In cybersecurity circles, this has been the year of Spectre and Meltdown[1], not only because the chip vulnerabilities—first publicly disclosed in January[2]—were so widespread that they're still being cleaned up, but because they've given rise to the discovery of many related[3] flaws. Now, a team of researchers has found a Spectre-like vulnerability that specifically undermines the most secure element of recent Intel chips—and potentially has even broader implications.
Intel's Software Guard Extensions feature, known as SGX, allows programs to establish so-called secure enclaves on Intel processors. These are regions of a chip that are cordoned off to run code that the computer's operating system can't access or change. The secure enclave creates a safe haven for sensitive data, even if malware or another malady compromises the main computer. But a group of researchers, hailing from five academic institutions around the world, found that although SGX can mostly repel Spectre and Meltdown attacks, a related attack can bypass its defenses. They call it Foreshadow[4].
"There were certain aspects that were surprising and certain aspects that weren't," says microarchitecture security researcher Yuval Yarom, a member of the team that will present its findings[5] at the Usenix security conference in Baltimore on Thursday. "We thought speculative execution could get some information from SGX, but we weren’t sure how much. The amount of information we actually got out—that took us by surprise."
Wild Speculation
Meltdown, Spectre, and Foreshadow all exploit various flaws in a computing technique known as speculative execution[6]. A processor can run more efficiently by making an educated guess about what operation it will be asked to perform next. A correct prediction saves resources, while work based on an incorrect prediction gets scrapped.