{ "access": { "embargo": { "active": false, "reason": null }, "files": "public", "record": "public", "status": "open" }, "created": "2021-02-23T09:32:40.305833+00:00", "custom_fields": { "meeting:meeting": { "title": "ACSAC 2020", "url": "https://www.acsac.org/" } }, "deletion_status": { "is_deleted": false, "status": "P" }, "files": { "count": 1, "enabled": true, "entries": { "42-Faulty-Point-Unit-ABI-Poisoning-Attacks-on-Intel-SGX.pdf": { "checksum": "md5:17cda6c9d53bc0dc2ca5f39dc1c780e7", "ext": "pdf", "id": "de119943-5f97-4c3d-a832-7c93593e1aed", "key": "42-Faulty-Point-Unit-ABI-Poisoning-Attacks-on-Intel-SGX.pdf", "metadata": null, "mimetype": "application/pdf", "size": 5090240 } }, "order": [], "total_bytes": 5090240 }, "id": "4556825", "is_draft": false, "is_published": true, "links": { "access": "https://zenodo.org/api/records/4556825/access", "access_links": "https://zenodo.org/api/records/4556825/access/links", "access_request": "https://zenodo.org/api/records/4556825/access/request", "access_users": "https://zenodo.org/api/records/4556825/access/users", "archive": "https://zenodo.org/api/records/4556825/files-archive", "archive_media": "https://zenodo.org/api/records/4556825/media-files-archive", "communities": "https://zenodo.org/api/records/4556825/communities", "communities-suggestions": "https://zenodo.org/api/records/4556825/communities-suggestions", "doi": "https://doi.org/10.1145/3427228.3427270", "draft": "https://zenodo.org/api/records/4556825/draft", "files": "https://zenodo.org/api/records/4556825/files", "latest": "https://zenodo.org/api/records/4556825/versions/latest", "latest_html": "https://zenodo.org/records/4556825/latest", "media_files": "https://zenodo.org/api/records/4556825/media-files", "parent": "https://zenodo.org/api/records/4556824", "parent_doi": "https://zenodo.org/doi/", "parent_html": "https://zenodo.org/records/4556824", "requests": "https://zenodo.org/api/records/4556825/requests", "reserve_doi": "https://zenodo.org/api/records/4556825/draft/pids/doi", "self": "https://zenodo.org/api/records/4556825", "self_doi": "https://zenodo.org/doi/10.1145/3427228.3427270", "self_html": "https://zenodo.org/records/4556825", "self_iiif_manifest": "https://zenodo.org/api/iiif/record:4556825/manifest", "self_iiif_sequence": "https://zenodo.org/api/iiif/record:4556825/sequence/default", "versions": "https://zenodo.org/api/records/4556825/versions" }, "media_files": { "count": 0, "enabled": false, "entries": {}, "order": [], "total_bytes": 0 }, "metadata": { "creators": [ { "affiliations": [ { "name": "KU Leuven" } ], "person_or_org": { "family_name": "Alder", "given_name": "F.", "name": "Alder, F.", "type": "personal" } }, { "affiliations": [ { "name": "University of Birmingham" } ], "person_or_org": { "family_name": "Oswald", "given_name": "D.", "name": "Oswald, D.", "type": "personal" } }, { "affiliations": [ { "name": "KU Leuven" } ], "person_or_org": { "family_name": "Bulck", "given_name": "J. V.", "name": "Bulck, J. V.", "type": "personal" } }, { "affiliations": [ { "name": "KU Leuven" } ], "person_or_org": { "family_name": "Piessens", "given_name": "F.", "name": "Piessens, F.", "type": "personal" } } ], "description": "
This paper analyzes a previously overlooked attack surface that allows unprivileged adversaries to impact supposedly secure floating-point computations in Intel SGX enclaves through the Application Binary Interface (ABI). In a comprehensive study across 7 widely used industry-standard and research enclave shielding runtimes, we show that control and state registers of the x87 Floating-Point Unit (FPU) and Intel Streaming SIMD Extensions (SSE) are not always properly sanitized on enclave entry. First, we abuse the adversary’s control over precision and rounding modes as a novel “ABI-level fault injection” primitive to silently corrupt enclaved floating-point operations, enabling a new class of stealthy, integrity-only attacks that disturb the result of SGX enclave computations. Our analysis reveals that this threat is especially relevant for applications that use the older x87 FPU, which is still being used under certain conditions for high-precision operations by modern compilers like gcc. We exemplify the potential impact of ABI-level quality-degradation attacks in a case study of an enclaved machine learning service and in a larger analysis on the SPEC benchmark programs. Second, we explore the impact on enclave confidentiality by showing that the adversary’s control over floating-point exception masks can be abused as an innovative controlled channel to detect FPU usage and to recover enclaved multiplication operands in certain scenarios. Our findings, affecting 5 out of the 7 studied runtimes, demonstrate the fallacy and challenges of implementing high-assurance trusted execution environments on contemporary x86 hardware. We responsibly disclosed our findings to the vendors and were assigned two CVEs, leading to patches in the Intel SGX-SDK, Microsoft OpenEnclave, the Rust compiler’s SGX target, and Go-TEE.
", "funding": [ { "award": { "acronym": "FutureTPM", "id": "00k4n6c32::779391", "identifiers": [ { "identifier": "https://cordis.europa.eu/projects/779391", "scheme": "url" } ], "number": "779391", "program": "H2020", "title": { "en": "Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module" } }, "funder": { "id": "00k4n6c32", "name": "European Commission" } } ], "languages": [ { "id": "eng", "title": { "en": "English" } } ], "publication_date": "2020-12-12", "publisher": "Zenodo", "related_identifiers": [ { "identifier": "10.1145/3427228.3427270", "relation_type": { "id": "ispreviousversionof", "title": { "de": "Ist eine vorherige Version von", "en": "Is previous version of" } }, "scheme": "doi" } ], "resource_type": { "id": "publication-conferencepaper", "title": { "de": "Konferenzbeitrag", "en": "Conference paper" } }, "rights": [ { "description": { "en": "The Creative Commons Attribution license allows re-distribution and re-use of a licensed work on the condition that the creator is appropriately credited." }, "icon": "cc-by-icon", "id": "cc-by-4.0", "props": { "scheme": "spdx", "url": "https://creativecommons.org/licenses/by/4.0/legalcode" }, "title": { "en": "Creative Commons Attribution 4.0 International" } } ], "title": "Faulty Point Unit: ABI Poisoning Attacks on Intel SGX" }, "parent": { "access": { "owned_by": { "user": 41483 } }, "communities": { "default": "23cefd56-a879-4d78-97b1-289b8d2ea3d7", "entries": [ { "access": { "member_policy": "open", "members_visibility": "public", "record_policy": "open", "review_policy": "open", "visibility": "public" }, "children": { "allow": false }, "created": "2018-03-08T08:11:35.495469+00:00", "custom_fields": {}, "deletion_status": { "is_deleted": false, "status": "P" }, "id": "23cefd56-a879-4d78-97b1-289b8d2ea3d7", "links": {}, "metadata": { "curation_policy": "Only publications related to the H2020 FutureTPM Project will be curated.", "page": "GOALS
\r\n\r\nWith the emergence of the Internet of Things (IoT), industry’s digital transformation has begun by bringing new challenges. Security, in particular, is one of the main concerns due, in part, to recent developments in quantum computing.
\r\n\r\nA quantum computer is different from common digital computers, where data are encoded into binary digits (bits), each of which is always in one of two definite states (0 or 1). Instead, a quantum computation uses quantum bits (qubits), which can be in superpositions of states. This means that a quantum computer with n qubits can be in an arbitrary superposition of up to 2n different states simultaneously, whereas a "normal' computer can only be in one of these 2n states at any one time. Experts believe that once a fault-tolerant universal quantum computer is available, which may still be several years away, it will be capable of solving complex mathematical problems, rendering all currently used public-key cryptographic solutions insecure. As a result, the need to find ways to incorporate quantum-resistant (QR) cryptographic algorithms into deployed systems is becoming very pressing.
\r\n\r\nThe FutureTPM project is aimed at designing and developing a Quantum-Resistant (QR) Trusted Platform Module (TPM). FutureTPM will provide a new generation of TPM-based solutions, including hardware, software and virtualization environments, by incorporating robust and physically secured Quantum-Resistant cryptographic primitives. This will allow long-term security, privacy and operational assurance for future ICT systems and services. FutureTPM solutions will also improve the security of Hardware Security Modules, Trusted Execution Environments, Smart Cards, and the Internet of Things.
", "title": "FutureTPM" }, "revision_id": 0, "slug": "futuretpm-h2020", "updated": "2018-03-08T08:13:27.779185+00:00" }, { "access": { "member_policy": "open", "members_visibility": "restricted", "record_policy": "open", "review_policy": "closed", "visibility": "public" }, "children": { "allow": true }, "created": "2022-11-23T15:53:29.436323+00:00", "custom_fields": {}, "deletion_status": { "is_deleted": false, "status": "P" }, "id": "f0a8b890-f97a-4eb2-9eac-8b8a712d3a6c", "links": {}, "metadata": { "curation_policy": "The EU Open Research Repository serves as a repository for research outputs (data, software, posters, presentations, publications, etc) which have been funded under an EU research funding programme such as Horizon Europe, Euratom or earlier Framework Programmes.
\nThe community is managed by CERN on behalf of the European Commission.
\nZenodo’s general policies and Terms of Use apply to all content.
\nThe EU Open Research Repository accepts all digital research objects which is a research output stemming from one of EU’s research and innovation funding programmes. The funding programmes currently include:
\nHorizon Europe (including ERC, MSCA), earlier Framework Programmes (eg Horizon 2020) as well as Euratom.
\nIn line with the principle as open as possible, as closed as necessary both public and restricted content is accepted. See note on how Zenodo handles restricted content.
\nEU programme beneficiaries are eligible to submit content to the community. The community supports three types of content submissions:
\nSubmission via an EU Project Community (through user interface or programmatic APIs).
\nSubmission directly to the EU Open Research Repository.
\nAutomated harvesting from existing Zenodo content.
\nA representative of an EU project may request an EU Project Community and invite other project participants as members of the community. The project community is linked to one or more European Commission grants. All records in the project community are automatically integrated into the EU Open Research Repository immediately upon acceptance into the project community.
\nAny user may submit a record directly to the EU Open Research Repository. The submission will be moderated by Zenodo staff for compliance with the minimal required metadata requirements and its correctness.
\nRecords found among Zenodo’s existing content will on a regular basis automatically be integrated if they are found to comply with the requirements. The submissions through this method are integrated into the EU Open Research Repository with delay in a fully automated way.
\nRecords in the EU Open Research Repository are required to comply with the following minimal metadata requirements:
\nVisibility: Both public and restricted (with or without embargo and/or access request)
\nResource types: All resource types.
\nLicenses: Public and embargoed records MUST specify a license.
\nFunding information: Records MUST specify at least one grant from the European Commission.
\nCreators: Creators SHOULD be identified with a persistent identifier (e.g. ORCID, GND, …), and affiliations SHOULD be identified with a persistent identifier (e.g. ROR, ISNI, …)
\nSubjects: Records SHOULD specify one or more fields of science from the European Science Vocabulary.
\nAll submissions will undergo automated curation checks for compliance with the policy. Submissions through project communities are reviewed by the project community. Submission directly to the EU Open Research Repository is reviewed by Zenodo staff.
\nCommunity curators may at any point edit metadata of the records in the community without notice through human or automated processing. The curators may at their sole discretion remove records from the community that are deemed not to comply with the content and curation policy or which are deemed of insufficient quality.
\nThe content and curation policy is subject to change by the community owner at any time and without notice, other than through updating this page.
", "description": "Open repository for EU-funded research outputs from Horizon Europe, Euratom and earlier Framework Programmes.", "organizations": [ { "id": "00k4n6c32" } ], "page": "The EU Open Research Repository is a Zenodo-community dedicated to fostering open science and enhancing the visibility and accessibility of research outputs funded by the European Union. The community is managed by CERN on behalf of the European Commission.
\nThe mission of the repository is to support the implementation of the EU's open science policy, providing a trusted and comprehensive space for researchers to share their research outputs such as data, software, reports, presentations, posters and more. The EU Open Research Repository simplifies the process of complying with open science requirements, ensuring that research outputs from Horizon Europe, Euratom, and earlier Framework Programmes are freely accessible, thereby accelerating scientific discovery and innovation.
\nThe EU Open Research Repository serves as a complementary platform to the Open Research Europe (ORE) publishing platform. Open Research Europe focuses on providing a publishing venue for peer-reviewed articles, ensuring that research meets rigorous academic standards. The EU Open Research Repository provides a space for all the other research outputs including data sets, software, posters, and presentations that are out of scope for ORE. This holistic approach enables researchers to not only publish their findings but also share the underlying data and materials that support their work, fostering transparency and reproducibility in the scientific process.
\nCurrently in its pilot phase and set to be fully operational during autumn 2024, the EU Open Research Repository is constantly evolving. Efforts are committed to integrating cutting-edge features, including automated curation checks and FAIR (Findable, Accessible, Interoperable, and Reusable) assistance, to further support the research community. The goal is to provide researchers with a simple goto solution for making their publicly funded research open and as FAIR as possible.
\nThe EU Open Research Repository is funded by the European Union under grant agreement no. 101122956(HORIZON-ZEN). For more information about the project see https://about.zenodo.org/projects/horizon-zen/.
", "title": "EU Open Research Repository (Pilot)", "type": { "id": "organization" }, "website": "https://research-and-innovation.ec.europa.eu" }, "revision_id": 16, "slug": "eu", "theme": { "brand": "horizon", "enabled": true, "style": { "font": { "family": "Arial, sans-serif", "size": "16px", "weight": 600 }, "mainHeaderBackgroundColor": "#FFFFFF", "primaryColor": "#004494", "primaryTextColor": "#FFFFFF", "secondaryColor": "#FFD617", "secondaryTextColor": "#000000", "tertiaryColor": "#e3eefd", "tertiaryTextColor": "#1c5694" } }, "updated": "2024-03-20T06:47:47.577483+00:00" } ], "ids": [ "23cefd56-a879-4d78-97b1-289b8d2ea3d7", "f0a8b890-f97a-4eb2-9eac-8b8a712d3a6c" ] }, "id": "4556824", "pids": {} }, "pids": { "doi": { "identifier": "10.1145/3427228.3427270", "provider": "external" }, "oai": { "identifier": "oai:zenodo.org:4556825", "provider": "oai" } }, "revision_id": 3, "stats": { "all_versions": { "data_volume": 315594880.0, "downloads": 62, "unique_downloads": 61, "unique_views": 71, "views": 75 }, "this_version": { "data_volume": 310504640.0, "downloads": 61, "unique_downloads": 60, "unique_views": 70, "views": 74 } }, "status": "published", "updated": "2021-02-23T12:27:13.162724+00:00", "versions": { "index": 1, "is_latest": true } }