In this talk, we will show that despite all doubts, it is practical to implement malware inside SGX. Moreover, this malware uses the protection features of SGX to hide itself from all state-of-the-art detection mechanisms. We show that an unprivileged user can execute malware inside an SGX enclave that uses a cache attack to extract a secret RSA key from a co-located enclave.

By Michael Schwarz & Moritz Lipp

Full Abstract & Presentation Materials: https://www.blackhat.com/asia-18/brie...