Plundervolt : software-based fault injection attacks against Intel SGX
- Submitting institution
-
The University of Birmingham
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 86343495
- Type
- E - Conference contribution
- DOI
-
10.1109/SP40000.2020.00057
- Title of conference / published proceedings
- 2020 IEEE Symposium on Security and Privacy (SP)
- First page
- 1466
- Volume
- -
- Issue
- -
- ISSN
- 2375-1207
- Open access status
- Not compliant
- Month of publication
- May
- Year of publication
- 2020
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
5
- Research group(s)
-
-
- Citation count
- 2
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- This work shows that SGX, a security technology integrated into all modern Intel processors, is vulnerable to fault attacks. By controlling the supply voltage from software, an attacker can inject bit flips into SGX-protected computations. This can be used by the attacker to extract cryptographic keys and also to induce memory safety vulnerabilities into otherwise bug-free code.
As a consequence, Intel has released security advisory INTEL-SA-00289 and issued a microcode update in December 2019 to protect systems against this attack. This article received extensive media coverage including WIRED, ZDNet, Ars Technica, and The Register.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -