On Thu, 2018-01-04 at 15:17 +0100, Cedric Blancher wrote: > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > and the MELTATOMBOMBA4 worm which uses this exploit? Actually, a data exfiltration attack against SGX, using page tables has already been documented: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/van-bulck It doesn't exploit speculation as the mechanism for gathering data (it exploits page faults), but the structure of the side channel attack used to exfiltrate data from the supposedly secure enclave is very similar to Spectre. The targetting mechanism is very different, though: the page table exploit assumes you can control the page tables, so you must be highly privileged on the platform but with Spectre you merely have to be an ordinary user. James
