Reply to post: Re: @Mark 85

Spectre haunts Intel's SGX defense: CPU flaws can be exploited to snoop on enclaves

lifetime security

Re: @Mark 85

You need only be able to have a vulnerability so that you can inject your code in. This can be triggered when you, for example, visit a malicious website or have a spearfishing email. Just one of the few examples. Moreover, most trusted enclaves run code in the processor's internal static ram and reference data (including keys) in the static ram itself. In theory external code can't see the internals of this static ram. That section of static ram is not cached out to the general CPU cache. These researchers found a way to cross the wall because of speculative instruction execution.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019