Overview
Explore a Black Hat conference talk that delves into the practical implementation of malware inside Intel SGX and its ability to evade state-of-the-art detection mechanisms. Learn how an unprivileged user can execute malware within an SGX enclave to extract secret RSA keys from co-located enclaves using cache attacks. Discover the intricacies of SGX protection features, Bitcoin wallets, cache attacks, and double fetch vulnerabilities. Examine the potential implications for Bitcoin theft, DRM video players, and sidechain-resistant crypto. Gain insights into proposed solutions at the operating system and hardware levels, as well as the advantages and limitations of atomic fetches and TFX. Presented by Michael Schwarz and Moritz Lipp, this 54-minute talk offers a comprehensive look at the intersection of trusted execution environments and potential security threats.
Syllabus
Outline
Introduction to SGX
Using SGX to implement Bitcoin wallets
Bitcoins Signatures
Cache Attacks
Prime and Rope
How does this work
Not that easy
Building the time
Physical address
Physical page
Addresses
Summary
Results
Performance Counter
Solution
Operating System
Hardware
Sidechain resistant crypto
DRM video player
Stealing Bitcoins
The Problem
Validity Period
Double Fetch Back
Shared Memory
Double Fetch Detection
Video Player Exploit
Double Fetches
Atomic Fetches
TFX
How it works
Dropit
Code
Advantages
Takeaways
Out of Scope
Conclusion
Taught by
Black Hat