GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → lsds → Spectre Attack Sgx

lsds / Spectre Attack Sgx

Licence: apache-2.0
Spectre attack against SGX enclave

Programming Languages

c
50402 projects - #5 most used programming language

Labels

attackspectre

Projects that are alternatives of or similar to Spectre Attack Sgx

spectre-attack-demo
Reproducing malicious memory reading on Intel i5 and Intel Xeon using a Spectre attack
Stars: ✭ 87 (-59.35%)
Mutual labels:  attack, spectre
Attack Defense Framework
🚩 A framework for CTF Attack with Defense Mode
Stars: ✭ 183 (-14.49%)
Mutual labels:  attack
Free adv train
Official TensorFlow Implementation of Adversarial Training for Free! which trains robust models at no extra cost compared to natural training.
Stars: ✭ 127 (-40.65%)
Mutual labels:  attack
Atomicpurpleteam
Atomic Purple Team Framework and Lifecycle
Stars: ✭ 155 (-27.57%)
Mutual labels:  attack
Confusable homoglyphs
ϲοnfuѕаblе_һοmоɡlyphs
Stars: ✭ 130 (-39.25%)
Mutual labels:  attack
Diffai
A certifiable defense against adversarial examples by training neural networks to be provably robust
Stars: ✭ 171 (-20.09%)
Mutual labels:  attack
Jlsca
Side-channel toolkit in Julia
Stars: ✭ 114 (-46.73%)
Mutual labels:  attack
Hiddeneye Legacy
Modern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services [ Android-Support-Available ]
Stars: ✭ 2,568 (+1100%)
Mutual labels:  attack
Bkcrack
Crack legacy zip encryption with Biham and Kocher's known plaintext attack.
Stars: ✭ 178 (-16.82%)
Mutual labels:  attack
Ex money
A [work-in-progress] self-hosted personal finance app
Stars: ✭ 154 (-28.04%)
Mutual labels:  spectre
Instahack
Best Tool For instagram bruteforce hacking Tool By EvilDevil
Stars: ✭ 139 (-35.05%)
Mutual labels:  attack
Spectre
Spectre.css - A Lightweight, Responsive and Modern CSS Framework
Stars: ✭ 10,938 (+5011.21%)
Mutual labels:  spectre
Killchain
A unified console to perform the "kill chain" stages of attacks.
Stars: ✭ 172 (-19.63%)
Mutual labels:  attack
Spectre Meltdown Poc
A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities
Stars: ✭ 127 (-40.65%)
Mutual labels:  spectre
Snmpwn
An SNMPv3 User Enumerator and Attack tool
Stars: ✭ 183 (-14.49%)
Mutual labels:  attack
Spectreexploit
SpectreExploit POC
Stars: ✭ 115 (-46.26%)
Mutual labels:  spectre
Cc Attack
Using Socks4/5 proxy to make a multithreading Http-flood/Https-flood (cc) attack.
Stars: ✭ 145 (-32.24%)
Mutual labels:  attack
Spectre
GPU-accelerated Factors analysis library and Backtester
Stars: ✭ 157 (-26.64%)
Mutual labels:  spectre
Padding Oracle Attack
🔓 Padding oracle attack against PKCS7 🔓
Stars: ✭ 209 (-2.34%)
Mutual labels:  attack
Camerattack
An attack tool designed to remotely disable CCTV camera streams (like in spy movies)
Stars: ✭ 192 (-10.28%)
Mutual labels:  attack
View All Similar Projects ➔

spectre-attack-sgx

Sample code demonstrating a Spectre-like attack against an Intel SGX enclave.

Overview

Given our ongoing research on Intel SGX here in the LSDS group at Imperial College London, a question that occurred to us immediately on first hearing of the recent Meltdown and Spectre attacks is what are the security implications of speculative execution side channels for Intel SGX enclaves?

This repository contains a proof-of-concept attack (SGXSpectre) showing it is indeed possible to use a speculative execution side-channel to leak data from an Intel SGX enclave.

Attack Outline

The attack is similar conceptually to the conditional branch misprediction Spectre attack of Kocher et al. The main difference is that we move the secret data (secret) and the victim function (victim_function) and overflow array (array1) inside the enclave. The attacker executes victim_function using an ecall, passing it the index x used to index into array1.

Code Layout

  • SGXSpectre/main/main.c: Contains the untrusted code to create the enclave and mount the SGXSpectre attack.
  • SGXSpectre/enclave/enclave_attack.c: Contains the enclave secret data and victim function.

Caveats

  • The attack requires that the array1_size variable (used to verify that x is within the bounds of array1) must not be cached. For simplicity our proof-of-concept currently stores array1_size outside the enclave, allowing the attacker to flush it with a clflush instruction before each invocation of the victim function. In reality this would be unsafe, since the bounds check should not rely on a value stored in untrusted memory. However the attack could be adapted to keep array1_size inside the enclave by using an alternative mechanism to flush it before each invocation (e.g. load other data whose address coincides in the cache).

  • For simplicity we keep the array2 array whose entries are probed by the attacker outside the enclave. As mentioned in the Spectre paper, a prime+probe attack could be used to infer the accesses to array2 if it is not accessible to the attacker (e.g. if it is moved inside the enclave).

How to run the code

  1. Install Intel(R) SGX SDK for Linux* OS
  2. Build the SGXSpectre project with the prepared Makefile:
    • Hardware Mode: $ make
    • Simulation Mode: $ make SGX_MODE=SIM
  3. Execute the binary directly: $ ./sgxspectre
  4. Remember to "make clean" before switching build mode

Credits

SGXSpectre is brought to you by Dan O'Keeffe, Divya Muthukumaran, Pierre-Louis Aublin, Florian Kelbert, Christian Priebe, Josh Lind, Huanzhou Zhu and Peter Pietzuch.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].