Vatsvakurudzi kubva kuPeople's Liberation Army Defense Science uye Technology University, National University yeSingapore uye Swiss Higher Technical School muZurich. vakagadzira nzira nyowani yekurwisa yakazvimiririra Intel SGX enclaves (Software Guard eExtensions).
Kurwiswa uku kwakanzi SmashEx uye yakakonzerwa nematambudziko ekupindazve pakubata zvisirizvo panguva yekumhanyisa chikamu chebasa reIntel SGX. Nzira yekurwisa yakarongwa inobvumira, kana paine kutonga pamusoro peiyo inoshanda sisitimu, kuona zvakavanzika data iri mu enclave, kana kuronga kopi yekodhi yako mundangariro ye enclave nekuitwa kwayo.
Ngatiyeukei tekinoroji iyoyo SGX yakaonekwa pane XNUMXth chizvarwa Intel Core processors (Skylake) uye inopa nhevedzano yemirairo izvo zvinobvumira mushandisi-level application anopihwa yakavanzika nzvimbo dzekurangarira, enclaves, ane zvinyorwa zvisingagoni kuverengwa kana kuchinjwa kunyange ne kernel uye kodhi yakaitwa mumhete0, SMM uye VMM modes.
Hazvibviri kuendesa kutonga kune kodhi mune enclave uchishandisa mabasa shanduko yechinyakare uye manipulations nemarejista uye stack; Zvitsva zvakanyatsogadzirwa EENTER, EEXIT, uye ERESUME zvirevo zvinoshandiswa kuendesa kutonga kune enclave inoita macheki emvumo. Panguva imwe, kodhi yakaiswa mu enclave inogona kushandisa nzira dzekufona Classics yekufona mabasa mukati meiyo enclave uye murairo unokosha wekudana mabasa ekunze. Enclave memory encryption inoshandiswa kudzivirira kubva kune hardware kurwisa, sekubatanidza kune DRAM module.
Dambudziko rine chekuita nenyaya yekuti tekinoroji yeSGX inobvumira sisitimu yekushandisa kukanganisa kuuraya ye enclave nekukanda kunze kwehardware, uye zvekutanga zveatomu kubata kwezvakasiyana zvakadaro hazvina kuisirwa nemazvo muma enclaves. Kusiyana neiyo yekushandisa system kernel uye yenguva dzose maapplication, kodhi mukati me enclaves haigone kuwana primitives kuronga zviito zveatomu panguva yeasynchronous kunze kwekubata. Pasina iyo yakatsanangurwa maatomu ekutanga, iyo enclave inogona kuvhiringwa chero nguva uye kudzokororwa, kunyangwe kana zvikamu zvakakosha zviri kushanda pane enclave uye iri munzvimbo isina kuchengeteka (semuenzaniso, kana CPU marejista asina kuchengetwa / kudzoserwa).
Zvekushanda zvakajairika, tekinoroji SGX inokutendera kuti ukanganise kuurayiwa kweiyo enclave nekunze kwehardware configurable. Ichi chimiro inobvumira enclave nguva dzekumhanya kuti dzishandise kusarudzika kubata kana chiratidzo chekubata mukati meiyo enclave, asi inogona kukonzera zvikanganiso zvekupinda zvakare. Kurwiswa kweSmashEx kunovimba nekushandisa zvikanganiso muSDK nekuda kweiyo yekusarudzika inobata yakadzokororwa kufona mamiriro asiri kubatwa nemazvo. Izvo zvakakosha kuti kushandisa kusadzivirirwa, anorwisa anofanira kukwanisa kukanganisa kuurayiwa kweiyo enclave, ndiko kuti, anofanira kudzora basa remamiriro ehurongwa.
Mushure mekukanda kunze, anorwisa anogamuchira diki hwindo renguva panguva iyo zvinokwanisika kuvharira kuyerera kwekuuraya kuburikidza nekugadzirisa zvirongwa zvekupinza. Kunyanya, kana iwe uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchingedzo, iwe unogona kugadzira iyo sisitimu system (iyo nharaunda kunze kweiyo enclave) mushure mekuita chirevo chekupinda mu enclave (EENTER) nhanho apo Iyo stack yekumisikidzwa kweiyo enclave isati yapera, iyo mamiriro eCPU marejista anochengetwa.
Iyo sisitimu inogona kudzosera kutonga kune enclave, Asi sezvo iyo enclave stack isina kugadzirwa panguva yekuvhiringidza, iyo enclave inomhanya ne stack inogara musystem memory, iyo inogona kushandiswa kushandisa return-oriented programming (ROP) nzira dzekushandisa. Oriented Programming).
Paunenge uchishandisa iyo ROP tekinoroji, anorwisa haaedze kuisa kodhi yake mundangariro, asi panzvimbo pezvo anoshanda pazvikamu zvemichina mirairo iyo yatove iripo mumaraibhurari akaremerwa, ichipera nekudzora kudzoka kuraira (semutemo, izvi ndizvo. kuguma kweraibhurari yemabasa). Basa rekushandisa rakaderedzwa pakuvaka ketani yemafoni kune akafanana mabhuroko ("gadgets") kuti uwane iyo inodiwa mashandiro.
Shandisa prototypes gadzirira enclaves ine nguva yekumhanya yakavakirwa pa Intel SGX SDK (CVE-2021-0186) uye Microsoft OpenEnclave (CVE-2021-3376).
Muchiitiko chekutanga, kugona kuburitsa kiyi yeRSA inoshandiswa muwebhu server yeHTTPS yakaratidzwa, uye mune yechipiri nyaya, zvaigoneka kuona izvo zvakagamuchirwa neiyo cURL utility inomhanya mukati meiyo enclave.
Kusagadzikana kwacho kwakatogadzirwa musoftware paIntel SGX SDK 2.13 uye Vhura Enclave 0.17.1 shanduro.
mabviro: https://jasonyu1996.github.io