Author:

Keywords:

C16/15/058#53326573

Abstract:

In January 2018, we discovered the Foreshadow transient execution attack (USENIX Security’18) targeting Intel SGX technology. Intel’s subsequent investigation of our attack uncovered two closely related variants, which we collectively call Foreshadow-NG and which Intel refers to as L1 Terminal Fault. Current analyses focus mostly on mitigation strategies, providing only limited insight into the attacks themselves and their consequences. The aim of this report is to alleviate this situation by thoroughly analyzing Foreshadow-type attacks and their implications in the light of the emerging transient execution research area. At a high level, whereas previous generation Meltdown-type attacks are limited to reading privileged supervisor data within the attacker’s virtual address space, Foreshadow-NG attacks completely bypass the virtual memory abstraction by directly exposing cached physical memory contents to unprivileged applications and guest virtual machines. We review mitigation strategies proposed by Intel, and explain how Foreshadow-NG necessitates additional OS and hypervisor-level defense mechanisms on top of existing Meltdown mitigations.