Foreshadow
Intel processors |
Foreshadow, known as L1 Terminal Fault (L1TF) by
Foreshadow is similar to the
Foreshadow may be very difficult to exploit.
On 16 August 2018, researchers presented technical details of the Foreshadow security vulnerabilities in a seminar, and publication, entitled "Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution"[22] at a USENIX security conference.[9][22]
History
Two groups of researchers discovered the security vulnerabilities independently: a Belgian team (including Raoul Strackx, Jo Van Bulck, Frank Piessens) from imec-DistriNet, KU Leuven reported it to Intel on 3 January 2018;[23] a second team from Technion – Israel Institute of Technology (Marina Minkin, Mark Silberstein), University of Adelaide (Yuval Yarom), and University of Michigan (Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F. Wenisch) reported it on 23 January 2018.[1][4] The vulnerabilities were first disclosed to the public on 14 August 2018.[1][4]
Mechanism
The Foreshadow vulnerability is a
For Foreshadow, the sensitive data of interest is the encrypted data in an SGX enclave. Usually, an attempt to read enclave memory from outside the enclave is made, speculative execution is permitted to modify the cache based on the data that was read, and then the processor is allowed to block the speculation when it detects that the protected-enclave memory is involved and reading is not permitted. Speculative execution can use sensitive data in a level 1 cache before the processor notices a lack of permission.[4] The Foreshadow attacks are stealthy, and leave few traces of the attack event afterwards in a computer's logs.[5]
On 16 August 2018, researchers presented technical details of the Foreshadow security vulnerabilities in a seminar, and publication,[22] at a USENIX security conference.[9][22]
Impact
Foreshadow is similar to the
Intel notes that the Foreshadow flaws could produce the following:[6]
- Malicious applications, which may be able to infer data in the operating system memory, or data from other applications.
- A malicious guest virtual machine (VM) may infer data in the VM's memory, or data in the memory of other guest VMs.
- Malicious software running outside of SMM may infer data in SMM memory.
- Malicious software running outside of an Intel SGX enclave or within an enclave may infer data from within another Intel SGX enclave.
According to one of the discoverers of the computer flaws: "... the SGX security hole can lead to a "Complete collapse of the SGX ecosystem."[6]
A partial listing of affected Intel hardware has been posted, and is described below.[11][12] (Note: a more detailed - and updated - listing of affected products is on the official Intel website.[11])
- Intel Core i3/i5/i7/M processor (45 nm and 32 nm)
- 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
- Intel Core X-series processor family for Intel X99 and X299 platforms
- Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
- Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 family
- Intel Xeon Processor E5 v1/v2/v3/v4 family
- Intel Xeon Processor E7 v1/v2/v3/v4 family
- Intel Xeon Processor Scalable family
- Intel Xeon Processor D (1500, 2100)
Foreshadow may be very difficult to exploit,[3][7] and there seems to be no evidence to date (15 August 2018) of any serious hacking involving the Foreshadow vulnerabilities.[3][7]
Mitigation
Applying software patches may help alleviate some concern(s), although the balance between security and performance may be a worthy consideration.[6][24] Companies performing cloud computing may see a significant decrease in their overall computing power; people should not likely see any performance impact, according to researchers.[10]
The real fix, according to Intel, is by replacing today's processors.
See also
- Transient execution CPU vulnerabilities
- BlueKeep (security vulnerability)
- Hardware security bug
- TLBleed, similar security vulnerability
References
- ^ a b c d e f g h i "Foreshadow - Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution". ForeShadowAttack.eu. 2018-08-14. Archived from the original on 2018-08-15. Retrieved 2018-08-14.
- ^ "Software Security Guidance from Intel". Software.intel.com. Archived from the original on 2020-07-26. Retrieved 2021-12-29.
- ^ PC Magazine. Archivedfrom the original on 2018-08-15. Retrieved 2018-08-14.
- ^ a b c d Bright, Peter (2018-08-14). "Intel's SGX blown wide open by, you guessed it, a speculative execution attack - Speculative execution attacks truly are the gift that keeps on giving". Ars Technica. Archived from the original on 2018-08-15. Retrieved 2018-08-14.
- ^ a b Newman, Lily Hay (2018-08-14). "Spectre-like Flaw Undermines intel Processors' Most Secure Element". Wired. Archived from the original on 2019-01-11. Retrieved 2018-08-15.
- ^ ZDNet. Archivedfrom the original on 2018-08-15. Retrieved 2018-08-15.
- ^ a b c d e f g h i Giles, Martin (2018-08-14). "Intel's 'Foreshadow' flaws are the latest sign of the chipocalypse". MIT Technology Review. Archived from the original on 2018-08-16. Retrieved 2018-08-14.
- ^ Masters, Jon (2018-08-14). "Understanding L1 Terminal Fault aka Foreshadow: What you need to know". Red Hat. Archived from the original on 2018-08-18. Retrieved 2018-08-18.
- ^ a b c Chirgwin, Richard (2018-08-15). "Foreshadow and Intel SGX software attestation: 'The whole trust model collapses' - El Reg talks to Dr Yuval Yarom about Intel's memory leaking catastrophe". The Register. Archived from the original on 2018-08-15. Retrieved 2018-08-15.
- ^ a b c Lee, Dave (2018-08-15). "'Foreshadow' attack affects Intel chips". BBC News. Archived from the original on 2018-08-15. Retrieved 2018-08-15.
- ^ a b c d Staff (2018-08-14). "Q3 2018 Speculative Execution Side Channel Update (Intel-SA-00161)". Intel. Archived from the original on 2019-04-24. Retrieved 2018-08-01.
- ^ a b c Armasu, Lucian (2018-08-15). "Intel Chips' List of Security Flaws Grows". Tom's Hardware. Archived from the original on 2021-12-29. Retrieved 2018-08-15.
- ^ Kerner, Sean Michael (2018-08-15). "Intel SGX at Risk From Foreshadow Speculative Execution Attack - Another set of side-channel, speculative execution vulnerabilities have been publicly reported by security researchers; this time the vulnerabilities take specific aim at SGX secure enclave and hypervisor isolation boundaries". eWeek. Archived from the original on 2021-12-29. Retrieved 2018-08-15.
- ^ Kennedy, John (2018-08-15). "A Foreshadow of security: What you need to know about new Intel chip flaws". Silicon Republic.com. Archived from the original on 2018-08-16. Retrieved 2018-08-15.
- ^ Hachman, Mark (2018-08-15). "Foreshadow attacks Intel CPUs with Spectre-like tactics (but you're probably safe) - You should be protected from L1TF if your PC is patched and up to date". PC World. Archived from the original on 2021-12-29. Retrieved 2018-08-16.
- ^ a b c Hoffman, Chris (2018-08-16). "How to Protect Your PC From the Intel Foreshadow Flaws". How-To Geek. Archived from the original on 2018-08-16. Retrieved 2018-08-16.
- ^ Constantin, Lucian (2018-08-16). "New Foreshadow Vulnerabilities Defeat Memory Defenses on Intel CPUs". SecurityBoulevard.com. Archived from the original on 2018-08-17. Retrieved 2018-08-16.
- ^ [1][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17]
- ^ Weisse, Ofir; et al. (2018). "Foreshadow-NG: Breaking the virtual memory abstraction with transient out-of-order execution".[permanent dead link]
- ^ a b Cutress, Ian (2018-08-19). "Intel at Hot Chips 2018: Showing the Ankle of Cascade Lake". AnandTech. Archived from the original on 2018-08-20. Retrieved 2018-08-19.
- ^ a b Alcorn, Paul (2018-08-22). "Intel Unveils Cascade Lake, In-Silicon Spectre And Meltdown Mitigations". Tom's Hardware. Retrieved 2018-08-22.
- ^ a b c d Van Bulck, Jo; Minkin, Marina; Weisse, Ofir; Genkin, Daniel; Kasikci, Baris; Piessens, Frank; Silberstein, Mark; Wenisch, Thomas F.; Yarom, Yuval; Strackx, Raoul (2018-08-16). "Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution" (PDF). USENIX. Archived (PDF) from the original on 2018-08-18. Retrieved 2018-08-16.
- ^ "Protecting Our Customers through the Lifecycle of Security Threats | Intel Newsroom". Newsroom.intel.com. Archived from the original on 2018-08-14. Retrieved 2021-12-29.
- Phoronix. Archivedfrom the original on 2019-06-01. Retrieved 2019-05-25.
Further reading
External links
- Official website
- Foreshadow – Technical (video; 00:40; FSA) on YouTube
- Foreshadow – Overview (video; 03:09; FSA) on YouTube
- Foreshadow – Overview (video; 03:33; Red Hat) on YouTube
- Foreshadow – Overview (video; 10:48; Red Hat) on YouTube