Cov kws tshawb fawb los ntawm People's Liberation Army National University of Defense Science and Technology, National University of Singapore, thiab ETH Zurich tau tsim ib txoj kev tawm tsam tshiab tawm tsam Intel SGX (Software Guard eXtensions) enclaves uas raug cais tawm. Qhov kev tawm tsam, hu ua SmashEx, siv cov teeb meem rov nkag mus rau hauv kev tswj hwm cov kev zam hauv Intel SGX runtime components. Txoj kev tawm tsam uas tau npaj tseg, nrog kev tswj hwm lub operating system, tso cai rau cov neeg tawm tsam txiav txim siab cov ntaub ntawv rhiab heev uas khaws cia rau hauv enclave lossis theej lawv cov lej rau hauv lub cim xeeb ntawm enclave thiab ua tiav nws.
Cov qauv siv tau tsim rau cov chaw kaw uas muaj lub sijhawm khiav raws li Intel SGX SDK (CVE-2021-0186) thiab Microsoft Open Enclave (CVE-2021-33767). Hauv qhov xwm txheej yav dhau los, nws muaj peev xwm rho tawm RSA tus yuam sij siv rau ntawm lub web server rau HTTPS, thaum nyob rau hauv qhov kawg, nws muaj peev xwm txiav txim siab cov ntsiab lus ntawm cov cuab yeej siv cURL uas tau txais los ntawm kev khiav hauv qhov chaw kaw. Qhov tsis muaj zog twb tau kho lawm hauv Intel SGX SDK 2.13 thiab Open Enclave 0.17.1. Ntxiv rau Intel SGX SDK thiab Microsoft Open Enclave, qhov tsis muaj zog kuj tseem cuam tshuam rau Google Asylo, EdgelessRT, Apache Teaclave, Rust SGX SDK, SGX-LKL, CoSMIX, thiab Veracruz SDKs.
Ua ib qho kev ceeb toom, SGX (Software Guard Extensions) thev naus laus zis tau qhia rau hauv tiam thib rau Intel Core processors (Skylake) thiab muab cov lus qhia uas tso cai rau cov ntawv thov theem neeg siv los faib cov chaw nco ntiag tug - enclaves - lawv cov ntsiab lus tsis tuaj yeem nyeem lossis hloov kho txawm tias los ntawm kernel thiab code khiav hauv ring0, SMM, thiab VMM hom. Kev hloov kev tswj hwm rau code hauv ib qho enclave yog tsis yooj yim sua siv cov haujlwm dhia ib txwm muaj thiab kev sau npe thiab stack manipulations. Cov lus qhia tshiab, tsim tshwj xeeb - EENTER, EEXIT, thiab ERESUME - yog siv los hloov kev tswj hwm rau qhov enclave, ua qhov kev kuaj xyuas kev tso cai. Code tso rau hauv qhov enclave tuaj yeem siv cov txheej txheem hu xov tooj classic los nkag mus rau cov haujlwm hauv qhov enclave thiab cov lus qhia tshwj xeeb los hu rau cov haujlwm sab nraud. Lub cim xeeb Enclave yog encrypted los tiv thaiv kev tawm tsam kho vajtse, xws li txuas rau DRAM module.
Qhov teeb meem yog vim SGX technology tso cai rau lub operating system cuam tshuam kev ua haujlwm ntawm enclave los ntawm kev pov ib qho hardware exception, tab sis enclaves tsis siv cov primitives kom raug rau kev tswj hwm atomic ntawm cov kev zam no. Tsis zoo li lub operating system kernel thiab cov ntawv thov ib txwm muaj, cov lej hauv enclaves tsis muaj kev nkag mus rau primitives rau kev teeb tsa atomic actions thaum lub sijhawm tswj hwm cov kev zam asynchronous. Yog tsis muaj cov atomic primitives no, ib qho enclave tuaj yeem raug cuam tshuam thiab rov pib dua txhua lub sijhawm, txawm tias thaum cov ntu tseem ceeb tab tom ua haujlwm hauv enclave thiab nws nyob hauv qhov xwm txheej tsis muaj kev nyab xeeb (piv txwv li, thaum CPU registers tsis raug cawm / rov qab los).
Rau kev ua haujlwm ib txwm, SGX thev naus laus zis tso cai rau kev ua haujlwm enclave kom raug tshem tawm los ntawm cov khoom siv kho vajtse uas teeb tsa tau. Qhov feature no tso cai rau enclave runtime environments los siv kev tswj hwm kev zam hauv-enclave lossis kev ua cov teeb liab, tab sis nws kuj tseem tuaj yeem ua rau muaj qhov yuam kev rov nkag. Qhov kev tawm tsam SmashEx siv qhov tsis zoo ntawm SDK uas tiv thaiv kev rov thov dua ntawm tus neeg tuav kev zam los ntawm kev raug tswj hwm kom raug. Qhov tseem ceeb, txhawm rau siv qhov tsis zoo no, tus neeg tawm tsam yuav tsum muaj peev xwm tshem tawm qhov enclave, piv txwv li, tswj hwm qhov chaw ib puag ncig ntawm lub cev.
Tom qab tsim ib qho kev zam, tus neeg tawm tsam muaj lub sijhawm me me los nyiag cov txheej txheem ua haujlwm los ntawm kev tswj cov kev nkag mus. Tshwj xeeb, nrog kev nkag mus rau lub kaw lus (ib puag ncig sab nraum lub enclave), ib qho kev zam tshiab tuaj yeem tsim tam sim ntawd tom qab ua tiav cov lus qhia nkag mus rau hauv enclave (ENTER), uas yuav rov qab tswj hwm rau lub kaw lus ntawm ib theem ua ntej lub enclave stack, uas khaws cov xwm txheej ntawm CPU registers, tau teeb tsa tag nrho.
Lub kaw lus tuaj yeem rov qab tswj hwm rov qab mus rau qhov chaw nyob ib puag ncig, tab sis vim tias qhov chaw nyob ib puag ncig tsis tau teeb tsa thaum lub sijhawm cuam tshuam, qhov chaw nyob ib puag ncig yuav ua tiav nrog qhov chaw nyob hauv lub cim xeeb ntawm lub kaw lus, uas tuaj yeem siv tau los ntawm kev siv cov txheej txheem rov qab los ntawm kev sau cov ntaub ntawv (ROP). Siv ROP, tus neeg tawm tsam tsis sim muab lawv cov lej tso rau hauv lub cim xeeb, tab sis ua haujlwm ntawm cov khoom siv ntawm cov lus qhia ntawm lub tshuab uas twb muaj nyob hauv cov tsev qiv ntawv uas tau thauj khoom, xaus nrog cov lus qhia rov qab (feem ntau yog qhov kawg ntawm cov haujlwm hauv tsev qiv ntawv). Qhov kev siv tsis raug yog tsim cov saw hlau hu rau cov blocks zoo sib xws ("gadgets") kom tau txais cov haujlwm xav tau.
Tau qhov twg los: opennet.ru
