Cybersecurity Seminar Series – Dr. Luca Davi

Finding and Exploiting Bugs in Intel SGX Enclaves

Dr. Lucas Davi
Professor for Secure Software Systems
University of Duisburg-Essen

BIOGRAPHY
Lucas Davi is assistant professor for computer science at University of Duisburg-Essen. He studied IT-Security at Ruhr-University Bochum, Germany and received his PhD from TU Darmstadt in computer science in 2015. His research focus includes aspects of system security and trusted computing, particularly software exploitation techniques and defenses. He received best paper awards at DAC, ACM AsiaCCS, and IEEE Security & Privacy. His PhD thesis on code-reuse attacks and defenses has been awarded with the ACM SIGSAC Dissertation Award 2016.

ABSTRACT
Trusted execution environments such as Intel Software Guard Extensions (SGX) enforce strong isolation of security-critical code and data. While previous work has focused on side-channel attacks, this talk will investigate memory corruption attacks such as return-oriented programming in the context of SGX. We will demonstrate how an attacker can exploit the Intel SDK libraries to compromise enclaves and steal secret information. In addition, we will investigate the host-to-enclave boundary and its susceptibility to memory corruption attacks and how we can develop analysis approaches to detect vulnerable enclave code.