[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #21114 [Applications/Tor Browser]: Evaluate SGX impact on exploitation

Subject: [tor-bugs] #21114 [Applications/Tor Browser]: Evaluate SGX impact on exploitation
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 30 Dec 2016 21:09:13 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 30 Dec 2016 16:09:22 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21114: Evaluate SGX impact on exploitation
------------------------------------------+----------------------
     Reporter:  cypherpunks               |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 Threat model:
 1 adversary has access to Intel backdoors to put own versions of Intel
 trusted SGX service enclaves.
 2 adversary uses the most sophisticated exploits they have against the
 user
 3 adversary is not willing to use that exploits if they can be
 investigated and disclosed

 so

 1 We shouldn't put whole TorBrowser into SGX enclave. This will make
 exploits unauditable.
 2 Enclaves are restricted to ring 3 but they can use syscalls. The common
 attack scenario is hacking usermode process first and then escalating the
 privileges. For privilege escalation phase an adversary can setup an
 enclave and upload an exploit there after remote attestation, which will
 make the exploit unanalyzable. So we need a way to reliably disable SGX on
 the systems TorBrowser is executed.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21114>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #21114 [Applications/Tor Browser]: Evaluate SGX impact on exploitation
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #18828 [Core Tor/Tor]: Regenerate fallback list for 0.2.9
Next by Author: Re: [tor-bugs] #20871 [Core Tor/Torsocks]: Regression in Torsocks 2.2.0 breaks wget, among others
Previous by thread: [tor-bugs] #21113 [Applications]: Create docs for apt-transport-tor
Next by thread: Re: [tor-bugs] #21114 [Applications/Tor Browser]: Evaluate SGX impact on exploitation
Index(es):
- Author
- Thread