A hot potato: The dust has barely settled over the Spectre and Meltdown vulnerabilities and now security researchers are looking at a whole new hardware flaw that could be potentially worse. They are calling it Foreshadow and it is similar to Spectre, but affects one of the most secure elements of Intel chips -- Software Guard Extensions or SGX.
SGX allows programs to set up secure areas, also called enclaves, in the processor for the handling of sensitive data. These areas are restricted and are somewhat like a sandbox in that code is not allowed to be executed within. So even in the event of a virus or malware the data can remain safe. However, researchers from five different institutions have discovered that while SGX can repel Spectre and Meltdown attacks, Foreshadow has the ability to bypass the security measures.
Foreshadow has two versions: the original attack designed to extract data from SGX enclaves and Foreshadow NG (Next Generation) that can be used to extract any information residing in the L1 cache. NG affects virtual machines, hypervisors, OS kernel memory, and system management mode memory, potentially threatening entire cloud platform’s infrastructure.
“There were certain aspects that were surprising and certain aspects that weren't,” said microarchitecture security researcher Yuval Yarom. “We thought speculative execution could get some information from SGX, but we weren’t sure how much. The amount of information we actually got out—that took us by surprise.”
Yarom and his team are preparing to present their findings at the Usenix security conference in Baltimore, Maryland this Wednesday.
Working in two separate groups the researchers “independently developed the same speculative execution attack that could access SGX-protected memory in a data cache called ‘L1.’” They also found that the attack could reveal secret cryptographic keys called “attestation keys," which enable SGX to perform integrity checks.
“A fundamental concept underlying SGX is that an enclave's contents are signed with a key that Intel holds as a third party,” reports Wired. “An outside system can check the legitimacy of an enclave by reviewing its signature.”
Furthermore, once attackers have a set of attestation keys, they can generate SGX signatures that look genuine in any context. This mitigates another security measure that Intel uses called “group signatures.” This security measure helps to ensure the anonymity of enclaves -- the partitions in the processor that SGX uses to hold the sensitive data. Group signatures essentially separate the enclave from its unique signature thus making it difficult to compromise an enclave or create a fake one.
“The root of trust in SGX is that the attestation key has never seen the light of day outside SGX,” says Daniel Genkin, another researcher on the Foreshadow project. “As soon as the attestation key sees the light of day, then everything kind of crumbles.”
Meltdown, the different variants of Spectre, and now Foreshadow exploit vulnerabilities related to speculative execution, a technique used by most modern CPUs to optimize performance. By making an educated guess about the next task to be performed by the processor, work is done before it’s known if it’s actually needed. If the CPU guesses right, then there is no delay in getting the results of such operation, but if the task is not needed, it’s simply discarded.
While most modern CPUs implement speculative execution, Intel’s have been the most severely affected by the flaws so far. Before Meltdown and Spectre flaws were disclosed last January, it’d seem like no one was looking for this kind of low-level vulnerability, but once the cat was let out of the bag, a fourth variant was discovered in May and now Foreshadow would be the fifth major hole that exposes x86 microprocessors.
“We are seeing an unprecedented focus on microprocessors as a threat vector for malicious activities; as software and hardware advance at a rapid rate, previously ‘impossible’ attacks are now becoming achievable by skilled actors. Spectre and Meltdown have formed a new class of vulnerabilities that enterprise IT must be ready to address, at both the organizational level and at the software level” said Jon Masters, Chief Microarchitecture Architect at Red Hat.
Intel has rated Foreshadow as 'high severity' and confirmed that the flaw affects all SGX-enabled Core processors, while Intel Atom CPUs are unaffected. The list below comes straight from the CPU maker who has opened a security advisory page with additional technical details:
- Intel Core i3/i5/i7/M processor (45nm and 32nm)
- 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
- Intel Core X-series Processor Family for Intel X99 and X299 platforms
- Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
- Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 Family
- Intel Xeon Processor E5 v1/v2/v3/v4 Family
- Intel Xeon Processor E7 v1/v2/v3/v4 Family
- Intel Xeon Processor Scalable Family
- Intel Xeon Processor D (1500, 2100)
As of writing, only Intel CPUs have been confirmed to be vulnerable to Foreshadow. In order to secure systems against the two Foreshadow variants, mitigations will be required at both the software level (OS, VM, VMM, etc.) and microcode level (hardware firmware, BIOS).
Intel, who refers to Foreshadow as "L1 Terminal Fault," has stated that they started distributing microcode updates to partners around May/June and are in the process of releasing mitigations for all affected processors. They anticipate no meaningful performance impact will be observed as the result of patching. System manufacturers and system software vendors provide these microcode changes via BIOS updates. Foreshadow also requires patching at the OS and VMM level for successful mitigation.