SGX 101
  • Home
  • SSLab
  • SGX Bootstrap
    • Overview
    • Enclave
      • Communication between Architectural and Application Enclaves
    • Attestation
      • Inter-process Local Attestation
    • Sealing
    • Real-world Example
    • CCS'17 Tutorial
    • Technion'18 Summer School Program
  • SGX Security
    • Memory Corruption
    • Uninitialized Memory
    • Page-table-based Attacks
    • Cache Attacks
    • Branch Shadowing
    • Row Hammer Attacks
    • Speculative Execution Side Channels
  • Other Resources
  • About Us
Powered by GitBook
On this page
  • Introduction
  • Dark ROP
  • SGX-Shield

Was this helpful?

  1. SGX Security

Memory Corruption

PreviousSGX SecurityNextUninitialized Memory

Last updated 5 years ago

Was this helpful?

Introduction

An SGX program may still suffer from traditional software attacks if the program binary contains vulnerabilities. One type of vulnerabilities is memory corruption that enables control-flow hijacking attacks such as return-oriented programming (ROP) and return-to-libc attacks. This section demonstrates an ROP attack against an enclave and our mitigation (i.e., fine-grained ASLR) against the attack.

Dark ROP

This video shows how the Dark ROP attack detects memcpy() and copy the entire memory contents of an enclave to the outside.

SGX-Shield

This video demonstrates the effectiveness of fine-grained ASLR support of SGX-Shield.