WireTap: Breaking Server SGX via DRAM Bus Interposition

Intel's Software Guard eXtension (SGX) aims to offer strong integrity and confidentiality properties, even in the presence of root-level attackers. However, while Intel clearly indicates that SGX offers no security against attackers with physical access, many current real world SGX deployments are actually done in potentially adversarial environments, where node operators have a financial incentive to subvert computations performed inside SGX enclaves. While the two threat models clearly differ, a common conception is that physical attacks on SGX require expensive laboratory equipment, thus putting them out of reach of hobbyist-level attackers.