TL; DR: Discovered concurrently by two independent research groups in 2018, Foreshadow is the name given to a vulnerability in Intel’s SGX technology that allows attackers to access private data. It differs from speculative execution attacks like Spectre and Meltdown, in that it can overcome SGX’s security mechanism and has directly led to the discovery of related attack variants targeting widely deployed operating system and cloud infrastructure. Though Intel has released software and microcode patches to mitigate the threat, experts from industry and academia continue to collaborate in the fight against next-generation attacks.
In 1996, Immunotherapy Researcher James Allison became the first to prove that blocking a specific protein receptor in the body, known as CTLA-4, could trigger T-cells in the immune system to attack malignant tumors.
It wasn’t until 15 years later, in 2011, that the FDA approved a new anti-cancer drug based on his research. Since then, the drug has saved many lives — including that of former President Jimmy Carter, who underwent the treatment to remove melanoma from his brain. Ultimately, James Allison’s research made such an impact on the medical community that it earned him the 2018 Nobel Prize in medicine.
But could an expedited process have saved more lives? The 15-year delay from conception to FDA approval was, in part, a product of the researcher’s years-long struggle to convince drug companies that the groundbreaking findings needed to be moved out of the lab and into the hands of the industry.
Unfortunately, a disconnect between academia and industry is all too familiar to scholars like Hardware Security Researcher Jo Van Bulck. Jo experienced the mismatch firsthand after he and his colleagues discovered Foreshadow, the name researchers have given a vulnerability in Intel’s SGX technology that could allow attackers to access private data located in cloud and computer systems.
“For years, companies like Intel have been underestimating the importance of fundamental academic research,” Jo said. “In this case, academics were building an understanding of the Intel x86 processor’s microarchitecture, step by step, over the last 10 to 20 years, and it became obvious that certain vulnerabilities were inevitable.”
But Jo said these academic results were initially discarded as impractical, and their disruptive real-world impact only became apparent in January 2018 with the discovery of Foreshadow and related attacks. “We alerted Intel about the vulnerability, and they immediately realized its far-going consequences, engaging us in a lengthy responsible disclosure process,” Jo said.
Seven months later, in August 2018, Intel released software and microcode patches to protect against related attacks. Paved by lessons learned, Jo said the path forward will involve fruitful discussions between academia and industry players.
“Intel really wants to keep up with academic results to stay ahead of the next vulnerability,” he said.
A Speculative Execution Attack Independently Discovered by Two Teams
Foreshadow was discovered by Jo, Frank Piessens, and Raoul Strack at the imec-DistriNet research group, KU Leuven in Belgium. At the same time, a group of researchers from Technion, University of Michigan, the University of Adelaide, and CSIRO’s Data61 independently discovered the vulnerability as well.
“In hindsight, it makes a lot of sense that two independent research labs arrived at the same results because, if you look at the trail of published papers over the last few decades, you can see individual steps leading directly to the vulnerability,” Jo said.
Intel introduced Software Guard Extensions (SGX) in 2015 to protect user data in the case that an attacker takes control of an entire computer system. Foreshadow demonstrates how speculative execution, a CPU optimization technique, can be exploited to read SGX-protected memory and extract private data — such as documents, files, and passwords.
Before the discovery, researchers believed speculative execution attacks (such as Meltdown and Spectre) could not affect SGX. Foreshadow, discovered independently from Meltdown and Spectre, proved them wrong. With Foreshadow, the attacker can speculatively access unauthorized data from the processor cache, even if that data is being safeguarded in an SGX enclave or via state-of-the-art Meltdown defenses. As such, Foreshadow unveiled a more fundamental flaw in even deeper realms of the processor.
Jo unveiled the findings by the two independent teams at the USENIX Security Symposium, held August 15-17, 2018, in Baltimore. Intel’s system updates, which served to mitigate Foreshadow and protect user data, were released concurrently with Foreshadow’s public announcements.
Foreshadow, Spectre, and Meltdown: Processor-Based Attacks
Jo told us his team discovered Foreshadow before the researchers behind two related speculative execution attacks — Meltdown and Spectre — launched their public website. Foreshadow differs from these two attacks in that it can overcome SGX’s security mechanism. Meltdown and Spectre, however, are easier to exploit.
Independent researchers Jann Horn, of Google Project Zero; Werner Haas and Tomas Prescher, of Cyberus Technology; and Daniel Gruss, Moritz Lipp, Stefan Mangard, and Michael Schwarz, of the Graz University of Technology; discovered Meltdown. The vulnerability affects Intel chips by enabling attackers to access passwords and data stored in the operating system’s kernel. Desktop, laptop, and cloud computers — as well as every Intel processor that implements out-of-order execution — may be affected.
Spectre, independently discovered by Jann Horn, of Google Project Zero, and independent researcher Paul Kocker, can affect devices with a range of processors. The vulnerability, which manipulates applications into accessing random memory locations, is harder to exploit than Meltdown, and also more difficult to mitigate.
Current software patches exist to protect systems from Meltdown and Spectre, but Jo said his team is working with Graz University to prevent future exploitation. “To guide our efforts, we recently created an exhaustive overview of all research and knowledge that has been built up in the community over the past year to help identify blind spots,” Jo said. “This immediately led to new discoveries.”
For example, the researchers identified new Meltdown variants capable of bypassing state-of-the-art mitigation technologies. They also discovered the first practical evidence of a Meltdown-type effect on AMD processors. “Neither are high-impact scenarios, but they illustrate the potential for uncovering new information,” Jo said.
Efforts to Mitigate Foreshadow-Next Generation
While investigating the first Foreshadow vulnerability, Intel became aware of two additional variants, which it collectively refers to as Foreshadow-Next Generation (NG). “We became aware later that internal research by Intel had uncovered Foreshadow-NG, which has a far more devastating impact than Foreshadow,” Jo said.
Foreshadow-NG could possibly be used to access information in CPUs as well as the core of a computer’s operating system and the hypervisor, which creates and runs virtual machines. Hackers could also exploit the vulnerability to read information residing in virtual machines running on the same cloud infrastructure. Foreshadow-NG is even thought to be capable of bypassing existing defenses against speculative executive attacks.
In August 2018, Jo and researchers from imec-DistriNet, KU Leuven, Technion, the University of Michigan, the University of Adelaide and Data61 published the first edition of “Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution.” The document, intended to evolve as the researchers further their understanding of the recently divulged vulnerability, explores “Foreshadow-type attacks and their implications in the light of the emerging transient execution research area.”
The tech industry is evolving the nomenclature around these vulnerabilities as new cases emerge. Foreshadow, the original attack, is often referred to as L1 Terminal Fault – SGX. The two variations of the initial Foreshadow attack may be referred to separately as L1 Terminal Fault – OS/SMM, specifying attacks on the computer’s operating system; or L1 Terminal Fault – VMM, the version affecting hypervisors.
It is notable that researchers named the first version of Foreshadow after the literary device that writers use to provide an advance hint of impending events. “The Foreshadow attack shows, however, that clever adversaries can abuse subtle hints in the present to reconstruct secrets from future instructions,” researchers explain on the Foreshadow website.
That said, the combined force of academia and key industry players may be enough to thwart future threats.