Cov kws tshawb fawb los ntawm People's Liberation Army Defense Science thiab Technology University, National University of Singapore thiab ETH Zurich tau tsim ib txoj hauv kev tshiab ntawm kev tawm tsam kev sib cais ntawm Intel SGX (Software Guard eXtensions). Qhov kev tawm tsam yog hu ua SmashEx thiab yog tshwm sim los ntawm cov teeb meem nrog kev rov nkag thaum tuav cov xwm txheej tshwj xeeb thaum lub sijhawm ua haujlwm ntawm cov khoom siv khiav haujlwm rau Intel SGX. Txoj kev tawm tsam kev tawm tsam ua rau nws ua tau, yog tias koj muaj kev tswj hwm ntawm lub operating system, los txiav txim siab cov ntaub ntawv tsis pub lwm tus paub nyob rau hauv lub enclave, los yog npaj cov kev theej ntawm koj cov cai rau hauv lub enclave lub cim xeeb thiab nws ua tiav.
Kev siv cov qauv tsim tau npaj rau enclaves nrog lub sijhawm ua haujlwm raws li Intel SGX SDK (CVE-2021-0186) thiab Microsoft Open Enclave (CVE-2021-33767). Hauv thawj kis, lub peev xwm los rho tawm tus yuam sij RSA siv rau ntawm lub vev xaib server rau HTTPS tau pom, thiab hauv qhov thib ob, nws tuaj yeem txiav txim siab cov ntsiab lus tau txais los ntawm cURL kev siv hluav taws xob khiav hauv lub enclave. Qhov tsis zoo no twb tau hais txog qhov programmatically hauv kev tso tawm ntawm Intel SGX SDK 2.13 thiab Qhib Enclave 0.17.1. Ntxiv rau Intel SGX SDK thiab Microsoft Open Enclave, qhov tsis zoo kuj tshwm sim hauv Google Asylo SDK, EdgelessRT, Apache Teaclave, Rust SGX SDK, SGX-LKL, CoSMIX thiab Veracruz.
Cia peb nco qab tias SGX (Software Guard Extensions) thev naus laus zis tau tshwm sim nyob rau hauv thib rau tiam Intel Core processors (Skylake) thiab muaj ntau cov lus qhia uas tso cai rau cov neeg siv-qib daim ntawv thov faib cov chaw nco kaw - enclaves, cov ntsiab lus uas tsis tuaj yeem nyeem thiab hloov txawm los ntawm cov ntsiav thiab cov cai ua nyob rau hauv ring0, SMM thiab VMM hom. Nws yog tsis yooj yim sua kom hloov kev tswj rau cov cai nyob rau hauv lub enclave siv cov tsoos dhia zog thiab manipulations nrog rau cov npe thiab pawg - tshwj xeeb tshaj yog tsim tshiab cov lus qhia EENTER, EEXIT thiab ERESUME yog siv los hloov kev tswj mus rau lub enclave, uas ua raws li txoj cai checks. Nyob rau hauv cov ntaub ntawv no, cov cai muab tso rau hauv lub enclave yuav siv classical hu txoj kev mus rau lub zog nyob rau hauv lub enclave thiab cov lus qhia tshwj xeeb hu rau lwm functions. Enclave nco encryption yog siv los tiv thaiv kev tawm tsam kho vajtse xws li txuas rau DRAM module.
Qhov teeb meem yog tias SGX thev naus laus zis tso cai rau lub operating system rho tawm ib qho kev cuam tshuam los ntawm kev cuam tshuam cov khoom kho vajtse, thiab cov enclaves tsis siv cov txheej txheem tsim nyog rau atomically tuav cov kev zam. Tsis zoo li lub operating system kernel thiab cov ntawv thov tsis tu ncua, cov cai hauv cov kab ke tsis muaj kev nkag mus rau cov txheej txheem rau kev teeb tsa atomic ua thaum tuav asynchronously pov tseg. Yog tias tsis muaj qhov tshwj xeeb atomic primitives, lub enclave tuaj yeem cuam tshuam txhua lub sijhawm thiab rov qab mus rau kev ua tiav, txawm tias lub sijhawm thaum lub enclave ua haujlwm tseem ceeb thiab nyob rau hauv lub xeev tsis zoo (piv txwv li, thaum CPU sau npe tsis tau txais kev cawmdim / rov qab los).
Rau kev ua haujlwm ib txwm muaj, SGX thev naus laus zis tso cai rau kev ua tiav ntawm lub kaw lus kom cuam tshuam los ntawm kev teeb tsa kho vajtse tshwj xeeb. Cov yam ntxwv no tso cai rau lub sijhawm ua haujlwm ib puag ncig los ua kom muaj kev sib koom ua ke tshwj tsis yog tuav lossis ua cov teeb liab, tab sis nws kuj tuaj yeem ua rau rov ua yuam kev. Qhov kev tawm tsam SmashEx yog raws li kev siv qhov tsis zoo hauv SDK vim tias qhov xwm txheej ntawm kev rov hu rau tus neeg ua haujlwm tshwj tsis yog ua haujlwm zoo. Nws yog ib qho tseem ceeb uas yuav tau siv qhov tsis zoo, tus neeg tawm tsam yuav tsum muaj peev xwm cuam tshuam qhov kev ua tiav ntawm lub enclave, i.e. yuav tsum tswj kev ua haujlwm ntawm qhov system ib puag ncig.
Tom qab pov ib qho kev zam, tus neeg tawm tsam tau txais lub qhov rai me me thaum lub sijhawm ua tiav xov tuaj yeem cuam tshuam los ntawm kev tswj hwm ntawm cov khoom nkag. Tshwj xeeb, yog tias koj muaj kev nkag mus rau lub kaw lus (ib puag ncig sab nraum lub enclave), koj tuaj yeem tsim qhov kev zam tshiab tam sim ntawd tom qab ua tiav cov lus qhia nkag nkag (EENTER), uas yuav rov qab tswj hwm lub kaw lus ntawm theem thaum pawg teeb tsa rau lub enclave tseem tsis tau ua tiav, nyob rau hauv uas Lub xeev ntawm CPU sau npe kuj tau txais kev cawmdim.
Lub kaw lus tuaj yeem rov qab tswj tau rov qab mus rau qhov chaw, tab sis txij li thaum pawg pawg tsis tau teeb tsa thaum lub sijhawm cuam tshuam, lub enclave yuav ua haujlwm nrog cov pawg nyob hauv lub cim xeeb, uas tuaj yeem siv los ua haujlwm rov qab-oriented programming (ROP ) Cov txheej txheem exploitation. Oriented Programming). Thaum siv cov txheej txheem ROP, tus neeg tawm tsam tsis sim tso nws cov cai hauv lub cim xeeb, tab sis ua haujlwm ntawm cov lus qhia ntawm lub tshuab uas twb muaj nyob rau hauv cov tsev qiv ntawv, xaus nrog cov lus qhia rov qab (raws li txoj cai, cov no yog qhov kawg ntawm lub tsev qiv ntawv ua haujlwm) . Kev ua haujlwm ntawm kev siv dag zog los tsim cov saw hlau hu rau cov blocks zoo sib xws ("gadgets") kom tau txais qhov xav tau ua haujlwm.
Tau qhov twg los: opennet.ru