While reading the Intel SGX development guide, the following phrases immediately caught my attention: "Anyone may load an enclave. Furthermore, an attacker may load an enclave with a program specifically developed to expose vulnerabilities in that enclave." and "Enclaves, regardless of the number of trusted threads defined, must not be designed with the assumption that the untrusted application will invoke the ISV interface functions following a specific order. Once the enclave is initialized, an attacker may invoke any ISV interface function, keep the calls in any order and provide any input parameters. Keep these ploys in mind to prevent opening an enclave up to attacks. " and "Input arguments reside inside the enclave when the ISV interface function is invoked. However, when an input is passed by reference, only the reference (the pointer address) will be inside the enclave. The value referenced could be outside and change at any time. For instance, an attacker may change the value after the enclave code checks the function parameters."
Correct me if i'm wrong:
- The first sentence above means that anyone can load an enclave.dll that I produced in release mode and associate it with a program created by them and call ecalls, and obviously ocalls, as they want and even give them inputs?
- The second sentence means that an attacker can intrude on a computer where an enclave was initialized and perform the procedures referred to in this second sentence?
- The third sentence means that an attacker can change, just before the ecall, the input memory pointed by the pointer passed in the ecall?
Thanks in advance and start a good week.
1. Yes, I can write a program that calls sgx_create_enclave( "your_release_enclave.signed...) and if I have the ability to run the program on a system and that enclave exists then the program can load said enclave.
3. Before the ecall, you are in the untrusted domain. Someone running a debugger attached on your program, or a malicious OS, can change values in the untrusted part of your program, yes.
Can you please rephrase #2?
Good afternoon Francisco,
Thanks in advance for answering me. What I wanted to ask in # 2 was:
The second sentence means that an attacker can intrude on a computer where an enclave was initialized and perform the referred procedures?