Security experts from paluno, the Ruhr Institute of Software Technology at the University of Duisburg-Essen (UDE), have developed a new technique that allows for the first time to test the dimming of protected memory areas in modern processors. Their methods found many vulnerabilities in security-critical software.

Intel’s Software Guard Extension (SGX) is a widely used technology to protect sensitive data from misuse. This helps developers protect a certain memory area from the rest of the computer. For example, a password manager can be run safely in such a residential area even if the rest of the system is compromised by malware.

However, errors often occur when programming enclaves. As early as 2020, Professor Dr. The paluno team, led by Lucas Davi, discovered and published several vulnerabilities in SGX enclaves. Now, together with partners from the CASA excellence cluster, the researchers have made another breakthrough in analysis techniques: their latest development enables testing of layout threads that is much more efficient than the symbolic implementation used previously. The idea behind blur testing is to feed a large amount of input into a program to get an idea of ​​the structure of the code.

“Because enclaves are designed not to be introverted, they cannot be easily staged,” explains Tobias Kluster, a scientist at Paluno. “Also, phasing requires nested data structures that we dynamically regenerate from the enclave code.” His partner Johannes Willbold, from the SecHuman Research College at Ruhr University Bochum, adds: “This way, the scanned regions can be analyzed without access to the source code.”

Thanks to modern phasing technology, the researchers were able to detect many previously unknown security issues. All fingerprint drivers tested, as well as wallets for storing cryptocurrency, were also affected. Hackers can use these vulnerabilities to read biometric data or steal the entire balance of stored cryptocurrency. All companies have been informed. Added three vulnerabilities to the public CVE directory. Source