• Corpus ID: 28642809

Intel SGX Explained

@article{Costan2016IntelSE,
  title={Intel SGX Explained},
  author={Victor Costan and Srinivas Devadas},
  journal={IACR Cryptol. ePrint Arch.},
  year={2016},
  volume={2016},
  pages={86}
}
Intel’s Software Guard Extensions (SGX) is a set of extensions to the Intel architecture that aims to provide integrity and confidentiality guarantees to securitysensitive computation performed on a computer where all the privileged software (kernel, hypervisor, etc) is potentially malicious. This paper analyzes Intel SGX, based on the 3 papers [14, 78, 137] that introduced it, on the Intel Software Developer’s Manual [100] (which supersedes the SGX manuals [94, 98]), on an ISCA 2015 tutorial… 
Secure Programming with Intel SGX and Novel Applications
TLDR
The thesis describes the implementation of a prototype decryption device for the Accountable Decryption protocol, a novel protocol that can provide confidentiality and integrity guarantees by using the SGX technology.
SGAxe: How SGX Fails in Practice
TLDR
It is shown how CacheOut can be leveraged to compromise the confidentiality and the integrity of a victim enclave’s long-term storage and the impact of the attack on two proposed SGX applications, the Signal communication app and Town Crier, an SGX-based blockchain application.
TRUSTED CODE EXECUTION ON UNTRUSTED PLATFORMS USING INTEL SGX
TLDR
The previous trusted execution technologies are reviewed to better understand and appreciate the new innovations of SGX and use cases such as trusted and secure code execution on an untrusted cloud platform, and digital rights management (DRM).
Secure Processors Part II: Intel SGX Security Analysis and MIT Sanctum Architecture
TLDR
The MIT Sanctum processor developed by the authors is introduced: a system designed to offer stronger security guarantees, lend itself better to analysis and formal verification, and offer a more straightforward and complete threat model than the Intel system, all with an equivalent programming model.
Leveraging Intel SGX to Create a Nondisclosure Cryptographic library
TLDR
The Intel SGX is leveraged to produce a secure cryptographic library which keeps the generated keys inside an enclave restricting use and dissemination of confidential cryptographic keys.
Benchmarking the Second Generation of Intel SGX Hardware
TLDR
A first systematic performance study of Intel SGXv2 is conducted and it is compared to the previous generation of SGX to answer the question whether previous efforts to overcome the limitations of SGZ for DBMSs are still applicable and if the new generation ofSGX can truly deliver on the promise to secure data without compromising on performance.
A Comprehensive Benchmark Suite for Intel SGX
TLDR
The suite, SGXGauge, contains a diverse set of workloads such as blockchain codes, secure machine learning algorithms, lightweight web servers, secure key-value stores, etc and thoroughly characterize the behavior of the benchmark suite on a native platform and on a platform that uses a library OS-based shimming layer (GrapheneSGX).
A survey of Intel SGX and its applications
TLDR
A comprehensive survey on the development of Intel SGX (software guard extensions) processors and its applications and a systematic analysis of the related papers in this area is presented.
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable isolation of software modules running concurrently and sharing resources, but protects against an
SGX - TURVALISUSE JA JÕUDLUSE HINNANG
  • Computer Science
  • 2019
TLDR
SGX virtualization uncovers interesting results both from systems and security perspectives, and important security features like key hierarchy, encryption and attestation are broken down.
...
...

References

SHOWING 1-10 OF 247 REFERENCES
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable isolation of software modules running concurrently and sharing resources, but protects against an
Innovative Technology for CPU Based Attestation and Sealing
TLDR
The technology components that allow provisioning of secrets to an enclave include a method to generate a hardware based attestation of the software running inside an enclave and a means for enclave software to seal secrets and export them outside of the enclave such that only the same enclave software would be able un-seal them back to their original form.
Attacking Intel TXT via SINIT code execution hijacking
TLDR
A software attack against Intel TXT is presented that exploits an implementation problem within a so called SINIT module, an internal part of theintel TXT infrastructure, that allows to fully bypassIntel TXT, Intel Launch Control Policy (LCP), and additionally also provides yet-another-way to compromise SMM code on the platform.
TrustVisor: Efficient TCB Reduction and Attestation
TLDR
TrustVisor is presented, a special-purpose hypervisor that provides code integrity as well as data integrity and secrecy for selected portions of an application that has a very small code base that makes verification feasible.
A Memory Encryption Engine Suitable for General Purpose Processors
  • S. Gueron
  • Computer Science
    IACR Cryptol. ePrint Arch.
  • 2016
TLDR
The purpose of this paper is to explain how this hardware component of SGX works, and the rationale behind some of its design choices, and to formalize the MEE threat model and security objectives, describe the Mee design, cryptographic properties, security margins, and report some concrete performance results.
SMM rootkit: a new breed of OS independent malware
TLDR
A proof of concept SMM rootkit is presented, exploring the potential of system management mode for malicious use by implementing a chipset level keylogger and a network backdoor capable of directly interacting with the network card to send logged keystrokes to a remote machine via UDP and receive remote command packets stealthily.
Architectural support for copy and tamper resistant software
TLDR
The hardware implementation of a form of execute-only memory (XOM) that allows instructions stored in memory to be executed but not otherwise manipulated is studied, indicating that it is possible to create a normal multi-tasking machine where nearly all applications can be run in XOM mode.
Intel® Software Guard Extensions: EPID Provisioning and Attestation Services
TLDR
This paper describes how the SGX attestation key are remotely provisioned to Intel SGX enabled platforms, the hardware primitives used to support the process, and the Intel Verification Service that simplifies the verification of an SGXattestation.
Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution
TLDR
Iso-X is proposed -- a flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces of an application such that they can execute securely even in the presence of untrusted system software.
Security Analysis of x86 Processor Microcode
TLDR
It is shown that a malicious microcode update can potentially implement a new malicious instructions or alter the functionality of existing instructions, including processor-accelerated virtualization or cryptographic primitives, in order to subvert all software-enforced security policies and access controls.
...
...