[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #21114 [Applications/Tor Browser]: Evaluate SGX impact on exploitation
#21114: Evaluate SGX impact on exploitation
--------------------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks):
Replying to [ticket:21114 cypherpunks]:
> Threat model:
> 1 adversary has access to Intel backdoors to put own versions of Intel
trusted SGX service enclaves.
> 2 adversary uses the most sophisticated exploits they have against the
user
> 3 adversary is not willing to use the most sophisticated exploits if
they can be investigated and disclosed. In this case it will spare them
for high-value targets. Othervise it will use them on everybody.
>
> so
>
> 1 We shouldn't put whole TorBrowser into SGX enclave. This will make
exploits unauditable.
> 2 Enclaves are restricted to ring 3 but they can use syscalls. The
common attack scenario is hacking usermode process first and then
escalating the privileges. For privilege escalation phase an adversary can
setup an enclave and upload an exploit there after remote attestation,
which will make the exploit unanalyzable. So we need a way to reliably
disable SGX on the systems TorBrowser is executed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21114#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs