Practical Enclave Malware with Intel SGX

Modern CPU architectures offer strong isolation guarantees towards user applications in the form of enclaves. However, Intel’s threat model for SGX assumes fully trusted enclaves and there doubt about how realistic this is. In particular, it is unclear to what extent enclave malware could harm a system. In this work, we practically demonstrate the first enclave malware which fully and stealthily impersonates its host application. Together with poorly-deployed application isolation on personal computers, such malware can not only steal or encrypt documents for extortion but also act on the user’s behalf, e.g., send phishing emails or mount denial-of-service attacks. Our SGX-ROP attack uses new TSX-based memory-disclosure primitive and a write-anything-anywhere primitive to construct a code-reuse attack from within an enclave which is then inadvertently executed by the host application. With SGX-ROP, we bypass ASLR, stack canaries, and address sanitizer. We demonstrate that instead of protecting users from harm, SGX currently poses a security threat, facilitating so-called super-malware with ready-to-hit exploits. With our results, we demystify the enclave malware threat and lay ground for future research on defenses against enclave malware.

[1]  Frank Piessens,et al.  Hardening Intel SGX Applications: Balancing Concerns , 2017, SysTEX@SOSP.

[2]  Dan Boneh,et al.  Hacking Blind , 2014, 2014 IEEE Symposium on Security and Privacy.

[3]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[4]  Qian Wang,et al.  Baseline Is Fragile: On the Effectiveness of Stack Pivot Defense , 2016, 2016 IEEE 22nd International Conference on Parallel and Distributed Systems (ICPADS).

[5]  Camil Demetrescu,et al.  The ROP needle: hiding trigger-based injection vectors via code reuse , 2019, SAC.

[6]  Thomas F. Wenisch,et al.  Foreshadow-NG: Breaking the virtual memory abstraction with transient out-of-order execution , 2018 .

[7]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[8]  Rüdiger Kapitza,et al.  Secure Cloud Micro Services Using Intel SGX , 2017, DAIS.

[9]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[10]  Kangbin Yim,et al.  Malware Obfuscation Techniques: A Brief Survey , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[11]  Evangelos P. Markatos,et al.  Comprehensive shellcode detection using runtime heuristics , 2010, ACSAC '10.

[12]  Heng Yin,et al.  Defeating ROP Through Denial of Stack Pivot , 2015, ACSAC 2015.

[13]  David J. Pym,et al.  The U.S. Vulnerabilities Equities Process: An Economic Perspective , 2017, GameSec.

[14]  Jing Wang,et al.  Protecting Private Keys against Memory Disclosure Attacks Using Hardware Transactional Memory , 2015, 2015 IEEE Symposium on Security and Privacy.

[15]  Brent Waters,et al.  Cloaking Malware with the Trusted Platform Module , 2011, USENIX Security Symposium.

[16]  Yutao Liu,et al.  Concurrent and consistent virtual machine introspection with hardware transactional memory , 2014, 2014 IEEE 20th International Symposium on High Performance Computer Architecture (HPCA).

[17]  Dawn Xiaodong Song,et al.  SoK: Eternal War in Memory , 2013, 2013 IEEE Symposium on Security and Privacy.

[18]  Tzi-cker Chiueh,et al.  RAD: a compile-time solution to buffer overflow attacks , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[19]  David A. Wagner,et al.  Control-Flow Bending: On the Effectiveness of Control-Flow Integrity , 2015, USENIX Security Symposium.

[20]  Ahmad-Reza Sadeghi,et al.  Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization , 2013, 2013 IEEE Symposium on Security and Privacy.

[21]  Herbert Bos,et al.  Instruction-Level Steganography for Covert Trigger-Based Malware - (Extended Abstract) , 2014, DIMVA.

[22]  Zhiqiang Lin,et al.  A Case for Protecting Computer Games With SGX , 2016, SysTEX@Middleware.

[23]  Taesoo Kim,et al.  Breaking Kernel Address Space Layout Randomization with Intel TSX , 2016, CCS.

[24]  Christof Fetzer,et al.  HAFT: hardware-assisted fault tolerance , 2016, EuroSys.

[25]  Michael Myers,et al.  An Introduction to Hardware-Assisted Virtual Machine ( HVM ) Rootkits , 2007 .

[26]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[27]  Paul Barford,et al.  An empirical study of malware evolution , 2009, 2009 First International Communication Systems and Networks and Workshops.

[28]  David A. Wagner,et al.  Breaking active-set backward-edge CFI , 2017, 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[29]  Zhendong Su,et al.  Temporal search: detecting hidden malware timebombs with virtual machines , 2006, ASPLOS XII.

[30]  Jonathon T. Giffin,et al.  Impeding Malware Analysis Using Conditional Code Obfuscation , 2008, NDSS.

[31]  Xuxian Jiang,et al.  Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction , 2007, CCS '07.

[32]  Frank Piessens,et al.  Breaking the memory secrecy assumption , 2009, EUROSEC '09.

[33]  Laszlo Erdodi,et al.  When every byte counts — Writing minimal length shellcodes , 2015, 2015 IEEE 13th International Symposium on Intelligent Systems and Informatics (SISY).

[34]  Guevara Noubir,et al.  TRUSTED CODE EXECUTION ON UNTRUSTED PLATFORMS USING INTEL SGX , 2016 .

[35]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[36]  Serge Egelman,et al.  Markets for zero-day exploits: ethics and implications , 2013, NSPW '13.

[37]  Carissa G Hall Time Sensitivity In Cyberweapon Reusability , 2017 .

[38]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[39]  Shweta Shinde,et al.  Panoply: Low-TCB Linux Applications With SGX Enclaves , 2017, NDSS.

[40]  Brent Byunghoon Kang,et al.  Hacking in Darkness: Return-oriented Programming against Secure Enclaves , 2017, USENIX Security Symposium.

[41]  Rüdiger Kapitza,et al.  AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves , 2016, ESORICS.

[42]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[43]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[44]  Hovav Shacham,et al.  The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.