FYI -- https://arxiv.org/pdf/1902.03256.pdf Practical Enclave Malware with Intel SGX Michael Schwarz, Samuel Weiser, Daniel Gruss Graz University of Technology Abstract. Modern CPU architectures offer strong isolation guarantees towards user applications in the form of enclaves. For instance, Intel's threat model for SGX assumes fully trusted enclaves, yet there is an on-going debate on whether this threat model is realistic. In particular, it is unclear to what extent enclave malware could harm a system. In this work, we practically demonstrate the first enclave malware which fully and stealthily impersonates its host application. Together with poorly-deployed application isolation on personal computers, such malware can not only steal or encrypt documents for extortion, but also act on the user's behalf, e.g., sending phishing emails or mounting denial-of-service attacks. Our SGX-ROP attack uses new TSX-based memory-disclosure primitive and a write-anything- anywhere primitive to construct a code-reuse attack from within an enclave which is then inadvertently exe- cuted by the host application. With SGX-ROP, we bypass ASLR, stack canaries, and address sanitizer. We demonstrate that instead of protect- ing users from harm, SGX currently poses a security threat, facilitating so-called super-malware with ready-to-hit exploits. With our results, we seek to demystify the enclave malware threat and lay solid ground for future research on and defense against enclave malware. ---- SGX works just fine, sort of; it's the threat model that is faulty. The usual suspects: ROP, fake stacks. The new suspects: *transactional memory*, introduced as a *security feature* (among other virtues), can be used to engage in and hide mischief: Oops!! Every *hiding place* can always be used to hide both good and evil, so there is no such thing as "good"/"always-to-be-trusted" hiding place ("enclave"). Bottom line: *every* asymmetrical threat model (i.e., one in which there is an indisputed faith in some 'white hat' actor -- e.g., DRM) is doomed, IMHO. I shouldn't have to *pwn* my *own* computer in order to control it. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Henry Baker <hbaker1@pipeline.com> writes: >Every *hiding place* can always be used to hide both good and evil, so there >is no such thing as "good"/"always-to-be-trusted" hiding place ("enclave"). Rule 37 of DRM technology: A technology created to be used against the user by Hollywood will also be used against the user by everyone else. Peter. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

At 04:57 PM 2/16/2019, Peter Gutmann wrote: >Henry Baker <hbaker1@pipeline.com> writes: >>Every *hiding place* can always be used to hide both good and evil, so there >is no such thing as "good"/"always-to-be-trusted" hiding place ("enclave"). > >Rule 37 of DRM technology: A technology created to be used against the user by Hollywood will also be used against the user by everyone else. It drives politicians bonkers that the tech industry rolled over for DRM, but not for encryption backdoors. Perhaps because the SW/game industry started with a DRM mindset -- remember all those DRM'd floppy disk hacks? SW folks were happy to 'nerd harder', so long as it was their own bread-and-butter they were protecting. The latest 'nerd harder': the incorporation of DRM EME blobs in otherwise-open-source browsers. W3C will soon learn to their horror what happens when you let the camel's nose into your own ("pwn"?) computer. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography