To execute the Spectre-SGX attack, an attacker does not need to have access to a processor cache; rather, the attacker needs access to the CPU’s hardware registers, and to an SGX enclave. The use of SGX in Intel processors means that attacks such as Spectre and Meltdown can be executed by an unprivileged process. The attacker, however, needs to have the ability to execute instructions that perform a transition from the enclave to the privilege level in which the process is executing.
As with other secure enclave attacks such as Meltdown, the main issue to be addressed is that the Spectre-SGX attack is a software-based approach. Spectre-SGX allows an unprivileged process to read data that is protected by the software security mechanism, which is not possible with the traditional Spectre attack. The attack also works for Intel chips using SGX.
Spectre-SGX is a hardware-based architecture that allows a malicious application to leak data from the secure enclave without having the privilege of being able to read that data. A Spectre-SGX attack enables an unprivileged process to read memory contents that are protected by the software security mechanism, which is not possible with the traditional Spectre attack. The attack also works for Intel chips using SGX.
Note that managed code and enclave code are still separate: they are both part of the wolfCrypt assembly. The benefit of this separation is that you can debug and test the enclave without ever having to worry about the managed code.
We’ve taken WPF and WPF-based UI project structures and applied them to the enclave environment. By doing so, we can give the enclave the highest level of abstraction and separation we can. This allows us to focus on the security and development of the enclave and not worry about the UI. This is a significant advantage because our target device is a very powerful embedded system where it is very difficult for third parties to run their own code.
Enclave code – Enclave code uses the seal and deserialization APIs in wolfCryptFIPS. At the time of this writing, these APIs are available in the wolfcryptwpf GitHub repository. The code is actually native code, but we’ve wrapped the Objective-C code in C++ so we can interface with the Windows FIPS API.