Automatic blocking of downgrade attacks
Mail is Conclave’s solution for both async messaging and data storage. In beta 4 we upgraded it to transparently integrate with SGX’s defense mechanism against downgrade attacks (the ‘security version number’).
A downgrade attack occurs when a security problem is found either with your enclave or the support infrastructure and the problem is fixed, but nothing forces the host to stay upgraded. It means the host is able to run the latest secure version when the user is submitting data and then downgrade it to a vulnerable version afterwards to gain illegitimate access. The SGX key derivation function allows enclaves to calculate the keys for their own version and any prior version. That means old enclaves can’t calculate the keys for new enclaves, but vice-versa works.
Normally you would need to explicitly manage “sealing keys” and this downgrade mechanism. In Conclave beta 4 mail identifies which version it was intended for and the infrastructure automatically calculates the correct key to decrypt it.
This allows you to restart an enclave without disrupting conversations taking place with clients, but it’s especially useful when mail is used to store persistent data using the ‘mail to self’ pattern. New enclaves can decrypt old data, and as that data becomes steadily replaced with newly encrypted mails, the system’s security re-seals itself.
SGX protects the state of a thread so the host can’t tamper with it. For that to work the enclave must reserve the memory up front for a fixed number of ‘thread slots’, into which the CPU can save and restore thread data.
This raises some questions:
- What happens if you run out of thread slots?
- How to set the number of slots you have?
- How are host threads mapped to enclave threads?
In Beta 4 Conclave handles this complexity for you. If a host thread tries to call into an enclave or deliver mail whilst all the slots are taken by other threads, the host will wait until a slot frees up.
In rare cases you may accidentally write software that can deadlock due to this limit on simultaneously active threads, e.g. a call into an enclave starts a second thread and then waits for it to complete, which may block forever if the enclave has run out of slots. Conclave will now detect such deadlocks and abort the enclave with a helpful error explaining how to add more.
We re-read and refreshed the entire documentation website for this release, with new content and improvements on nearly every page. For example, we’ve not only made SGX threading significantly easier to use but also written new documentation on threads with diagrams to teach you what’s going on behind the scenes.
You can learn how to configure the threading support and many other things in our new configuration guide. This takes you through the different options available to tune the enclave at build time. The defaults are provided along with explanations of each setting.
The FAQ has new content based on questions we see often from new users: check it out!
Download Conclave Beta and get started
Conclave Beta 4 is available for non-production and evaluation use. Download the SDK today!