A team of international researchers from Worcester Polytechnic Institute, the University of Michigan, Katholieke Universiteit Leuven in Belgium, Graz University of Technology in Austria, Australian digital research network Data61, and Australia’s University of Adelaide disclosed a previously undiscovered vulnerability that steals information from Intel's Software Guard eXtensions (SGX), a kind of digital vault for securing users' most sensitive data.
The proof-of-concept attack—called Load Value Injection (LVI)—stems from speculative execution. The exploit allows for the raiding of information stored in the SGX enclave.
Said the researchers, “Unlike all previous Meltdown-type attacks, LVI cannot be transparently mitigated in existing processors and necessitates expensive software patches, which may slow down Intel SGX enclave computations up to 19 times."
From Ars Technica
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found