HAIFA, ISRAEL (August 15, 2018) – Technion-Israel Institute of Technology researchers and their colleagues abroad have broken through Intel’s innovative security wall, Intel Software Guard Extension (SGX). SGX is a recently introduced security feature of Intel processors for protecting the privacy and integrity of information and applications on the computer. It is available in all recent Intel processors and is broadly deployed in both personal computers and cloud computing services.
The attack, dubbed Foreshadow, exploits certain weaknesses in the existing mechanisms of Intel CPUs, allowing an attacker to expose private application data and forge computations secured by SGX.
The researchers reported Foreshadow to Intel in January of 2018. Further analysis into the causes of Foreshadow performed by Intel revealed that the same hardware flaw enables a number of other devastating attacks. Called Foreshadow –NG, these attacks put in risk the privacy of users of cloud computing systems that use Intel CPUs. The patches that mitigate these attacks have already been released.
The researchers from the Technion are Assistant Prof. Mark Silberstein of the Viterbi Faculty of Electrical Engineering and his graduate student Marina Minkin from the Computer Science Department. They conducted the study together with their colleagues from The University of Adelaide (Australia), The University of Michigan (USA) and KU Leuven (Belgium). Former Technion graduates Ophir Weiss and Assistant Prof. Daniel Genkin were also involved in the research. The team’s work will be presented today (August 15, 2018) at the leading security conference, USENIX Security ’18, in Baltimore, Maryland.