[tbb-bugs] #21114 [Applications/Tor Browser]: Evaluate SGX impact on exploitation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Dec 30 21:09:13 UTC 2016
#21114: Evaluate SGX impact on exploitation
------------------------------------------+----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
Threat model:
1 adversary has access to Intel backdoors to put own versions of Intel
trusted SGX service enclaves.
2 adversary uses the most sophisticated exploits they have against the
user
3 adversary is not willing to use that exploits if they can be
investigated and disclosed
so
1 We shouldn't put whole TorBrowser into SGX enclave. This will make
exploits unauditable.
2 Enclaves are restricted to ring 3 but they can use syscalls. The common
attack scenario is hacking usermode process first and then escalating the
privileges. For privilege escalation phase an adversary can setup an
enclave and upload an exploit there after remote attestation, which will
make the exploit unanalyzable. So we need a way to reliably disable SGX on
the systems TorBrowser is executed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21114>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list