14 comments

[ 5.5 ms ] story [ 49.0 ms ] thread
Nice diagrams - any pointers on what tool was used to make these?
Making those diagrams in Mathematica would be extraordinary painful. It's probably something similar to that (a custom XKCD-like style) but for a dedicated diagramming tool. I don't know of any tool with such a style though, so I'm guessing it's custom.
(comment deleted)
Looks like Visio with the "handdrawn" design/theme.
(comment deleted)
Anybody know why SGX installs additional service(s) in the system, and how they are used/what they are needed for? There is "Intel SGX AESM" with the description "The system services management agent for Intel(R) Software Guard Extensions enabled applications", but I don't get what exactly it manages and how it can be used to manage that. Where/how does it come into play?
Various components of the SGX system (launch approval, remote attestation quote signing, etc) are implemented as Intel provided enclaves. AESM manages those enclaves and provides an untrusted API to communicate with them.
what we all know now about extracting information from cache miss and TLB timings sort of makes all this a bit moot now doesn't it
To be honest I clicked hopping to read about a SGX exploit enabling more of those.
The attacker's assumed capability is arbitrary execution locally.

Assuming an attacker is running as a separate user from the secret they want to steal (reasonable assumption, in my opinion) they need a vulnerability in the kernel, or some service running as root. Probably the kernel.

SGX pushes that further - you need a vulnerability in the hardware.

The attack surface of your hardware is < the attack surface of your hardware + kernel, so it seems like a win.

We'll continue to see attacks against hardware, but this is still a technology worth exploring.

(comment deleted)