Special Lecture

Foreshadow: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution

Wednesday, October 10, 2018
5:30 pm to 6:30 pm
Ofir Weisse

Foreshadow: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution

Foreshadow: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution

Ofir Weisse explains how the Foreshadow attack dismantles Intel's SGX security — previously considered the most secure feature of Intel chips — and also bypasses virtual machine isolation between users in the cloud.

Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds. Foreshadow has two versions, the original attack designed to extract data from SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.

Foreshadow-SGX: At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users’ data even if the entire system falls under the attacker’s control. While it was previously believed that SGX is resilient to speculative execution attacks (such as Meltdown and Spectre), Foreshadow demonstrates how speculative execution can be exploited for reading the contents of SGX-protected memory as well as extracting the machine’s private attestation key. Making things worse, due to SGX’s privacy features, an attestation report cannot be linked to the identity of its signer. Thus, it only takes a single compromised SGX machine to erode trust in the entire SGX ecosystem.

Foreshadow Next Generation: While investigating the vulnerability that causes Foreshadow, which Intel refers to as "L1 Terminal Fault", Intel identified two related attacks, which we call Foreshadow-NG. These attacks can potentially be used to read any information residing in the L1 cache, including information belonging to the System Management Mode (SMM), the Operating System's Kernel, or Hypervisor. Perhaps most devastating, Foreshadow-NG might also be used to read information stored in other virtual machines running on the same third-party cloud, presenting a risk to cloud infrastructure. Finally, in some cases, Foreshadow-NG might bypass previous mitigations against speculative execution attacks, including countermeasures to Meltdown and Spectre.

Ofir Weisse is a Ph.D. candidate at the University of Michigan. His current research focuses on the feasibility of secure execution in the cloud. His recent publications include HotCalls (ISCA 2017) and WALNUT (EuroS&P 2017). Ofir worked for Intel in Haifa as a security researcher in the SGX group. He received his master's in computer engineering from Tel-Aviv University and B.Sc from the Technion. His previous research focused on differential power analysis of cryptographic devices, which was published in CHES and HASP.

Last updated:

October 15, 2018