Conferences >2019 38th Symposium on Reliab...

Supply Chain Malware Targets SGX: Take Care of what you Sign

Download PDF
Download References
Request Permissions
Save to
Alerts

Abstract:

Malware attacks represent a significant part of today's security threats. Software guard extensions (SGX) are a set of hardware instructions introduced by Intel in their ...Show More

Metadata

Abstract:

Malware attacks represent a significant part of today's security threats. Software guard extensions (SGX) are a set of hardware instructions introduced by Intel in their recent lines of processors that are intended to provide a secure execution environment for user-developed applications. To our knowledge, there was no serious attempt yet to overcome the SGX protection by leveraging the software supply chain infrastructure, such as weaknesses in the development, build or signing servers. While SGX protection does not specifically take into consideration such threats, we show in the current paper that a simple malware attack exploiting a separation between the build and signing processes can have a serious damaging impact, practically nullifying the SGX integrity protection measures. Finally, we also suggest some possible mitigations against the attack.

Published in: 2019 38th Symposium on Reliable Distributed Systems (SRDS)

Date of Conference: 01-04 October 2019

Date Added to IEEE Xplore: 30 March 2020

ISBN Information:

ISSN Information:

DOI: 10.1109/SRDS47363.2019.00016

Conference Location: Lyon, France

Contents

I. Introduction

A software supply chain attack can be informally defined as the act of compromising legit software packages during their development or distribution phases. The number of such attacks showed a tremendous increase over the last few years, including high impact ones. A recent NIST forum presentation [1] reported seven significant events in 2017 compared to only four during the previous three years. One of the most common attack vectors is injecting malicious malware code [1], [2] into legitimate software packages during or between development and distribution phases, such as upon building or signing. The most prominent example is an infected installation package of the well known CCleaner [3] application that included a malware deployed in the vendor's build server [4]. The altered binary file was downloaded by 2.27 million customers, with potentially serious effects ranging from keystrokes recording to stealing secret credentials from users.

References is not available for this document.

Supply Chain Malware Targets SGX: Take Care of what you Sign

Abstract:

Metadata

Abstract:

ISSN Information:

I. Introduction

References

IEEE Account

Purchase Details

Profile Information

Need Help?

Supply Chain Malware Targets SGX: Take Care of what you Sign

Alerts

Abstract:

Metadata

Abstract:

ISSN Information:

I. Introduction

References