Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SIGY: Breaking Intel SGX Enclaves with Malicious Exceptions & Signals

Supraja Sridhara, Andrin Bertschi, Benedict Schlüter, Shweta Shinde

TL;DR

SIGY uncovers a new class of attacks on Intel SGX where a malicious OS injects fake hardware events and signals to compel enclave-registered handlers to execute, thereby tampering with enclave state and breaking confidentiality and execution integrity. The authors systematically analyze 14 runtimes and 9 languages, demonstrating SIGY’s reach across real-world enclaves and program logic, including four PoC exploits on Nginx, Node.js, and ML workloads, with a worst-case requiring about $1.86\times 10^{11}$ injections to bias an MLP. They present concrete case studies, a PoC exploitation framework, and a discussion of defenses, showing that several SDKs and library OSes remain vulnerable due to how signals are delivered to enclaves. The work emphasizes an urgent need to re-evaluate enclave ecosystems for lift-and-shift deployments and to carefully balance functionality with security by potentially disabling vulnerable signal paths and strengthening origin verification. Overall, SIGY broadens the attack surface landscape for SGX enclaves and motivates architectural and defense-oriented redesigns in runtimes and library OSes.

Abstract

User programs recover from hardware exceptions and respond to signals by executing custom handlers that they register specifically for such events. We present SIGY attack, which abuses this programming model on Intel SGX to break the confidentiality and integrity guarantees of enclaves. SIGY uses the untrusted OS to deliver fake hardware events and injects fake signals in an enclave at any point. Such unintended execution of benign program-defined handlers in an enclave corrupts its state and violates execution integrity. 7 runtimes and library OSes (OpenEnclave, Gramine, Scone, Asylo, Teaclave, Occlum, EnclaveOS) are vulnerable to SIGY. 8 languages supported in Intel SGX have programming constructs that are vulnerable to SIGY. We use SIGY to demonstrate 4 proof of concept exploits on webservers (Nginx, Node.js) to leak secrets and data analytics workloads in different languages (C and Java) to break execution integrity.

SIGY: Breaking Intel SGX Enclaves with Malicious Exceptions & Signals

TL;DR

SIGY uncovers a new class of attacks on Intel SGX where a malicious OS injects fake hardware events and signals to compel enclave-registered handlers to execute, thereby tampering with enclave state and breaking confidentiality and execution integrity. The authors systematically analyze 14 runtimes and 9 languages, demonstrating SIGY’s reach across real-world enclaves and program logic, including four PoC exploits on Nginx, Node.js, and ML workloads, with a worst-case requiring about injections to bias an MLP. They present concrete case studies, a PoC exploitation framework, and a discussion of defenses, showing that several SDKs and library OSes remain vulnerable due to how signals are delivered to enclaves. The work emphasizes an urgent need to re-evaluate enclave ecosystems for lift-and-shift deployments and to carefully balance functionality with security by potentially disabling vulnerable signal paths and strengthening origin verification. Overall, SIGY broadens the attack surface landscape for SGX enclaves and motivates architectural and defense-oriented redesigns in runtimes and library OSes.

Abstract

User programs recover from hardware exceptions and respond to signals by executing custom handlers that they register specifically for such events. We present SIGY attack, which abuses this programming model on Intel SGX to break the confidentiality and integrity guarantees of enclaves. SIGY uses the untrusted OS to deliver fake hardware events and injects fake signals in an enclave at any point. Such unintended execution of benign program-defined handlers in an enclave corrupts its state and violates execution integrity. 7 runtimes and library OSes (OpenEnclave, Gramine, Scone, Asylo, Teaclave, Occlum, EnclaveOS) are vulnerable to SIGY. 8 languages supported in Intel SGX have programming constructs that are vulnerable to SIGY. We use SIGY to demonstrate 4 proof of concept exploits on webservers (Nginx, Node.js) to leak secrets and data analytics workloads in different languages (C and Java) to break execution integrity.
Paper Structure (29 sections, 8 figures, 8 tables)

This paper contains 29 sections, 8 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Sigy Overview
  3. Motivating Examples
  4. Sigy Attacks on Real-world Enclaves
  5. Faking signals in SDKs
  6. Intel SGX SDK
  7. Open Enclave
  8. Teaclave SGX-SDK
  9. Asylo
  10. Faking signals in Library OSes
  11. Gramine
  12. Scone and EnclaveOS
  13. Occlum
  14. Other Runtimes
  15. Which signals can we inject?
  16. ...and 14 more sections

Figures (8)

  • Figure 1: Sigy on Java applications. Attacker injects sigfpe$3$ times to change the execution and data integrity.
  • Figure 2: SDK interfaces. (a) Handling hardware exceptions (b) Handling intra-enclave signals.
  • Figure 3: (a) Intel SGX SDK (b) Open enclave (c) Asylo (d) Teaclave SGX-SDK.
  • Figure 4: $T_1$ and $T_2$ are threads of the same enclave process. Black: Normal operation with ocall and ecall interfaces in Teaclave. Pink: Interfaces that can be maliciously invoked for Sigy.
  • Figure 5: Signal propagation with library OSes. (a) OS or untrusted runtime sends signal to enclave process. (b) One enclave process sends signal to another enclave process through the untrusted runtime and OS. (c) LibOS creates a process abstraction such that 2 processes run in the same enclave. These processes can send signals to each other via the LibOS.
  • ...and 3 more figures