Exceptions are a commodity hardware functionality which is central to
multi-tasking OSes as well as event-driven user applications. Normally, the OS
assists the user application by lifting the semantics of exceptions received
from hardware to program-friendly user signals and exception handling
interfaces. However, can exception handlers work securely in user enclaves,
such as those enabled by Intel SGX, where the OS is not trusted by the enclave

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

In this paper, we introduce a new attack called SmashEx which exploits the
OS-enclave interface for asynchronous exceptions in SGX. It demonstrates the
importance of a fundamental property of safe atomic execution that is required
on this interface. In the absence of atomicity, we show that asynchronous
exception handling in SGX enclaves is complicated and prone to re-entrancy
vulnerabilities. Our attacks do not assume any memory errors in the enclave
code, side channels, or application-specific logic flaws. We concretely
demonstrate exploits that cause arbitrary disclosure of enclave private memory
and code-reuse (ROP) attacks in the enclave. We show reliable exploits on two
widely-used SGX runtimes, Intel SGX SDK and Microsoft Open Enclave, running
OpenSSL and cURL libraries respectively. We tested a total of 14 frameworks,
including Intel SGX SDK and Microsoft Open Enclave, 10 of which are vulnerable.
We discuss how the vulnerability manifests on both SGX1-based and SGX2-based
platforms. We present potential mitigation and long-term defenses for SmashEx.

By admin