Analysis Intel's Software Guard Extensions, known as SGX among friends, consist of a set of instructions for running a secure enclave inside an encrypted memory partition using certain Intel microprocessors.
This so-called Trusted Execution Environment is intended to offer more security than is otherwise available to applications running on less fortified hardware. Nothing should be able to peer into or meddle with these enclaves, not even rogue system administrators nor malware. Sadly for Intel and those who depend on its technology, security researchers keep finding flaws in SGX.
On Tuesday, two separate sets of boffins published papers describing SGX vulnerabilities, but they're not really quite as bad as is claimed.
First, there's CrossTalk, which describes a novel transient execution attack – in which speculative CPU operations are spied upon to obtain sensitive data – that works across CPU cores.
In a paper [PDF] titled "CrossTalk: Speculative Data Leaks Across Cores Are Real," Hany Ragab, Alyssa Milburn, Herbert Bos, and Cristiano Giuffrida from Vrije Universiteit in the Netherlands and Kaveh Razavi from ETH Zurich explain that various Intel CPUs may conduct read operations using a staging buffer shared by the chip's cores.
June's Patch Tuesday reveals 23 ways to remotely pwn Windows – and over 100 more bugs that could ruin your day
READ MORE
"The contents of this buffer are visible to any core on the sy ..
Support the originator by clicking the read the rest link below.
