# Malware in the SGX supply chain: Be careful when signing enclaves!

**Authors:** Vlad Cr\u{a}ciun, Pascal Felber, Andrei Mogage, Emanuel Onica, Rafael, Pires

arXiv: 1907.05096 · 2020-09-24

## TL;DR

This paper reveals a new malware attack exploiting supply chain weaknesses in SGX enclave signing, demonstrating significant risks and proposing practical mitigation strategies using SGX and blockchain-based smart contracts.

## Contribution

It uncovers a novel supply chain attack on SGX enclaves and evaluates two feasible mitigation methods, one centralized and one distributed via blockchain.

## Key findings

- Supply chain attack can nullify SGX enclave integrity.
- Both mitigation strategies are practical and cost-effective.
- Blockchain-based mitigation offers a decentralized security solution.

## Abstract

Malware attacks are a significant part of the new software security threats detected each year. Intel Software Guard Extensions (SGX) are a set of hardware instructions introduced by Intel in their recent lines of processors that are intended to provide a secure execution environment for user-developed applications. To our knowledge, there was no serious attempt yet to overcome the SGX protection by exploiting the weaknesses in the software supply chain infrastructure, namely at the level of the development, build or signing servers. While SGX protection does not specifically take into consideration such threats, we show in the current paper that a simple malware attack exploiting a separation between the build and signing processes can have a serious damaging impact, practically nullifying SGX integrity protection measures. We also explore two possible mitigations against the attack, one centralized leveraging SGX itself, and one distributed that relies on a smart contract deployed on a blockchain infrastructure. Our evaluation shows that both methods are feasible in practice and their added costs are acceptable for the offered protection.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1907.05096/full.md

## Figures

12 figures with captions in the complete paper: https://tomesphere.com/paper/1907.05096/full.md

## References

40 references — full list in the complete paper: https://tomesphere.com/paper/1907.05096/full.md

---
Source: https://tomesphere.com/paper/1907.05096