Plundervolt: Software-based fault injection attacks against intel SGX

Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, Frank Piessens

Research output: Chapter in Book/Report/Conference proceedingConference paper

Abstract

Dynamic frequency and voltage scaling features have been introduced to manage ever-growing heat and power consumption in modern processors. Design restrictions ensure frequency and voltage are adjusted as a pair, based on the current load, because for each frequency there is only a certain voltage range where the processor can operate correctly. For this purpose, many processors (including the widespread Intel Core series) expose privileged software interfaces to dynamically regulate processor frequency and operating voltage.In this paper, we demonstrate that these privileged interfaces can be reliably exploited to undermine the system's security. We present the Plundervolt attack, in which a privileged software adversary abuses an undocumented Intel Core voltage scaling interface to corrupt the integrity of Intel SGX enclave computations. Plundervolt carefully controls the processor's supply voltage during an enclave computation, inducing predictable faults within the processor package. Consequently, even Intel SGX's memory encryption/authentication technology cannot protect against Plundervolt. In multiple case studies, we show how the induced faults in enclave computations can be leveraged in real-world attacks to recover keys from cryptographic algorithms (including the AES-NI instruction set extension) or to induce memory safety vulnerabilities into bug-free enclave code. We finally discuss why mitigating Plundervolt is not trivial, requiring trusted computing base recovery through microcode updates or hardware changes.

Original languageEnglish
Title of host publicationProceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020
PublisherInstitute of Electrical and Electronics Engineers
Pages1466-1482
Number of pages17
ISBN (Electronic)9781728134970
DOIs
Publication statusPublished - May 2020
Event41st IEEE Symposium on Security and Privacy - Virtuell, United States
Duration: 18 May 202020 May 2020

Conference

Conference41st IEEE Symposium on Security and Privacy
Abbreviated titleSP 2020
CountryUnited States
CityVirtuell
Period18/05/2020/05/20

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Plundervolt: Software-based fault injection attacks against intel SGX'. Together they form a unique fingerprint.

Cite this