With Intel's SGX technology, Trusted Execution Environments have found their way into millions of desktop and server processors. In this talk, we present several hardware and software vulnerabilities that allow an attacker to subvert SGX's security guarantees. The used attack techniques range from fault injection ("Plundervolt" and "VoltPillager") to side-channel analysis ("PLATYPUS"). In conclusion, we provide clarifications on a realistic attacker model for TEEs like SGX and outline possible directions for future designs.
David Oswald is a senior lecturer (associate professor) in the Centre for Cyber Security and Privacy at the University of Birmingham, UK. His main field of research is the security of embedded systems and trusted execution. One main focus is on attack methods that exploit weaknesses in the physical implementation of mathematically secure cryptographic algorithms. Those techniques include both (passive) side-channel analysis and (active) fault injection, as well as reverse engineering. His research on vulnerabilities of various wide-spread systems (e.g. DESFire RFID smartcards, VW/Hitag2 RKE systems, and Intel SGX) has created awareness for the crucial importance of security among developers of embedded devices.
Zitai Chen is a PhD Student at the University of Birmingham, interested in Automotive Security, Embedded System Security and Fault Injection.