. ARM DDI 0487G.a. Retrieved November 15, 2021 from https://developer.arm.com/documentation/ddi0487/gb/ ARM DDI: 0487G.a.
4. ARM. 2021. FPSCR, the Floating-point Status and Control Register. Retrieved from https://developer.arm.com/documentation/dui0068/b/Vector-Floating-point-Programming/VFP-system-registers/FPSCR--the-floating-point-status-and-control-register.
5. Raad Bahmani, Ferdinand Brasser, Ghada Dessouky, Patrick Jauernig, Matthias Klimmek, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2021. CURE: A security architecture with customizable and resilient enclaves. In Proceedings of the 30th USENIX Security Symposium (USENIX Security 21). USENIX Association. Retrieved from https://www.usenix.org/conference/usenixsecurity21/presentation/bahmani.
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献