currently, I use the Intel Protected File System Library for my research and I have a question regarding its security guarantees. I already checked the description in the Developer Reference and the following blog post, but my question is not answered.
The question in short: once a file is opened, can an attacker swap the file content?
According to the reference, the library does not protect against swapping of files with the same name, as only the name is checked. Therefore, it is clear that an attacker can perform a rollback attack, i.e., if a file with the name xyz was updated, an attacker can afterwards replace the updated version with the old one and the library would not notice it.
The important aspect of my question is if swapping is possible if the file is already open. An example scenario: the enclave opens a file, reads the first 4kB chunk of the file, then does some other operations, and finally reads another 4kB chunk. Can the enclave be sure that an attacker did not rollback the file between the two chunk reads?
I consider this protection possible, as the enclave only has to cache the metadata node (referenced in the blog post) on a file open and use the cached version for all reads. However, I do not know if this is done.
Thank you and best regards
I think it has been done.
Check out the definition of `class protected_fs_file`, which represents an opened SGX-protected file. The class has a field named `meta_data_encrypted_t encrypted_part_plain`. This field contains the root hash of the merkle hash tree that protects a SGX-protected file. See definition of `meta_data_encrypted_t` is here. So the root hash is always kept in memory while the SGX-protected file is opened. So swapping part of the hash tree is not possible.