Leaking Uninitialized Secure Enclave Memory via Structure Padding (Extended Abstract)

TL;DR

This paper reveals a security vulnerability in Intel SGX where uninitialized enclave memory can be leaked through structure padding during ECALLs and OCALLs, exposing sensitive data.

Contribution

It uncovers a novel side-channel attack exploiting structure padding in SGX enclaves and discusses potential countermeasures.

Findings

Uninitialized enclave memory can be leaked via padding bytes

Proxy functions copy padding bytes, exposing confidential data

Countermeasures can mitigate the leakage risk

Abstract

Intel software guard extensions (SGX) aims to provide an isolated execution environment, known as an enclave, for a user-level process to maximize its confidentiality and integrity. In this paper, we study how uninitialized data inside a secure enclave can be leaked via structure padding. We found that, during ECALL and OCALL, proxy functions that are automatically generated by the Intel SGX Software Development Kit (SDK) fully copy structure variables from an enclave to the normal memory to return the result of an ECALL function and to pass input parameters to an OCALL function. If the structure variables contain padding bytes, uninitialized enclave memory, which might contain confidential data like a private key, can be copied to the normal memory through the padding bytes. We also consider potential countermeasures against these security threats.