lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160503153840.GB2890@xo-6d-61-c0.localdomain>
Date:	Tue, 3 May 2016 17:38:40 +0200
From:	Pavel Machek <pavel@....cz>
To:	"Dr. Greg Wettstein" <greg@...ellic.com>
Cc:	"Austin S. Hemmelgarn" <ahferroin7@...il.com>,
	Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
	gregkh@...uxfoundation.org, Andy Lutomirski <luto@...nel.org>,
	Borislav Petkov <bp@...e.de>,
	Boris Ostrovsky <boris.ostrovsky@...cle.com>,
	"open list:STAGING SUBSYSTEM" <devel@...verdev.osuosl.org>,
	Ingo Molnar <mingo@...nel.org>,
	Kristen Carlson Accardi <kristen@...ux.intel.com>,
	"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
	open list <linux-kernel@...r.kernel.org>,
	Mathias Krause <minipli@...glemail.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Wan Zongshun <Vincent.Wan@....com>
Subject: Re: [PATCH 0/6] Intel Secure Guard Extensions

Hi!

> We have been following and analyzing this technology since the first
> HASP paper was published detailing its development.  We have been

(1)

> 
> I told my associates the first time I reviewed this technology that
> SGX has the ability to be a bit of a Pandora's box and it seems to be
> following that course.

Can you elaborate on the Pandora's box? System administrator should be able to
disable SGX on the system, and use system to do anything that could be done with
the older CPUs, right?

> support data and application confidentiality and integrity in the face
> of an Iago threat environment, ie. a situation where a security

(2)

> Intel is obviously cognizant of the risk surrounding illicit uses of
> this technology since it clearly calls out that, by agreeing to have
> their key signed, a developer agrees to not implement nefarious or
> privacy invasive software.  Given the known issues that Certificate

Yeah, that's likely to work ... not :-(. "It is not spyware, it is just
collecting some anonymous statistics."

> domination and control.  They probably have enough on their hands with
> attempting to convert humanity to FPGA's and away from devices which
> are capable of maintaining a context of exection... :-)

Heh. FPGAs are not designed to replace CPUs anytime soon... And probably never.

> the Haven paper in which Microsoft Research discussed how SGX could be
> used to run unmodified Windows applications within an SGX TEE.

(3)

> I think Intel was somewhat sobered by the follow on paper in which
> Microsoft demonstrated that in an Iago environment an interloper was
> capable of determing with accuracy levels greater then 60% what was
> being done in an SGX TEE.  Matt Hoekstra was very quick to call out
> the need for the community to understand and develop side channel

(4)

> In the TL;DR department I would highly recommend that anyone
> interested in all of this read MIT's 170+ page review of the
> technology before jumping to any conclusions.... :-)

(5)

Would you have links for 1-5?

Thanks,
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ