[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:10.67,Default,,0000,0000,0000,,{\i1}rc3 preroll music{\i0}
Dialogue: 0,0:00:12.24,0:00:17.52,Default,,0000,0000,0000,,Herald: So for the next talk, I have Jo\NVan Bulck, and Fritz Alder from the
Dialogue: 0,0:00:17.52,0:00:24.64,Default,,0000,0000,0000,,University of Leuven in Belgium, and David\NOswald professor for cyber security in
Dialogue: 0,0:00:24.64,0:00:29.84,Default,,0000,0000,0000,,Birmingham. They are here to talk about\Nthe trusted execution environment. You
Dialogue: 0,0:00:29.84,0:00:36.32,Default,,0000,0000,0000,,probably know from Intel and so on, and\Nyou should probably not trust it all the
Dialogue: 0,0:00:36.32,0:00:42.16,Default,,0000,0000,0000,,way because it's software and it has its\Nflaws. And so they're talking about
Dialogue: 0,0:00:42.16,0:00:47.68,Default,,0000,0000,0000,,ramming enclave gates, which is always\Ngood, a systematic vulnerability
Dialogue: 0,0:00:47.68,0:00:52.08,Default,,0000,0000,0000,,assessment of TEE shielding runtimes.\NPlease go on with your talk.
Dialogue: 0,0:00:52.08,0:00:58.69,Default,,0000,0000,0000,,Jo van Bulck: Hi, everyone. Welcome to our\Ntalk. So I'm Jo, former imec-DistriNet
Dialogue: 0,0:00:58.69,0:01:02.64,Default,,0000,0000,0000,,research group at KU Leuven. And\Ntoday joining me are Fritz, also from
Dialogue: 0,0:01:02.64,0:01:06.80,Default,,0000,0000,0000,,Leuven and David from the University of\NBirmingham. And we have this very exciting
Dialogue: 0,0:01:06.80,0:01:11.44,Default,,0000,0000,0000,,topic to talk about, ramming enclave\Ngates. But before we dive into that, I
Dialogue: 0,0:01:11.44,0:01:16.40,Default,,0000,0000,0000,,think most of you will not know what are\Nenclave's, let alone what are these TEEs.
Dialogue: 0,0:01:16.40,0:01:23.52,Default,,0000,0000,0000,,So let me first start with some analogy.\NSo enclave's are essentially a sort of a
Dialogue: 0,0:01:23.52,0:01:29.52,Default,,0000,0000,0000,,secure fortress in the processor, in the\NCPU. And so it's an encrypted memory
Dialogue: 0,0:01:29.52,0:01:36.96,Default,,0000,0000,0000,,region that is exclusively accessible from\Nthe inside. And what we know from the last
Dialogue: 0,0:01:36.96,0:01:41.56,Default,,0000,0000,0000,,history of fortress attacks and defenses,\Nof course, is that when you cannot take a
Dialogue: 0,0:01:41.56,0:01:46.56,Default,,0000,0000,0000,,fortress because the walls are high and\Nstrong, you typically aim for the gates,
Dialogue: 0,0:01:46.56,0:01:51.28,Default,,0000,0000,0000,,right? That's the weakest point in any in\Nany fortress defense. And that's exactly
Dialogue: 0,0:01:51.28,0:01:57.44,Default,,0000,0000,0000,,the idea of this research. So it turns out\Nto apply to enclave's as well. And we have
Dialogue: 0,0:01:57.44,0:02:01.52,Default,,0000,0000,0000,,been ramming the enclave gates. We have\Nbeen attacking the input/output interface
Dialogue: 0,0:02:01.52,0:02:07.60,Default,,0000,0000,0000,,of the enclave. So a very simple idea, but\Nvery drastic consequences I dare to say.
Dialogue: 0,0:02:07.60,0:02:14.64,Default,,0000,0000,0000,,So this is sort of the summary of our\Nresearch. With over 40 interface
Dialogue: 0,0:02:14.64,0:02:20.48,Default,,0000,0000,0000,,sanitization vulnerabilities that we found\Nin over 8 widely used open source enclave
Dialogue: 0,0:02:20.48,0:02:27.04,Default,,0000,0000,0000,,projects. So we will go a bit into detail\Nover that in the rest of the slides. Also,
Dialogue: 0,0:02:27.04,0:02:32.40,Default,,0000,0000,0000,,a nice thing to say here is that this\Nresulted in two academic papers to date,
Dialogue: 0,0:02:32.40,0:02:38.88,Default,,0000,0000,0000,,over 7 CVEs and altogether quite some\Nresponsible disclosure, lengthy embargo
Dialogue: 0,0:02:38.88,0:02:46.10,Default,,0000,0000,0000,,periods.\NDavid Oswald: OK, so, uh, I guess we
Dialogue: 0,0:02:46.10,0:02:55.20,Default,,0000,0000,0000,,should talk about why we need such enclave\Nfortresses anyway. So if you look at a
Dialogue: 0,0:02:55.20,0:03:00.23,Default,,0000,0000,0000,,traditional kind of like operating system\Nor computer architecture, you have a very
Dialogue: 0,0:03:00.23,0:03:06.13,Default,,0000,0000,0000,,large trusted computing base. So you, for\Ninstance, on the laptop that you most
Dialogue: 0,0:03:06.13,0:03:12.26,Default,,0000,0000,0000,,likely use to watch this talk, you\Ntrust the kernel, you trust maybe a
Dialogue: 0,0:03:12.26,0:03:16.91,Default,,0000,0000,0000,,hypervisor if you have and the whole\Nhardware under the systems: a CPU,
Dialogue: 0,0:03:16.91,0:03:23.12,Default,,0000,0000,0000,,memory, maybe hard drive, a trusted\Nplatform module and the like. So actually
Dialogue: 0,0:03:23.12,0:03:28.83,Default,,0000,0000,0000,,the problem is here with such a large TCB,\Ntrusted computing base, you can also have
Dialogue: 0,0:03:28.83,0:03:35.52,Default,,0000,0000,0000,,vulnerabilities basically everywhere. And\Nalso malware hiding in all these parts. So
Dialogue: 0,0:03:35.52,0:03:41.95,Default,,0000,0000,0000,,the idea of this enclaved execution is as\Nwe find, for instance, in Intel SGX, which
Dialogue: 0,0:03:41.95,0:03:48.41,Default,,0000,0000,0000,,is built into most recent Intel\Nprocessors, is that you take most of the
Dialogue: 0,0:03:48.41,0:03:54.08,Default,,0000,0000,0000,,software stack between an actual\Napplication, here the enclave app and the
Dialogue: 0,0:03:54.08,0:04:01.00,Default,,0000,0000,0000,,actual CPU out of the TCB. So now you only\Ntrust really the CPU and of course, you
Dialogue: 0,0:04:01.00,0:04:05.15,Default,,0000,0000,0000,,trust your own code, but you don't have to\Ntrust the OS anymore. And SGX, for
Dialogue: 0,0:04:05.15,0:04:10.05,Default,,0000,0000,0000,,instance, promises to protect against an\Nattacker who has achieved root in the
Dialogue: 0,0:04:10.05,0:04:14.69,Default,,0000,0000,0000,,operating system. And even depending on\Nwho you ask against, for instance, a
Dialogue: 0,0:04:14.69,0:04:20.86,Default,,0000,0000,0000,,malicious cloud provider. So imagine you\Nrun your application on the cloud and then
Dialogue: 0,0:04:20.86,0:04:26.72,Default,,0000,0000,0000,,you can still run your code in a trusted\Nway with hardware level isolation. And you
Dialogue: 0,0:04:26.72,0:04:30.75,Default,,0000,0000,0000,,have attestation and so on. And you don't\Nno longer really have to trust even the
Dialogue: 0,0:04:30.75,0:04:40.50,Default,,0000,0000,0000,,administrator. So the problem is, of\Ncourse, that attack surface remains, so
Dialogue: 0,0:04:40.50,0:04:47.38,Default,,0000,0000,0000,,previous attacks and some of them, I think\Nwill also be presented at this remote
Dialogue: 0,0:04:47.38,0:04:52.40,Default,,0000,0000,0000,,Congress this year, have targeted\Nvulnerabilities in the microarchitecture
Dialogue: 0,0:04:52.40,0:04:58.59,Default,,0000,0000,0000,,of the CPU. So you are hacking basically\Nthe hardware level. So you had foreshadow,
Dialogue: 0,0:04:58.59,0:05:05.71,Default,,0000,0000,0000,,you had microarchitectural data sampling,\Nspectre and LVI and the like. But what
Dialogue: 0,0:05:05.71,0:05:10.18,Default,,0000,0000,0000,,less attention has been paid to and what\Nwe'll talk about more in this presentation
Dialogue: 0,0:05:10.18,0:05:17.03,Default,,0000,0000,0000,,is the software level inside the enclave,\Nwhich I hinted at, that there is some
Dialogue: 0,0:05:17.03,0:05:22.36,Default,,0000,0000,0000,,software that you trust. But now we'll\Nlook in more detail into what actually is
Dialogue: 0,0:05:22.36,0:05:30.30,Default,,0000,0000,0000,,in such an enclave. Now from the\Nsoftware side. So can an attacker exploit
Dialogue: 0,0:05:30.30,0:05:34.30,Default,,0000,0000,0000,,any classical software vulnerabilities in\Nthe enclave?
Dialogue: 0,0:05:35.52,0:05:40.88,Default,,0000,0000,0000,,Jo: Yes David, that's quite an interesting\Napproach, right? Let's aim for the
Dialogue: 0,0:05:40.88,0:05:45.20,Default,,0000,0000,0000,,software. So we have to understand what is\Nthe software landscape out there for these
Dialogue: 0,0:05:45.20,0:05:49.76,Default,,0000,0000,0000,,SGX enclaves and TEEs in general. So\Nthat's what we did. We started with an
Dialogue: 0,0:05:49.76,0:05:53.76,Default,,0000,0000,0000,,analysis and you see some screenshots\Nhere. This is actually a growing open
Dialogue: 0,0:05:53.76,0:05:58.96,Default,,0000,0000,0000,,source ecosystem. Many, many of these\Nruntimes, library operating systems, SDKs.
Dialogue: 0,0:05:58.96,0:06:03.76,Default,,0000,0000,0000,,And before we dive into the details, I\Nwant to stand still with what is the
Dialogue: 0,0:06:03.76,0:06:09.76,Default,,0000,0000,0000,,common factor that all of them share,\Nright? What is kind of the idea of these
Dialogue: 0,0:06:09.76,0:06:17.04,Default,,0000,0000,0000,,enclave development environments? So here,\Nwhat any TEE, trusted execution
Dialogue: 0,0:06:17.04,0:06:22.40,Default,,0000,0000,0000,,environment gives you is this notion of a\Nsecure enclave oasis in a hostile
Dialogue: 0,0:06:22.40,0:06:27.20,Default,,0000,0000,0000,,environment. And you can do secure\Ncomputations in the green box while the
Dialogue: 0,0:06:27.20,0:06:33.44,Default,,0000,0000,0000,,outside world is burning. As with any\Ndefense mechanism, as I said earlier, the
Dialogue: 0,0:06:33.44,0:06:37.68,Default,,0000,0000,0000,,devil is in the details and typically at\Nthe gate, right? So how do you mediate
Dialogue: 0,0:06:37.68,0:06:42.88,Default,,0000,0000,0000,,between that untrusted world where the\Ndesert is on fire, and the secure oasis in
Dialogue: 0,0:06:42.88,0:06:48.48,Default,,0000,0000,0000,,the enclave? And the intuition here is\Nthat you need some sort of intermediary
Dialogue: 0,0:06:48.48,0:06:53.04,Default,,0000,0000,0000,,software layer, what we call a shielding\Nruntime. So it kind of makes a secure
Dialogue: 0,0:06:53.04,0:06:57.76,Default,,0000,0000,0000,,bridge to go from the untrusted world to\Nthe enclave and back. And that's what we
Dialogue: 0,0:06:57.76,0:07:03.68,Default,,0000,0000,0000,,are interested in. To see, what kind of\Nsecurity checks you need to do there. So
Dialogue: 0,0:07:03.68,0:07:07.68,Default,,0000,0000,0000,,it's quite a beautiful picture you have on\Nthe right, the fertile enclave and on the
Dialogue: 0,0:07:07.68,0:07:13.68,Default,,0000,0000,0000,,left the hostile desert. And we make this\Nsecure bridge in between. And what we are
Dialogue: 0,0:07:13.68,0:07:19.52,Default,,0000,0000,0000,,interested in is what if it goes wrong?\NWhat if your bridge itself is flawed? So
Dialogue: 0,0:07:19.52,0:07:25.60,Default,,0000,0000,0000,,to answer that question, we look at that\Nyellow box and we ask what kind of
Dialogue: 0,0:07:25.60,0:07:30.40,Default,,0000,0000,0000,,sanitization, what kind of security checks\Ndo you need to apply when you go from the
Dialogue: 0,0:07:30.40,0:07:35.36,Default,,0000,0000,0000,,outside to the inside and back from the\Ninside to the outside. And one of the key
Dialogue: 0,0:07:35.36,0:07:38.96,Default,,0000,0000,0000,,contributions that we have built up in the\Npast two years of this research, I think,
Dialogue: 0,0:07:38.96,0:07:45.92,Default,,0000,0000,0000,,is that that yellow box can be subdivided\Ninto 2 smaller subsequent layers. And the
Dialogue: 0,0:07:45.92,0:07:51.44,Default,,0000,0000,0000,,first one is this ABI, application binary\Ninterface, very low level CPU state. And
Dialogue: 0,0:07:51.44,0:07:54.64,Default,,0000,0000,0000,,the second one is what we call API,\Napplication programing interface. So
Dialogue: 0,0:07:54.64,0:07:58.16,Default,,0000,0000,0000,,that's the kind of state that is already\Nvisible at the programing language. In the
Dialogue: 0,0:07:58.16,0:08:02.40,Default,,0000,0000,0000,,remainder of the presentation, we will\Nkind of guide you through some relevant
Dialogue: 0,0:08:02.40,0:08:06.08,Default,,0000,0000,0000,,vulnerabilities on both these layers to\Ngive you an understanding of what this
Dialogue: 0,0:08:06.08,0:08:11.76,Default,,0000,0000,0000,,means. So first, Fritz will guide you to\Nthe exciting low level landscape of the
Dialogue: 0,0:08:11.76,0:08:15.44,Default,,0000,0000,0000,,ABI.\NFritz: Yeah, exactly. And Jo, you just
Dialogue: 0,0:08:15.44,0:08:21.84,Default,,0000,0000,0000,,said it's the CPU state and it's the\Napplication binary interface. But let's
Dialogue: 0,0:08:21.84,0:08:27.20,Default,,0000,0000,0000,,take a look at what this means, actually.\NSo it means basically that the attacker
Dialogue: 0,0:08:27.20,0:08:39.35,Default,,0000,0000,0000,,controls the CPU register contents and\Nthat... On every enclave entry and every
Dialogue: 0,0:08:39.35,0:08:46.48,Default,,0000,0000,0000,,enclave exit, we need to perform some\Ntasks. So that's the enclave and the
Dialogue: 0,0:08:46.48,0:08:56.56,Default,,0000,0000,0000,,trusted runtime have some like, well\Ninitialized CPU state and the compiler can
Dialogue: 0,0:08:56.56,0:09:03.36,Default,,0000,0000,0000,,work with the calling conventions that it\Nexpects. So these are basically the key
Dialogue: 0,0:09:03.36,0:09:09.12,Default,,0000,0000,0000,,part. We need to initialize the CPU\Nregisters when entering the enclave and
Dialogue: 0,0:09:09.12,0:09:15.52,Default,,0000,0000,0000,,scrubbing them when we exiting the\Nenclave. So we can't just assume anything
Dialogue: 0,0:09:15.52,0:09:20.96,Default,,0000,0000,0000,,that the attacker gives us as a given. We\Nhave to initialize it to something proper.
Dialogue: 0,0:09:20.96,0:09:30.32,Default,,0000,0000,0000,,And we looked at multiple TEE runtimes and\Nmultiple TEEs and we found a lot of
Dialogue: 0,0:09:30.32,0:09:37.84,Default,,0000,0000,0000,,vulnerabilities in this ABI layer. And one\Nkey insight of this analysis is basically
Dialogue: 0,0:09:37.84,0:09:45.12,Default,,0000,0000,0000,,that a lot of these vulnerabilities happen\Non complex instruction set processors, so
Dialogue: 0,0:09:45.12,0:09:51.76,Default,,0000,0000,0000,,on CISC processors and basically on the\NIntel SGX TEE. We also looked at some RISC
Dialogue: 0,0:09:51.76,0:09:57.84,Default,,0000,0000,0000,,processors and of course, it's not\Nrepresentative, but it's like immediately
Dialogue: 0,0:09:57.84,0:10:06.00,Default,,0000,0000,0000,,visible that the complex x86 ABI seems to\Nbe... have a way higher, larger attack
Dialogue: 0,0:10:06.00,0:10:13.76,Default,,0000,0000,0000,,surface than the simpler RISC designs. So\Nlet's take a look at one example of this
Dialogue: 0,0:10:13.76,0:10:20.08,Default,,0000,0000,0000,,more complex design. So, for example,\Nthere's the x86 string instructions that
Dialogue: 0,0:10:20.08,0:10:26.80,Default,,0000,0000,0000,,are controlled by the direction flag. So\Nthere's a special x86 rep instruction that
Dialogue: 0,0:10:26.80,0:10:33.20,Default,,0000,0000,0000,,basically allows you to perform streamed\Nmemory operations. So if you do a memset
Dialogue: 0,0:10:33.20,0:10:40.96,Default,,0000,0000,0000,,on a buffer, this will be compiled to the\Nrep string operation instruction. And the
Dialogue: 0,0:10:40.96,0:10:50.72,Default,,0000,0000,0000,,idea here is basically that the buffer is\Nread from left to right and written over
Dialogue: 0,0:10:50.72,0:10:56.88,Default,,0000,0000,0000,,it by memset. But this direction flag also\Nallows you to go through it from right to
Dialogue: 0,0:10:56.88,0:11:03.20,Default,,0000,0000,0000,,left. So backwards. Let's not think about\Nwhy this was a good idea or why this is
Dialogue: 0,0:11:03.20,0:11:08.72,Default,,0000,0000,0000,,needed. But definitely it is possible to\Njust set the direction flag to one and run
Dialogue: 0,0:11:08.72,0:11:16.00,Default,,0000,0000,0000,,this buffer backwards. And what we found\Nout is that the System-V ABI actually says
Dialogue: 0,0:11:16.00,0:11:21.12,Default,,0000,0000,0000,,that this must be clear or set to\Nforward on function entry and return.
Dialogue: 0,0:11:21.12,0:11:26.88,Default,,0000,0000,0000,,And that compilers expect this to happen.\NSo let's take a look at this when we do
Dialogue: 0,0:11:26.88,0:11:33.84,Default,,0000,0000,0000,,this in our enclave. So in our enclave,\Nwhen we, in our trusted application,
Dialogue: 0,0:11:33.84,0:11:39.68,Default,,0000,0000,0000,,perform this memset on our buffer, on\Nnormal entry with the normal direction
Dialogue: 0,0:11:39.68,0:11:45.04,Default,,0000,0000,0000,,flag this just means that we walk this\Nbuffer from front to back. So you can see
Dialogue: 0,0:11:45.04,0:11:51.68,Default,,0000,0000,0000,,here it just runs correctly from front to\Nback. But now, if the attacker enters the
Dialogue: 0,0:11:51.68,0:11:58.88,Default,,0000,0000,0000,,enclave with the direction flag set to 1\Nso set to run backwards, this now means
Dialogue: 0,0:11:58.88,0:12:05.84,Default,,0000,0000,0000,,that from the start of our buffer. So from\Nwhere the pointer points right now, you
Dialogue: 0,0:12:05.84,0:12:10.64,Default,,0000,0000,0000,,can now see it actually runs backwards. So\Nthat's a problem. And that's definitely
Dialogue: 0,0:12:10.64,0:12:16.19,Default,,0000,0000,0000,,something that we don't want in our\Ntrusted applications because, well, as you
Dialogue: 0,0:12:16.19,0:12:22.88,Default,,0000,0000,0000,,can think, it allows you to overwrite keys\Nthat are in the memory location that you
Dialogue: 0,0:12:22.88,0:12:27.28,Default,,0000,0000,0000,,can go backwards. It allows you to read\Nout things, that's definitely not
Dialogue: 0,0:12:27.28,0:12:32.96,Default,,0000,0000,0000,,something that is useful. And when we\Nreported this, this actually got a nice
Dialogue: 0,0:12:32.96,0:12:38.96,Default,,0000,0000,0000,,CVE assigned with the base score High, as\Nyou can see here on the next slide. And
Dialogue: 0,0:12:38.96,0:12:46.80,Default,,0000,0000,0000,,while you may say, OK, well, that's one\Ninstance. And you just have to think of
Dialogue: 0,0:12:46.80,0:12:54.40,Default,,0000,0000,0000,,all the flags to sanitize and all the\Nflags to check. But wait, of course,
Dialogue: 0,0:12:54.40,0:13:02.96,Default,,0000,0000,0000,,there's always more, right? So as we found\Nout, there's actually the floating point
Dialogue: 0,0:13:02.96,0:13:07.44,Default,,0000,0000,0000,,unit, which comes with a like, whole lot\Nof other registers and a whole lot of
Dialogue: 0,0:13:07.44,0:13:17.04,Default,,0000,0000,0000,,other things to exploit. And I will spare\Nyou all the details. But just for this
Dialogue: 0,0:13:17.04,0:13:25.70,Default,,0000,0000,0000,,presentation, just know that there is an\Nolder x87 FPU and a new SSE that does
Dialogue: 0,0:13:25.70,0:13:31.92,Default,,0000,0000,0000,,vector floating point operations. So\Nthere's the FPU control word and the MXCSR
Dialogue: 0,0:13:31.92,0:13:39.85,Default,,0000,0000,0000,,register for these newer instructions. And\Nthis x87 FPU is older, but it's still used
Dialogue: 0,0:13:39.85,0:13:45.68,Default,,0000,0000,0000,,for example, for extended precision, like\Nlong double variables. So old and new
Dialogue: 0,0:13:45.68,0:13:49.12,Default,,0000,0000,0000,,doesn't really apply here because both are\Nstill relevant. And that's kind of the
Dialogue: 0,0:13:49.12,0:13:58.16,Default,,0000,0000,0000,,thing with x86 and x87 here. That old\Narchaic things that you could say are
Dialogue: 0,0:13:58.16,0:14:03.28,Default,,0000,0000,0000,,outdated, are still relevant or are still\Nused nowadays. And again, if you look at
Dialogue: 0,0:14:03.28,0:14:09.20,Default,,0000,0000,0000,,the System-V ABI now, we saw that these\Ncontrol bits are callee-saved. So they are
Dialogue: 0,0:14:09.20,0:14:13.68,Default,,0000,0000,0000,,preserved across function calls. And the\Nidea here is which to some degree holds
Dialogue: 0,0:14:13.68,0:14:22.40,Default,,0000,0000,0000,,merit, is that these are some global\Nstates that you can set and they are all
Dialogue: 0,0:14:22.40,0:14:27.68,Default,,0000,0000,0000,,transferred within one application. So one\Napplication can set some global state and
Dialogue: 0,0:14:27.68,0:14:35.28,Default,,0000,0000,0000,,keep the state across all its usage. But\Nthe problem here as you can see here is
Dialogue: 0,0:14:35.28,0:14:39.76,Default,,0000,0000,0000,,our application or enclave is basically\None application, and we don't want our
Dialogue: 0,0:14:39.76,0:14:44.48,Default,,0000,0000,0000,,attacker to have control over the global\Nstate within our trusted application,
Dialogue: 0,0:14:44.48,0:14:52.50,Default,,0000,0000,0000,,right? So what happens if FPU settings are\Npreserved across calls? Well, on a normal,
Dialogue: 0,0:14:52.50,0:14:57.76,Default,,0000,0000,0000,,for a normal user, let's say we just do\Nsome calculation inside the enclave. Like
Dialogue: 0,0:14:57.76,0:15:03.28,Default,,0000,0000,0000,,2.1 times 3.4, which just nicely\Ncalculates to a 7.14, a long double.
Dialogue: 0,0:15:03.28,0:15:09.68,Default,,0000,0000,0000,,That's nice, right? But what happens if\Nthe attacker now enters the enclave with
Dialogue: 0,0:15:09.68,0:15:15.68,Default,,0000,0000,0000,,some corrupt precision and rounding modes\Nfor the FPU? Well, then we actually get
Dialogue: 0,0:15:15.68,0:15:21.52,Default,,0000,0000,0000,,another result. So we get distorted\Nresults with a lower precision and a
Dialogue: 0,0:15:21.52,0:15:26.40,Default,,0000,0000,0000,,different rounding mode. So actually it's\Nrounding down here, whenever it exceeds
Dialogue: 0,0:15:26.40,0:15:31.28,Default,,0000,0000,0000,,the precision. And this is something we\Ndon't want, right? So this is something
Dialogue: 0,0:15:31.28,0:15:38.24,Default,,0000,0000,0000,,where the developer expects a certain\Nprecision or long double precision, but
Dialogue: 0,0:15:38.24,0:15:43.84,Default,,0000,0000,0000,,the attacker could actually just reduce it\Nto a very short position. And we reported
Dialogue: 0,0:15:43.84,0:15:49.76,Default,,0000,0000,0000,,this and we actually found this issue also\Nin Microsoft OpenEnclave. That's why it's
Dialogue: 0,0:15:49.76,0:15:55.60,Default,,0000,0000,0000,,marked as not exploitable here. But what\Nwe found interesting is that the Intel SGX
Dialogue: 0,0:15:55.60,0:16:01.20,Default,,0000,0000,0000,,SDK, which was vulnerable, patched this\Nwith some xrstore instruction, which
Dialogue: 0,0:16:01.20,0:16:10.40,Default,,0000,0000,0000,,completely restores the extended state to\Na known value, while OpenEnclave only
Dialogue: 0,0:16:10.40,0:16:16.32,Default,,0000,0000,0000,,restored the specific register that was\Naffected, the ldmxcsr instruction. And
Dialogue: 0,0:16:16.32,0:16:19.60,Default,,0000,0000,0000,,so let's just skip over the next few\Nslides here, because I just want to give
Dialogue: 0,0:16:19.60,0:16:27.12,Default,,0000,0000,0000,,you the idea that this was not enough. So\Nwe found out that even if you restored
Dialogue: 0,0:16:27.12,0:16:32.64,Default,,0000,0000,0000,,this specific register, there's still\Nanother data register that you can just
Dialogue: 0,0:16:32.64,0:16:40.00,Default,,0000,0000,0000,,mark as in use before entering the enclave\Nand with which the attacker can make that
Dialogue: 0,0:16:40.00,0:16:45.60,Default,,0000,0000,0000,,any floating point calculation results in\Na not a number. And this is silent, so
Dialogue: 0,0:16:45.60,0:16:50.08,Default,,0000,0000,0000,,this is not programing language specific,\Nthis is not developer specific. This is a
Dialogue: 0,0:16:50.08,0:16:55.84,Default,,0000,0000,0000,,silent ABI issue that the calculations are\Njust not a number. So we also reported
Dialogue: 0,0:16:55.84,0:17:03.60,Default,,0000,0000,0000,,this. And now, thankfully, all enclave\Nruntimes use this full xrstor instruction
Dialogue: 0,0:17:03.60,0:17:09.60,Default,,0000,0000,0000,,to fully restore this extended state. So\Nit took two CVEs, but now luckily, they
Dialogue: 0,0:17:09.60,0:17:15.76,Default,,0000,0000,0000,,all perform this nice full restore. So I\Ndon't want to go to the full details of
Dialogue: 0,0:17:15.76,0:17:21.28,Default,,0000,0000,0000,,our use cases now or of our case studies\Nthat we did now. So let me just give you
Dialogue: 0,0:17:21.28,0:17:29.44,Default,,0000,0000,0000,,the ideas of these case studies. So we\Nlooked at these issues and wanted to look
Dialogue: 0,0:17:29.44,0:17:36.80,Default,,0000,0000,0000,,into whether they just feel difficult or\Nwhether they are bad. And we found that we
Dialogue: 0,0:17:36.80,0:17:41.68,Default,,0000,0000,0000,,can use overflows as a side channel to\Ndeduce secrets. So, for example, the
Dialogue: 0,0:17:41.68,0:17:49.12,Default,,0000,0000,0000,,attacker could use this register to unmask\Nexceptions, that inside the
Dialogue: 0,0:17:49.12,0:17:58.40,Default,,0000,0000,0000,,enclave are then triggered by some input\Ndependent multiplication. And we found out
Dialogue: 0,0:17:58.40,0:18:03.04,Default,,0000,0000,0000,,that these side channels if you have some\Ninput dependent multiplication can
Dialogue: 0,0:18:03.04,0:18:11.92,Default,,0000,0000,0000,,actually be used in the enclave to perform\Na binary search on this input space. And
Dialogue: 0,0:18:11.92,0:18:16.88,Default,,0000,0000,0000,,we can actually retrieve this\Nmultiplication secret with a deterministic
Dialogue: 0,0:18:16.88,0:18:23.92,Default,,0000,0000,0000,,number of steps. So even though we just\Nhave a single mask we flip, we can
Dialogue: 0,0:18:23.92,0:18:31.76,Default,,0000,0000,0000,,actually retrieve a secret with\Ndeterministic steps. And just for the, just
Dialogue: 0,0:18:31.76,0:18:36.56,Default,,0000,0000,0000,,so that you know, there's more you can do.\NWe can also do machine learning in the
Dialogue: 0,0:18:36.56,0:18:44.08,Default,,0000,0000,0000,,enclave. So Jo said it nicely, you can run\Nit inside the TEE, inside the cloud. And
Dialogue: 0,0:18:44.08,0:18:47.76,Default,,0000,0000,0000,,that's great for machine learning, right?\NSo let's do a handwritten digit
Dialogue: 0,0:18:47.76,0:18:55.20,Default,,0000,0000,0000,,recognition. And if you look at just the\Nmodel that we look at, we just have two
Dialogue: 0,0:18:55.20,0:19:00.56,Default,,0000,0000,0000,,users where one user pushes some\Nmachine learning model and the other user
Dialogue: 0,0:19:00.56,0:19:05.52,Default,,0000,0000,0000,,pushes some input and everything is\Nprotected with enclaves, right?
Dialogue: 0,0:19:05.52,0:19:10.96,Default,,0000,0000,0000,,Everything is secure. But we actually\Nfound out that we can poison these FPU
Dialogue: 0,0:19:10.96,0:19:18.32,Default,,0000,0000,0000,,registers and degrade the performance of\Nthis machine learning down from all digits
Dialogue: 0,0:19:18.32,0:19:24.16,Default,,0000,0000,0000,,were predicted correctly to just eight\Npercent of digits were correctly. And
Dialogue: 0,0:19:24.16,0:19:31.60,Default,,0000,0000,0000,,actually all digits were just predicting\Nthe same number. And this basically made
Dialogue: 0,0:19:31.60,0:19:37.52,Default,,0000,0000,0000,,this machine learning model useless,\Nright? There's more we did so we can also
Dialogue: 0,0:19:37.52,0:19:42.32,Default,,0000,0000,0000,,attack blender with image differences,\Nslight image differences between blender
Dialogue: 0,0:19:42.32,0:19:48.72,Default,,0000,0000,0000,,images. But this is just for you to see\Nthat it's small, but it's a tricky thing
Dialogue: 0,0:19:48.72,0:19:56.48,Default,,0000,0000,0000,,and indicate that that can go wrong very\Nfast on the ABI level once you play around
Dialogue: 0,0:19:56.48,0:20:02.56,Default,,0000,0000,0000,,with it. So this is about the CPU state.\NAnd now we will talk more about the
Dialogue: 0,0:20:02.56,0:20:06.40,Default,,0000,0000,0000,,application programing interface that I\Nthink more of you will be comfortable
Dialogue: 0,0:20:06.40,0:20:09.44,Default,,0000,0000,0000,,with.\NDavid: Yeah, we take, uh, thank you,
Dialogue: 0,0:20:09.44,0:20:14.16,Default,,0000,0000,0000,,Fritz. We take a quite simple example. So\Nlet's assume that we actually load a
Dialogue: 0,0:20:14.16,0:20:18.56,Default,,0000,0000,0000,,standard Unix binary into such an enclave,\Nand there are frameworks that can do that,
Dialogue: 0,0:20:18.56,0:20:24.96,Default,,0000,0000,0000,,such as graphene or so. And what I want to\Nillustrate with that example is that it's
Dialogue: 0,0:20:24.96,0:20:29.68,Default,,0000,0000,0000,,actually very important to check where\Npointers come from. Because the enclave
Dialogue: 0,0:20:29.68,0:20:34.69,Default,,0000,0000,0000,,kind of partitions memory into untrusted\Nmemory and enclave memory and they live in
Dialogue: 0,0:20:34.69,0:20:40.80,Default,,0000,0000,0000,,a shared address space. So the problem\Nhere is as follows. Let's assume we have
Dialogue: 0,0:20:40.80,0:20:47.12,Default,,0000,0000,0000,,an echo binary that just prints an input.\NAnd we give it as an argument a string and
Dialogue: 0,0:20:47.12,0:20:52.72,Default,,0000,0000,0000,,that normally, when everything is fine,\Npoints to some string, let's say hello
Dialogue: 0,0:20:52.72,0:20:58.48,Default,,0000,0000,0000,,world, which is located in the untrusted\Nmemory. So if everything runs as it
Dialogue: 0,0:20:58.48,0:21:03.04,Default,,0000,0000,0000,,should, this enclave will run, will get\Nthe pointer to untrusted memory and will
Dialogue: 0,0:21:03.04,0:21:08.80,Default,,0000,0000,0000,,just print that string. But the problem is\Nnow actually the enclave has access also
Dialogue: 0,0:21:08.80,0:21:15.52,Default,,0000,0000,0000,,to its own trusted memory. So if you don't\Ncheck this pointer and the attacker passes
Dialogue: 0,0:21:15.52,0:21:20.64,Default,,0000,0000,0000,,a pointed to the secret that might live in\Nenclave memory, what will happen? Well the
Dialogue: 0,0:21:20.64,0:21:25.20,Default,,0000,0000,0000,,enclave will fetch it from there and will\Njust print it. So suddenly you have turned
Dialogue: 0,0:21:25.20,0:21:32.08,Default,,0000,0000,0000,,this kind of like into a like a memory\Ndisclosure vulnerability. And we can see
Dialogue: 0,0:21:32.08,0:21:35.84,Default,,0000,0000,0000,,that in action here for the framework\Nnamed graphene that I mentioned. So we
Dialogue: 0,0:21:35.84,0:21:40.64,Default,,0000,0000,0000,,have a very simple hello world binary and\Nwe run it with a couple of command line
Dialogue: 0,0:21:40.64,0:21:45.44,Default,,0000,0000,0000,,arguments. And now on the untrusted side,\Nwe actually change a memory address to
Dialogue: 0,0:21:45.44,0:21:50.08,Default,,0000,0000,0000,,point into enclave memory. And as you can\Nsee, normally, it should print here test,
Dialogue: 0,0:21:50.08,0:21:55.12,Default,,0000,0000,0000,,but actually it prints a super secret\Nenclave string that lived inside
Dialogue: 0,0:21:55.12,0:22:00.96,Default,,0000,0000,0000,,the memory space of the enclave. So\Nthese kind of vulnerabilities are quite
Dialogue: 0,0:22:00.96,0:22:05.60,Default,,0000,0000,0000,,well known from user to kernel research\Nand from other instances. And they're
Dialogue: 0,0:22:05.60,0:22:11.60,Default,,0000,0000,0000,,called confused deputy. So the deputy kind\Nof like has a gun now can read and if
Dialogue: 0,0:22:11.60,0:22:17.28,Default,,0000,0000,0000,,memory and suddenly then does something\Nwhich is not not supposed to do because he
Dialogue: 0,0:22:17.28,0:22:22.00,Default,,0000,0000,0000,,didn't really didn't really check where\Nthe memory should belong or not. So I
Dialogue: 0,0:22:22.00,0:22:27.60,Default,,0000,0000,0000,,think this vulnerability, uh, seems seems\Nto be quite trivial to solve. You simply
Dialogue: 0,0:22:27.60,0:22:31.68,Default,,0000,0000,0000,,check all the time where, uh, where\Npointers come from. But as you will tell,
Dialogue: 0,0:22:31.68,0:22:37.92,Default,,0000,0000,0000,,you know, it's often not quite quite that\Neasy. Yes. David, that's quite insightful
Dialogue: 0,0:22:37.92,0:22:41.84,Default,,0000,0000,0000,,that we should check all of the pointers.\NSo that's what we did. We checked all of
Dialogue: 0,0:22:41.84,0:22:46.32,Default,,0000,0000,0000,,the pointer checks and we noticed that\NEndo has a very interesting kind of all
Dialogue: 0,0:22:46.32,0:22:49.76,Default,,0000,0000,0000,,the way to check these things. Of course,\Nthe code is high quality. They checked all
Dialogue: 0,0:22:49.76,0:22:53.36,Default,,0000,0000,0000,,of the pointers, but you have to do\Nsomething special for things. We're
Dialogue: 0,0:22:53.36,0:22:57.84,Default,,0000,0000,0000,,talking here, the C programing language.\NSo things are no terminated, terminated.
Dialogue: 0,0:22:57.84,0:23:02.88,Default,,0000,0000,0000,,They end with a new byte and you can use a\Nfunction as they are struggling to compute
Dialogue: 0,0:23:02.88,0:23:05.92,Default,,0000,0000,0000,,the length of this thing. And let's see\Nhow they check whether thing that's
Dialogue: 0,0:23:05.92,0:23:10.88,Default,,0000,0000,0000,,completely outside of memory. So the first\Nstep is you compute the length of the
Dialogue: 0,0:23:10.88,0:23:15.60,Default,,0000,0000,0000,,interest, it's ten, and then you check\Nwhether the string from start to end lives
Dialogue: 0,0:23:15.60,0:23:19.28,Default,,0000,0000,0000,,completely outside of the anchor. That\Nsounds so legitimate. Then you eject the
Dialogue: 0,0:23:19.28,0:23:23.76,Default,,0000,0000,0000,,steam. So so this works beautifully. Let's\Nsee, however, how it behaves when we when
Dialogue: 0,0:23:23.76,0:23:27.44,Default,,0000,0000,0000,,we partnered. And so we are not going to\Nparse this thing has a world outside of
Dialogue: 0,0:23:27.44,0:23:34.16,Default,,0000,0000,0000,,the enclave that we pass on string secret,\None that lies within the. So the first
Dialogue: 0,0:23:34.16,0:23:38.32,Default,,0000,0000,0000,,step will be that the conclave starts\Ncomputing the length of that string that
Dialogue: 0,0:23:38.32,0:23:42.96,Default,,0000,0000,0000,,lies within the anklet. That sounds\Nalready fishy, but then luckily everything
Dialogue: 0,0:23:42.96,0:23:46.80,Default,,0000,0000,0000,,comes OK because then it will detect that\Nthis actually should never have been done
Dialogue: 0,0:23:46.80,0:23:50.88,Default,,0000,0000,0000,,and that this thing lies inside the\Nenclave. So it will reject the call so
Dialogue: 0,0:23:50.88,0:23:56.08,Default,,0000,0000,0000,,that the call into the anklet. So that's\Nfine. But but some of you who know such
Dialogue: 0,0:23:56.08,0:24:00.16,Default,,0000,0000,0000,,channels know that this is exciting\Nbecause the English did some competition
Dialogue: 0,0:24:00.16,0:24:04.08,Default,,0000,0000,0000,,it was never supposed to do. And the\Nlength of that competition depends on the
Dialogue: 0,0:24:04.08,0:24:10.48,Default,,0000,0000,0000,,amount of of non-zero bites within the\Nanklet. So what we have here is a side
Dialogue: 0,0:24:10.48,0:24:16.08,Default,,0000,0000,0000,,channel where the English will always\Nreturn false. But the time it takes to
Dialogue: 0,0:24:16.08,0:24:21.60,Default,,0000,0000,0000,,return false depends on the amount of of\Nzero bytes inside that secret Arncliffe
Dialogue: 0,0:24:21.60,0:24:26.64,Default,,0000,0000,0000,,memory block. So that's what we found. We\Nare excited and we said, OK, it's simple
Dialogue: 0,0:24:26.64,0:24:31.92,Default,,0000,0000,0000,,timing channel. Let's go with that. So we\Ndid that and you can see a graph here and
Dialogue: 0,0:24:31.92,0:24:36.48,Default,,0000,0000,0000,,it turns out it's not as easy as it seems.\NSo I can tell you that the blue one is for
Dialogue: 0,0:24:36.48,0:24:39.84,Default,,0000,0000,0000,,a string of length one, and that one is\Nfor a string of like two. But there is no
Dialogue: 0,0:24:39.84,0:24:43.76,Default,,0000,0000,0000,,way you can see that from that graph\Nbecause it said six processors are
Dialogue: 0,0:24:43.76,0:24:47.92,Default,,0000,0000,0000,,lightning fast so that one single\Nincrementing section is completely
Dialogue: 0,0:24:47.92,0:24:52.56,Default,,0000,0000,0000,,dissolves into the pipeline. You will not\Nsee that by by measuring execution time.
Dialogue: 0,0:24:52.56,0:24:59.12,Default,,0000,0000,0000,,So we need something different. And what\Nwe have smart papers and in literature,
Dialogue: 0,0:24:59.12,0:25:03.92,Default,,0000,0000,0000,,one of the very common attacks in ASICs is\Nalso something that Intel describes here.
Dialogue: 0,0:25:03.92,0:25:09.52,Default,,0000,0000,0000,,You can see which memory pages for memory\Nblocks are being accessed while the
Dialogue: 0,0:25:09.52,0:25:14.08,Default,,0000,0000,0000,,English executes because you control the\Noperating system and the paging machinery.
Dialogue: 0,0:25:14.88,0:25:19.68,Default,,0000,0000,0000,,So that's what we tried to do. We thought\Nthis is a nice channel and we were there
Dialogue: 0,0:25:19.68,0:25:24.48,Default,,0000,0000,0000,,scratching our heads, looking at that code\Nof very simple for loop that fits entirely
Dialogue: 0,0:25:24.48,0:25:29.04,Default,,0000,0000,0000,,within one page and a very short string\Nthat fits entirely within one page. So
Dialogue: 0,0:25:29.04,0:25:33.92,Default,,0000,0000,0000,,just having access to for a memory, it's\Nnot going to help us here because because
Dialogue: 0,0:25:34.56,0:25:39.44,Default,,0000,0000,0000,,votes the code and the data fit on a\Nsingle page. So this is essentially what
Dialogue: 0,0:25:39.44,0:25:44.32,Default,,0000,0000,0000,,we call the temporal resolution of the\Nsideshow. This is not accurate enough. So
Dialogue: 0,0:25:44.32,0:25:51.04,Default,,0000,0000,0000,,we need a lot of take. And well, here we\Nhave been working on quite an exciting
Dialogue: 0,0:25:51.04,0:25:55.12,Default,,0000,0000,0000,,framework. It uses indirects and it's\Ncalled as a big step. So it's a completely
Dialogue: 0,0:25:55.12,0:26:01.28,Default,,0000,0000,0000,,open source framework on Hadoop. And what\Nit allows you to do essentially is to
Dialogue: 0,0:26:01.28,0:26:05.20,Default,,0000,0000,0000,,execute an enclave one step at a time,\Nhence the name. So it allows you to
Dialogue: 0,0:26:05.20,0:26:09.04,Default,,0000,0000,0000,,interleave the execution of the enclave\Nwith attacker code after every single
Dialogue: 0,0:26:09.04,0:26:12.64,Default,,0000,0000,0000,,instruction. And the way we pull it off is\Nhighly technical. We have this Linux
Dialogue: 0,0:26:12.64,0:26:18.48,Default,,0000,0000,0000,,kernel drive around a little library\Noperating system in userspace, but that's
Dialogue: 0,0:26:18.48,0:26:23.20,Default,,0000,0000,0000,,a bit out of scope. The matter is that we\Ncan interrupt an enclave after every
Dialogue: 0,0:26:23.20,0:26:27.54,Default,,0000,0000,0000,,single restriction and then let's see what\Nwe can do with that. So. What we
Dialogue: 0,0:26:27.54,0:26:33.72,Default,,0000,0000,0000,,essentially can do here is to execute and\Nfollow up with all this extra increment
Dialogue: 0,0:26:33.72,0:26:38.92,Default,,0000,0000,0000,,instructions one of the time, and after\Nevery interrupt, we can simply check
Dialogue: 0,0:26:38.92,0:26:45.07,Default,,0000,0000,0000,,whether the enclave accessed the string\Nresiding of our target. That's another way
Dialogue: 0,0:26:45.07,0:26:50.68,Default,,0000,0000,0000,,to think about it, is that we have that\Nexecution of the enclave and we can break
Dialogue: 0,0:26:50.68,0:26:56.100,Default,,0000,0000,0000,,that up into individual steps and then\Njust count the steps and hands and hands.
Dialogue: 0,0:26:56.100,0:27:03.44,Default,,0000,0000,0000,,A deterministic timing. So in other words,\Nwe have an oracle that tells you where all
Dialogue: 0,0:27:03.44,0:27:08.82,Default,,0000,0000,0000,,zero bytes are in the anklet. I don't know\Nif that's useful, actually do so. It turns
Dialogue: 0,0:27:08.82,0:27:12.74,Default,,0000,0000,0000,,out that this I mean, some people who\Nmight be born into exploitation already
Dialogue: 0,0:27:12.74,0:27:17.76,Default,,0000,0000,0000,,know that it's good to know whether zero\Nis somewhere in memory or not. And we do
Dialogue: 0,0:27:17.76,0:27:23.54,Default,,0000,0000,0000,,now do one example where we break A-S and\NIowa, which is the hardware acceleration
Dialogue: 0,0:27:23.54,0:27:29.00,Default,,0000,0000,0000,,of enterprises process for AI. So finally,\Nthat actually operates only on registers.
Dialogue: 0,0:27:29.00,0:27:34.13,Default,,0000,0000,0000,,And you just said you can kind of like do\Nthat on onepoint us on memory, but says
Dialogue: 0,0:27:34.13,0:27:38.83,Default,,0000,0000,0000,,another trick that comes into play here.\NSo whenever the enclave is interrupted, it
Dialogue: 0,0:27:38.83,0:27:44.08,Default,,0000,0000,0000,,will store its current registers, date\Nsomewhere to memory Quazi as a frame so we
Dialogue: 0,0:27:44.08,0:27:50.42,Default,,0000,0000,0000,,can actually interrupt it and clarify make\Nit right. It's memory to to it's it's
Dialogue: 0,0:27:50.42,0:27:56.84,Default,,0000,0000,0000,,register sorry to to say memory. And then\Nwe can run the zero byte oracle on this
Dialogue: 0,0:27:56.84,0:28:02.72,Default,,0000,0000,0000,,SSA a memory. And what we figure out is\Nwhere zero is or if there's any zero in
Dialogue: 0,0:28:02.72,0:28:08.75,Default,,0000,0000,0000,,the state. So I don't want to go into the\Ngory details of a yes. But what we
Dialogue: 0,0:28:08.75,0:28:15.84,Default,,0000,0000,0000,,basically do is we find whenever there's a\Nzero in the last in the state before the
Dialogue: 0,0:28:15.84,0:28:21.85,Default,,0000,0000,0000,,last round of ads and then that zero will\Ngo down to the box will be X or to a key
Dialogue: 0,0:28:21.85,0:28:27.52,Default,,0000,0000,0000,,byte, and then that will give us a cipher\Ntext. But we actually know the ciphertext
Dialogue: 0,0:28:27.52,0:28:33.60,Default,,0000,0000,0000,,byte so we can go backwards. So we can\Nkind of compute, uh, we can compute from
Dialogue: 0,0:28:33.60,0:28:39.76,Default,,0000,0000,0000,,zero up to here and from here to this X1.\NAnd that way we can compute directly one
Dialogue: 0,0:28:39.76,0:28:45.84,Default,,0000,0000,0000,,key byte. So we repeat that whole thing 16\Ntimes until we have found a zero in every
Dialogue: 0,0:28:45.84,0:28:51.46,Default,,0000,0000,0000,,bite of this state before the last round.\NAnd that way we get the whole final round
Dialogue: 0,0:28:51.46,0:28:56.29,Default,,0000,0000,0000,,key. And for those that know as if you\Nhave one round key, you have the whole key
Dialogue: 0,0:28:56.29,0:29:00.65,Default,,0000,0000,0000,,in it. So you get like the original key,\Nyou can go backwards. So sounds
Dialogue: 0,0:29:00.65,0:29:05.99,Default,,0000,0000,0000,,complicated, but it's actually a very fast\Nattack when you see it running. So here is
Dialogue: 0,0:29:05.99,0:29:11.47,Default,,0000,0000,0000,,a except doing this attack and as you can\Nsee, was in a couple of seconds and maybe
Dialogue: 0,0:29:11.47,0:29:16.34,Default,,0000,0000,0000,,five hundred twenty invocations of of\NAsir, we get the full KeIso. That's
Dialogue: 0,0:29:16.34,0:29:21.40,Default,,0000,0000,0000,,actually quite impressive, especially\Nbecause the whole uh. Yeah, one of the
Dialogue: 0,0:29:21.40,0:29:26.27,Default,,0000,0000,0000,,points in essence is that you don't put\Nanything in memory, but this is
Dialogue: 0,0:29:26.27,0:29:33.06,Default,,0000,0000,0000,,interaction with SGX, which is kind of\Nlike allows you to put stuff into into
Dialogue: 0,0:29:33.06,0:29:41.37,Default,,0000,0000,0000,,memory. So I want to wrap up here. Um, we\Nhave found various other attacks. Yeah.
Dialogue: 0,0:29:41.37,0:29:47.84,Default,,0000,0000,0000,,So, um, both in research code and in\Nproduction code, such as the Intel SDK and
Dialogue: 0,0:29:47.84,0:29:52.71,Default,,0000,0000,0000,,the Microsoft SDK. And they basically go\Nacross the whole range of foreign
Dialogue: 0,0:29:52.71,0:29:57.70,Default,,0000,0000,0000,,abilities that we have often seen already\Nfrom use it to kind of research. But there
Dialogue: 0,0:29:57.70,0:30:02.68,Default,,0000,0000,0000,,are also some, uh, some interesting new\Nnew kind of like vulnerabilities due to
Dialogue: 0,0:30:02.68,0:30:08.24,Default,,0000,0000,0000,,some of the aspects we explained. There\Nwas also a problem with all call centers
Dialogue: 0,0:30:08.24,0:30:13.77,Default,,0000,0000,0000,,when the enclave calls into untrust, the\Ncodes that is used when you want to, for
Dialogue: 0,0:30:13.77,0:30:18.74,Default,,0000,0000,0000,,instance, emulate system calls and so on.\NAnd if you return some kind of like a
Dialogue: 0,0:30:18.74,0:30:24.84,Default,,0000,0000,0000,,wrong result here, you could again go out\Nof out of bounds. And they were actually
Dialogue: 0,0:30:24.84,0:30:30.70,Default,,0000,0000,0000,,quite, quite widespread. And then finally,\Nwe also found some issues with padding,
Dialogue: 0,0:30:30.70,0:30:36.12,Default,,0000,0000,0000,,with leakage in the padding. I don't want\Nto go into details. I think we have, uh,
Dialogue: 0,0:30:36.12,0:30:40.88,Default,,0000,0000,0000,,learned a lesson here that that we also\Nknow from from the real world. And that is
Dialogue: 0,0:30:40.88,0:30:47.10,Default,,0000,0000,0000,,it's important to wash your hands. So it's\Nalso important to sanitize and state to
Dialogue: 0,0:30:47.10,0:30:54.21,Default,,0000,0000,0000,,check pointers and so on. No. So that is\Nkind of one one of the take away message
Dialogue: 0,0:30:54.21,0:30:58.58,Default,,0000,0000,0000,,is really that to build and connect\Nsecurely, yes, you need to fix all the
Dialogue: 0,0:30:58.58,0:31:03.44,Default,,0000,0000,0000,,hardware issues, but you also need to\Nwrite safe code. And for enclave's, that
Dialogue: 0,0:31:03.44,0:31:09.67,Default,,0000,0000,0000,,means you have to do a proper API and APIs\Nsanitization. And that's quite a difficult
Dialogue: 0,0:31:09.67,0:31:15.72,Default,,0000,0000,0000,,task actually, as as we've seen, I think\Nin that presentation, there's quite a
Dialogue: 0,0:31:15.72,0:31:21.07,Default,,0000,0000,0000,,large attack surface due to the attack\Nmodel, especially of intellectual X, where
Dialogue: 0,0:31:21.07,0:31:25.78,Default,,0000,0000,0000,,you can interrupt after every instruction\Nand so on. And I think for from a research
Dialogue: 0,0:31:25.78,0:31:31.89,Default,,0000,0000,0000,,perspective, there's really a need for a\Nmore. Approach, then just continue if you
Dialogue: 0,0:31:31.89,0:31:38.01,Default,,0000,0000,0000,,want, maybe we can learn something from\Nfrom the user to analogy which which I
Dialogue: 0,0:31:38.01,0:31:43.73,Default,,0000,0000,0000,,invoked, I think a couple of times so we\Ncan learn kind of like how what an enclave
Dialogue: 0,0:31:43.73,0:31:48.65,Default,,0000,0000,0000,,should do, uh, from from what we know\Nabout what a colonel should do. But they
Dialogue: 0,0:31:48.65,0:31:54.24,Default,,0000,0000,0000,,are quite important differences also that\Nneed to be taken account. So I think, as
Dialogue: 0,0:31:54.24,0:31:59.67,Default,,0000,0000,0000,,you said, all all our code is is open\Nsource. So you can find that on the below
Dialogue: 0,0:31:59.67,0:32:07.02,Default,,0000,0000,0000,,GitHub links and you can, of course, ask\Nalso questions after you have watched this
Dialogue: 0,0:32:07.02,0:32:15.08,Default,,0000,0000,0000,,talk. So thank you very much. Hello, so\Nback again. Here are the questions. Hello
Dialogue: 0,0:32:15.08,0:32:21.68,Default,,0000,0000,0000,,to see your life. Um, we have no questions\Nyet, so you can put up questions in the
Dialogue: 0,0:32:21.68,0:32:28.20,Default,,0000,0000,0000,,see below if you have questions. And on\Nthe other hand. Oh, let me make close this
Dialogue: 0,0:32:28.20,0:32:36.75,Default,,0000,0000,0000,,up so I'll ask you some questions. How did\Nyou come about this topic and how did you
Dialogue: 0,0:32:36.75,0:32:43.48,Default,,0000,0000,0000,,meet? Uh, well, that's actually\Ninteresting. I think this such as has been
Dialogue: 0,0:32:43.48,0:32:50.16,Default,,0000,0000,0000,,building up over the years. Um, and it's\Nso, so, so I think some some of the
Dialogue: 0,0:32:50.16,0:32:56.69,Default,,0000,0000,0000,,vulnerabilities from our initial paper, I\Nactually started in my master's thesis to
Dialogue: 0,0:32:56.69,0:33:01.76,Default,,0000,0000,0000,,sort of see and collect and we didn't\Nreally see the big picture until I think I
Dialogue: 0,0:33:01.76,0:33:06.77,Default,,0000,0000,0000,,met David and his colleagues from\NBirmingham at an event in London, the nice
Dialogue: 0,0:33:06.77,0:33:11.33,Default,,0000,0000,0000,,conference. And then we we started to\Ncollaborate on this and we went to look at
Dialogue: 0,0:33:11.33,0:33:14.96,Default,,0000,0000,0000,,this a bit more systematic. So I started\Nwith this whole list of vulnerabilities
Dialogue: 0,0:33:14.96,0:33:19.88,Default,,0000,0000,0000,,and then with with David, we kind of made\Nit into a more systematic analysis. And
Dialogue: 0,0:33:19.88,0:33:26.36,Default,,0000,0000,0000,,and that was sort of a Pandora's box. I\Ndare to say from the moment on this, this
Dialogue: 0,0:33:26.36,0:33:32.00,Default,,0000,0000,0000,,kind of same errors being repeated. And\Nthen also Fitzhugh, who recently joined
Dialogue: 0,0:33:32.00,0:33:36.24,Default,,0000,0000,0000,,our team in London, started working\Ntogether with us on one or more of these
Dialogue: 0,0:33:36.24,0:33:40.52,Default,,0000,0000,0000,,low level Sebu estate. And that's the\NPandora's box in itself. I would say,
Dialogue: 0,0:33:40.52,0:33:46.51,Default,,0000,0000,0000,,especially one of the lessons, as we said,\Nthat particular six is extremely complex.
Dialogue: 0,0:33:46.51,0:33:51.23,Default,,0000,0000,0000,,And it turns out that almost all of that\Ncomplexity, I would say, can be abused,
Dialogue: 0,0:33:51.23,0:33:55.90,Default,,0000,0000,0000,,potentially biodiversity. So it's more\Nlike a fractal in a fraction of a fractal
Dialogue: 0,0:33:55.90,0:34:01.83,Default,,0000,0000,0000,,where you're opening a box and you're\Ngetting more and more of questions out of
Dialogue: 0,0:34:01.83,0:34:08.73,Default,,0000,0000,0000,,that. In a way, I think. Yes, I think it's\Nfair to say this this research is not the
Dialogue: 0,0:34:08.73,0:34:13.57,Default,,0000,0000,0000,,final answer to to this, but it's an\Nattempt to to give a systematic way of
Dialogue: 0,0:34:13.57,0:34:19.07,Default,,0000,0000,0000,,looking at probably never ending up\Nactually funding is. So there is a
Dialogue: 0,0:34:19.07,0:34:26.03,Default,,0000,0000,0000,,question from the Internet. So are there\Nany other circumstances where he has
Dialogue: 0,0:34:26.03,0:34:33.19,Default,,0000,0000,0000,,Mianus and he is writing its registers\Ninto memory, or is this executed exclusive
Dialogue: 0,0:34:33.19,0:34:44.16,Default,,0000,0000,0000,,to SGX? So I repeat, I do not understand\Nthe question either, so, so well, I think
Dialogue: 0,0:34:44.16,0:34:49.28,Default,,0000,0000,0000,,the question is that this is a tactical\Ndefeat. Prison depends on, of course,
Dialogue: 0,0:34:50.00,0:34:54.72,Default,,0000,0000,0000,,having a memory disclosure about the\Ncontent and people that are accusing us
Dialogue: 0,0:34:54.72,0:34:58.96,Default,,0000,0000,0000,,except to kind of forcibly right the\Nmemory content of the content into memory.
Dialogue: 0,0:35:00.00,0:35:05.04,Default,,0000,0000,0000,,So that is definitely a specific um.\NHowever, I would say one of the the
Dialogue: 0,0:35:05.04,0:35:08.96,Default,,0000,0000,0000,,lessons from the past five years of\Nresearch is that often these things
Dialogue: 0,0:35:08.96,0:35:13.20,Default,,0000,0000,0000,,generalize beyond the six and at least the\Ngeneral concept of, let's say, the
Dialogue: 0,0:35:13.20,0:35:18.88,Default,,0000,0000,0000,,insights that sebu, that justice end up in\Nmemory one way or another sooner or later.
Dialogue: 0,0:35:18.88,0:35:23.04,Default,,0000,0000,0000,,I think that also applies to creating\Nsystems that if you somehow can force an
Dialogue: 0,0:35:23.04,0:35:26.08,Default,,0000,0000,0000,,operating system to complex, which pertain\Nto applications, that you also have to
Dialogue: 0,0:35:27.20,0:35:32.16,Default,,0000,0000,0000,,register temporarily in memory. So if you\Nwould have something similar like what we
Dialogue: 0,0:35:32.16,0:35:37.20,Default,,0000,0000,0000,,have in an operating system, Colonel, you\Nwould potentially mount a similar attack.
Dialogue: 0,0:35:37.76,0:35:43.68,Default,,0000,0000,0000,,But maybe David wants to say something\Nabout operating systems there as well. No,
Dialogue: 0,0:35:43.68,0:35:48.24,Default,,0000,0000,0000,,no, not really. I think, like one one\Nthing that helps with SGX is that you have
Dialogue: 0,0:35:48.24,0:35:53.20,Default,,0000,0000,0000,,very precise control, as you explained,\Nwhich was the interrupts and stuff because
Dialogue: 0,0:35:53.20,0:35:58.08,Default,,0000,0000,0000,,you were your route outside the outside\Nthe enclave. So you can signal step
Dialogue: 0,0:35:58.08,0:36:03.28,Default,,0000,0000,0000,,essentially the whole enclave where it's\Nlike, um, interrupting the operating
Dialogue: 0,0:36:03.28,0:36:08.32,Default,,0000,0000,0000,,system. Exactly repeatedly at exactly the\Npoint you want or some other process also
Dialogue: 0,0:36:09.12,0:36:13.76,Default,,0000,0000,0000,,tends to be probably probably harder just\Nby design. But of course, on a context
Dialogue: 0,0:36:13.76,0:36:19.36,Default,,0000,0000,0000,,which keep us to save somewhere, it's\Nregister set and then then it will end up
Dialogue: 0,0:36:19.36,0:36:25.84,Default,,0000,0000,0000,,in memoria in some situations probably not\Nnot as controlled as it is for for as
Dialogue: 0,0:36:25.84,0:36:34.48,Default,,0000,0000,0000,,Asgeirsson. So there is the question, what\Nabout other CPU architectures other than
Dialogue: 0,0:36:34.48,0:36:41.84,Default,,0000,0000,0000,,Intel, did you test those? So maybe I can\NI can go into this so. Well, interesting.
Dialogue: 0,0:36:41.84,0:36:48.16,Default,,0000,0000,0000,,See, that's the largest one with the\Nlargest software base and the most runtime
Dialogue: 0,0:36:48.16,0:36:53.44,Default,,0000,0000,0000,,that is also that we could look at. Right.\NBut there, of course, some other stuff we
Dialogue: 0,0:36:53.44,0:37:01.04,Default,,0000,0000,0000,,have or as this eternity that we developed\Nsome years ago, it's called Sancho's. And
Dialogue: 0,0:37:01.04,0:37:05.44,Default,,0000,0000,0000,,of course, for this, there are similar\Nissues. Right. So you always need the
Dialogue: 0,0:37:05.44,0:37:14.88,Default,,0000,0000,0000,,software layer to interact, to enter the\Nenclave into the enclave. And I think you
Dialogue: 0,0:37:14.88,0:37:20.88,Default,,0000,0000,0000,,had David in the earlier work, also found\Nissues in our TI. So it's not just Intel
Dialogue: 0,0:37:20.88,0:37:27.12,Default,,0000,0000,0000,,and really related product projects that\Nmess up there, of course. But what we
Dialogue: 0,0:37:27.12,0:37:34.00,Default,,0000,0000,0000,,definitely found is it's easier to to\Nthink of all cases for simpler designs
Dialogue: 0,0:37:34.00,0:37:38.08,Default,,0000,0000,0000,,like risk five or simpler risk designs\Nthen for this complex actually six
Dialogue: 0,0:37:39.36,0:37:43.84,Default,,0000,0000,0000,,architecture. Right. So right now there\Nare not that many sites into less Jicks.
Dialogue: 0,0:37:43.84,0:37:48.88,Default,,0000,0000,0000,,So so they have the advantage and\Ndisadvantage of being the first widely
Dialogue: 0,0:37:48.88,0:37:56.00,Default,,0000,0000,0000,,deployed, let's say. And um, but I think\Nas soon as others start to, to grow out
Dialogue: 0,0:37:56.00,0:38:00.96,Default,,0000,0000,0000,,and simpler designs start to be more\Ncommon, I think we will see this, that
Dialogue: 0,0:38:00.96,0:38:05.65,Default,,0000,0000,0000,,it's easier to fix alleged cases for\Nsimpler designs. OK, so what is a
Dialogue: 0,0:38:05.65,0:38:18.97,Default,,0000,0000,0000,,reasonable alternative to tea, or is there\Nany way you want to take that or think,
Dialogue: 0,0:38:18.97,0:38:27.22,Default,,0000,0000,0000,,should I say what? Uh, well, we can\Nprobably both give our perspectives. So I
Dialogue: 0,0:38:27.22,0:38:31.84,Default,,0000,0000,0000,,think. Well, the question to start\Nstatute, of course, is do we need an
Dialogue: 0,0:38:31.84,0:38:34.99,Default,,0000,0000,0000,,alternative or do we need to find more\Nsystematic ways to to to sanitize
Dialogue: 0,0:38:34.99,0:38:39.21,Default,,0000,0000,0000,,Australians? That's, I think, one part of\Nthe answer here, that we don't have to
Dialogue: 0,0:38:39.21,0:38:43.24,Default,,0000,0000,0000,,necessarily throw away these because we\Nhave problems with them. We can also look
Dialogue: 0,0:38:43.24,0:38:46.99,Default,,0000,0000,0000,,at how to solve those problems. But apart\Nfrom that, there is some exciting
Dialogue: 0,0:38:46.99,0:38:52.12,Default,,0000,0000,0000,,research. OK, maybe David also wants to\Nsay a bit more about, for instance, on
Dialogue: 0,0:38:52.12,0:38:57.30,Default,,0000,0000,0000,,capabilities, but that's not in a way not\Nso different than these necessarily. But
Dialogue: 0,0:38:57.30,0:39:00.86,Default,,0000,0000,0000,,but when you have high tech support for\Ncapabilities like like the Cherry
Dialogue: 0,0:39:00.86,0:39:04.65,Default,,0000,0000,0000,,Borjesson computer, which essentially\Nassociates metadata to a point of
Dialogue: 0,0:39:04.65,0:39:09.69,Default,,0000,0000,0000,,metadata, like commission checks, then you\Ncould at least for some cause of the
Dialogue: 0,0:39:09.69,0:39:14.84,Default,,0000,0000,0000,,issues we talked about point to point of\Npoisoning attacks, you could natively
Dialogue: 0,0:39:14.84,0:39:20.65,Default,,0000,0000,0000,,catch those without support. But but it's\Na very high level idea. Maybe David wants
Dialogue: 0,0:39:20.65,0:39:26.08,Default,,0000,0000,0000,,to say something. Yeah. So so I think,\Nlike alternative to tea is whenever you
Dialogue: 0,0:39:26.08,0:39:31.64,Default,,0000,0000,0000,,want to partition your system into into\Nparts, which is, I think, a good idea. And
Dialogue: 0,0:39:31.64,0:39:37.52,Default,,0000,0000,0000,,everybody is now doing that also in there,\Nhow we build online services and stuff so
Dialogue: 0,0:39:37.52,0:39:44.28,Default,,0000,0000,0000,,that these are one systems that we have\Nbecome quite used to from from mobile
Dialogue: 0,0:39:44.28,0:39:48.98,Default,,0000,0000,0000,,phones or from maybe even even from\Nsomething like a banking card or so out,
Dialogue: 0,0:39:48.98,0:39:52.73,Default,,0000,0000,0000,,which is sort of like a protected\Nenvironment for a very simple job. But the
Dialogue: 0,0:39:52.73,0:39:57.50,Default,,0000,0000,0000,,problem then starts when you throw a lot\Nof functionality into the tea. As we saw,
Dialogue: 0,0:39:57.50,0:40:03.32,Default,,0000,0000,0000,,the trusted code base becomes more and\Nmore complex and you get traditional box.
Dialogue: 0,0:40:03.32,0:40:08.06,Default,,0000,0000,0000,,So I'm saying like, yeah, it's really a\Nquestion if you need an alternative or a
Dialogue: 0,0:40:08.06,0:40:11.79,Default,,0000,0000,0000,,better way of approaching it. How are you\Npartition software? And as you mentioned,
Dialogue: 0,0:40:11.79,0:40:16.41,Default,,0000,0000,0000,,there are some other things you can do\Narchitecturally so you can change the way
Dialogue: 0,0:40:16.41,0:40:21.39,Default,,0000,0000,0000,,we or extends the way we build build\Narchitectures for with capabilities and
Dialogue: 0,0:40:21.39,0:40:25.96,Default,,0000,0000,0000,,then start to isolate components. For\Ninstance, in one software project, say it,
Dialogue: 0,0:40:25.96,0:40:30.30,Default,,0000,0000,0000,,say in your Web server, you isolate the\Nstack or something like this. And also,
Dialogue: 0,0:40:30.30,0:40:37.53,Default,,0000,0000,0000,,thanks for the people noticing the secret\Npassword here. You so obviously only for
Dialogue: 0,0:40:37.53,0:40:45.85,Default,,0000,0000,0000,,decoration purposes to give the people\Nsomething to watch. So but it's not
Dialogue: 0,0:40:45.85,0:40:54.61,Default,,0000,0000,0000,,fundamentally broken, isn't? Yeah, not 60.\NI mean, these are so many of them, I
Dialogue: 0,0:40:54.61,0:41:02.26,Default,,0000,0000,0000,,think, like you cannot say, fundamentally\Nbroken for but for a question I had was
Dialogue: 0,0:41:02.26,0:41:08.34,Default,,0000,0000,0000,,specifically for SGX at that point,\Nbecause signal uses its mobile coin,
Dialogue: 0,0:41:08.34,0:41:15.68,Default,,0000,0000,0000,,cryptocurrency uses it and so on and so\Nforth. Is that fundamentally broken or
Dialogue: 0,0:41:15.68,0:41:24.43,Default,,0000,0000,0000,,would you rather say so? So I guess it\Ndepends what you call fundamentally right.
Dialogue: 0,0:41:24.43,0:41:29.92,Default,,0000,0000,0000,,So there has been in the past, we have\Nworked also on what I would say for
Dialogue: 0,0:41:29.92,0:41:35.11,Default,,0000,0000,0000,,breaches of attitudes, but they have been\Nfixed and it's actually quite a beautiful
Dialogue: 0,0:41:35.11,0:41:40.91,Default,,0000,0000,0000,,instance of a well researched and have\Nshort term industry impact. So you find a
Dialogue: 0,0:41:40.91,0:41:45.92,Default,,0000,0000,0000,,vulnerability, then the vendor has to\Ndevise a fix that they are often not
Dialogue: 0,0:41:45.92,0:41:50.01,Default,,0000,0000,0000,,available and there are often workarounds\Nto the problem. And then the later,
Dialogue: 0,0:41:50.01,0:41:54.43,Default,,0000,0000,0000,,because you're are talking, of course,\Nabout how to talk to. So then you need new
Dialogue: 0,0:41:54.43,0:41:58.67,Default,,0000,0000,0000,,processes to really get a fundamental fix\Nfor the problem and then you have
Dialogue: 0,0:41:58.67,0:42:04.66,Default,,0000,0000,0000,,temporary workarounds. So I would say, for\Ninstance, a company like Signeul using it,
Dialogue: 0,0:42:04.66,0:42:10.06,Default,,0000,0000,0000,,if they so it does not give you security\Nby default. But you need to think about
Dialogue: 0,0:42:10.06,0:42:14.11,Default,,0000,0000,0000,,the software. That's what you focused on\Nin this stock. We also need to think about
Dialogue: 0,0:42:14.11,0:42:20.39,Default,,0000,0000,0000,,all of the hardware, micro patches and on\Nthe processors to take care of all the
Dialogue: 0,0:42:20.39,0:42:26.47,Default,,0000,0000,0000,,known vulnerabilities. And then, of\Ncourse, the question always remains, are
Dialogue: 0,0:42:26.47,0:42:30.82,Default,,0000,0000,0000,,the abilities that we don't know of yet\Nwith any secure system? I guess. But but
Dialogue: 0,0:42:30.82,0:42:36.68,Default,,0000,0000,0000,,maybe also David wants to say something\Nabout some of his latest work there.
Dialogue: 0,0:42:36.68,0:42:42.50,Default,,0000,0000,0000,,That's a bit interesting. Yeah. So I think\Nwhat what your source or my answer to this
Dialogue: 0,0:42:42.50,0:42:48.08,Default,,0000,0000,0000,,question would be, it depends on your\Nthreat model, really. So some some people
Dialogue: 0,0:42:48.08,0:42:54.04,Default,,0000,0000,0000,,use SGX as a way to kind of like remove\Nthe trust in the cloud provider. So you
Dialogue: 0,0:42:54.04,0:42:59.51,Default,,0000,0000,0000,,say like RSS and Signaler. So I move all\Nthis functionality that that is hosted
Dialogue: 0,0:42:59.51,0:43:04.66,Default,,0000,0000,0000,,maybe on some cloud provider into an\Nenclave and then then I don't have to
Dialogue: 0,0:43:04.66,0:43:10.67,Default,,0000,0000,0000,,trust the cloud provider anymore because\Nthere's also some form of protection
Dialogue: 0,0:43:10.67,0:43:15.76,Default,,0000,0000,0000,,against physical access. But recently we\Nactually we published another attack,
Dialogue: 0,0:43:15.76,0:43:22.13,Default,,0000,0000,0000,,which shows that if you have hardware\Naccess to an SGX processor, you can inject
Dialogue: 0,0:43:22.13,0:43:28.14,Default,,0000,0000,0000,,false into into the processor by playing\Nwith the on the voting interface with was
Dialogue: 0,0:43:28.14,0:43:33.16,Default,,0000,0000,0000,,hardware. And so you really saw that to\Nthe main board to to a couple of a couple
Dialogue: 0,0:43:33.16,0:43:38.44,Default,,0000,0000,0000,,of wires on the bus to the voltage\Nregulator. And then you can do voltage
Dialogue: 0,0:43:38.44,0:43:43.82,Default,,0000,0000,0000,,glitching, as some people might know, from\Nfrom other embedded contexts. And that way
Dialogue: 0,0:43:43.82,0:43:48.68,Default,,0000,0000,0000,,then you can flip bits essentially in the\Nenclave and of course, do all kinds of,
Dialogue: 0,0:43:48.68,0:43:54.59,Default,,0000,0000,0000,,um, it kind of like inject all kinds of\Nevil effects that then can be used further
Dialogue: 0,0:43:54.59,0:43:59.61,Default,,0000,0000,0000,,to get keys out or maybe hijack control\Nflow or something. So it depends on your
Dialogue: 0,0:43:59.61,0:44:04.80,Default,,0000,0000,0000,,threat model. I wouldn't say so. That ASX\Nis completely pointless. It's, I think,
Dialogue: 0,0:44:04.80,0:44:10.20,Default,,0000,0000,0000,,better than not having it at all. But it\Ndefinitely cannot you cannot have, like,
Dialogue: 0,0:44:10.20,0:44:15.31,Default,,0000,0000,0000,,complete protection against somebody who\Nhas physical access to your server. So I
Dialogue: 0,0:44:15.31,0:44:20.88,Default,,0000,0000,0000,,have to close this talk. It's a bummer.\NAnd I would ask all the questions that I
Dialogue: 0,0:44:20.88,0:44:26.10,Default,,0000,0000,0000,,flew in. But one very, very fast answer,\Nplease. What is that with a password in
Dialogue: 0,0:44:26.10,0:44:30.63,Default,,0000,0000,0000,,your background? I explained it. It's\Nit's, of course, like just a joke. So I'll
Dialogue: 0,0:44:30.63,0:44:35.61,Default,,0000,0000,0000,,say it again, because some people seem to\Nhave taken it seriously. So it was such an
Dialogue: 0,0:44:35.61,0:44:40.44,Default,,0000,0000,0000,,empty whiteboard. So I put a password\Nthere. Unfortunately, it's not fully
Dialogue: 0,0:44:40.44,0:44:46.23,Default,,0000,0000,0000,,visible in the in the screen. OK, so I\Nthink you should open book out of David
Dialogue: 0,0:44:46.23,0:45:00.10,Default,,0000,0000,0000,,Oswald. Thank you for having that nice\Ntalk. And now we make the transition to
Dialogue: 0,0:45:00.10,0:45:03.84,Default,,0000,0000,0000,,the new show.
Dialogue: 0,0:45:03.84,0:45:34.00,Default,,0000,0000,0000,,Subtitles created by c3subtitles.de\Nin the year 2021. Join, and help us!