Blog - A Foreshadowing of Another Exploit//Hamburg | RMBS Message Board Posts

RMBS   /  Message Board  /  Read Message



Rec'd By
Authored By
Minimum Recs
Previous Message  Next Message   Post Message   Post a Reply return to message boardtop of board
Msg  778097 of 785304  at  9/14/2018 2:20:28 PM  by


 In response to msg 777808 by  twobytebus
view thread

Re: Blog - A Foreshadowing of Another Exploit//Hamburg

Mike Hamburg, Senior Principle Engineer at Rambus’ Cryptography Research division says that Foreshadow has serious implications for SGX and VM hosts. The attack is a roadblock to SGX on consumer machines, since one cannot ask people to turn off hyperthreading in the BIOS in order to watch movies. It also “introduces two additional performance problems for VM hosts: limited hyperthreading and clearing L1 cache.” Moreover, he goes on to say that “SGX hosts will need to turn off hyperthreading, which is an additional performance hit.”

The Bottom Line


On top of the revelations that modern chips are open to attacks from Meltdown and Spectre, there is an additional exploit that has surfaced called Foreshadow, which targets the SGX feature, virtual machine software, and hyperthreading to boot. The exploit can steal information not just in personal computers, but also from third-party clouds as well. Foreshadow can access SGX-protected memory as well as extract the device’s private attestation key, undoing the security offered by the SGX feature. While no real world examples have appeared using these speculative execution exploits, it could be a matter of time before a determined attacker creates one.

     e-mail to a friend      printer-friendly     add to library      
| More
Recs: 4     Views: 91
Previous Message  Next Message   Post Message   Post a Reply return to message boardtop of board

About Us    Contact Us    Follow Us on Twitter    Members Directory    Help Center    Advertise
Not a member yet? What are you waiting for? Create Account
Want to contribute? Support InvestorVillage by donating
2003-2018 All rights reserved. User Agreement
Financial Market Data provided by