Publications

BibTex format

@inproceedings{Pietzuch:2016:10.1007/978-3-319-45744-4_22,
author = {Pietzuch, PR and Weichbrodt, N and Kurmus, A and Kurmus, R},
doi = {10.1007/978-3-319-45744-4_22},
pages = {440--457},
publisher = {Springer International Publishing},
title = {AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves},
url = {http://dx.doi.org/10.1007/978-3-319-45744-4_22},
year = {2016}
}

Download

RIS format (EndNote, RefMan)

TY  - CPAPER
AB  - Intel’s Software Guard Extensions (SGX) provide a new hardware-based trusted execution environment on Intel CPUs using secure enclaves that are resilient to accesses by privileged code and physical attackers. Originally designed for securing small services, SGX bears promise to protect complex, possibly cloud-hosted, legacy applications. In this paper, we show that previously considered harmless synchronisation bugs can turn into severe security vulnerabilities when using SGX. By exploiting use-after-free and time-of-check-to-time-of-use (TOCTTOU) bugs in enclave code, an attacker can hijack its control flow or bypass access control.We present AsyncShock, a tool for exploiting synchronisation bugs of multithreaded code running under SGX. AsyncShock achieves this by only manipulating the scheduling of threads that are used to execute enclave code. It allows an attacker to interrupt threads by forcing segmentation faults on enclave pages. Our evaluation using two types of Intel Skylake CPUs shows that AsyncShock can reliably exploit use-after-free and TOCTTOU bugs.
AU  - Pietzuch,PR
AU  - Weichbrodt,N
AU  - Kurmus,A
AU  - Kurmus,R
DO  - 10.1007/978-3-319-45744-4_22
EP  - 457
PB  - Springer International Publishing
PY  - 2016///
SN  - 0302-9743
SP  - 440
TI  - AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves
UR  - http://dx.doi.org/10.1007/978-3-319-45744-4_22
UR  - http://hdl.handle.net/10044/1/42264
ER  -

Download

ProfessorPeterPietzuch

Contact

Location

Summary

Citation

BibTex format

RIS format (EndNote, RefMan)