Intel SGX Explained
@article{Costan2016IntelSE,
title={Intel SGX Explained},
author={Victor Costan and Srinivas Devadas},
journal={IACR Cryptol. ePrint Arch.},
year={2016},
volume={2016},
pages={86}
}Intel’s Software Guard Extensions (SGX) is a set of extensions to the Intel architecture that aims to provide integrity and confidentiality guarantees to securitysensitive computation performed on a computer where all the privileged software (kernel, hypervisor, etc) is potentially malicious. This paper analyzes Intel SGX, based on the 3 papers [14, 78, 137] that introduced it, on the Intel Software Developer’s Manual [100] (which supersedes the SGX manuals [94, 98]), on an ISCA 2015 tutorial… Expand
Figures, Tables, and Topics from this paper
figure 1 
table 1 
figure 2 
table 2 
figure 3 
table 3 
figure 4 
table 4 
table 5 
figure 6 
table 6 
figure 8 
table 8 
figure 9 
table 9 
figure 10 
table 10 
figure 11 
table 11 
figure 12 
table 12 
figure 13 
table 13 
figure 14 
table 14 
figure 15 
table 15 
figure 16 
table 16 
figure 17 
table 17 
figure 18 
table 18 
figure 19 
table 19 
figure 20 
table 20 
figure 21 
table 21 
figure 22 
table 22 
figure 23 
table 23 
figure 24 
table 24 
figure 25 
figure 26 
figure 27 
figure 28 
figure 29 
figure 30 
figure 31 
figure 32 
figure 33 
figure 34 
figure 35 
figure 36 
figure 37 
figure 38 
figure 39 
figure 40 
figure 41 
figure 42 
figure 43 
figure 44 
figure 45 
figure 46 
figure 47 
figure 48 
figure 49 
figure 50 
figure 51 
figure 52 
figure 53 
figure 54 
figure 55 
figure 56 
figure 57 
figure 58 
figure 59 
figure 60 
figure 61 
figure 62 
figure 63 
figure 64 
figure 65 
figure 66 
figure 67 
figure 68 
figure 69 
figure 70 
figure 71 
figure 72 
figure 73 
figure 74 
figure 75 
figure 76 
figure 77 
figure 78 
figure 79 
figure 80 
figure 81 
figure 82 
figure 83 
figure 84 
figure 85 
figure 86 
figure 91 
figure 93 
figure 94
939 Citations
Secure Programming with Intel SGX and Novel Applications
- Computer Science
- 2017
The thesis describes the implementation of a prototype decryption device for the Accountable Decryption protocol, a novel protocol that can provide confidentiality and integrity guarantees by using the SGX technology. Expand
SGAxe: How SGX Fails in Practice
- 2020
Intel’s Software Guard Extensions (SGX) promises an isolated execution environment, protected from all software running on the machine. A significant limitation of SGX is its lack of protection… Expand
TRUSTED CODE EXECUTION ON UNTRUSTED PLATFORMS USING INTEL SGX
- 2016
Today, isolated trusted computation and code execution is of paramount importance to protect sensitive information and workfl ows from other malicious privileged or unprivileged software. Intel… Expand
Secure Processors Part II: Intel SGX Security Analysis and MIT Sanctum Architecture
- Computer Science
- Found. Trends Electron. Des. Autom.
- 2017
The MIT Sanctum processor developed by the authors is introduced: a system designed to offer stronger security guarantees, lend itself better to analysis and formal verification, and offer a more straightforward and complete threat model than the Intel system, all with an equivalent programming model. Expand
Leveraging Intel SGX to Create a Nondisclosure Cryptographic library
- Computer Science
- ArXiv
- 2017
The Intel SGX is leveraged to produce a secure cryptographic library which keeps the generated keys inside an enclave restricting use and dissemination of confidential cryptographic keys. Expand
A survey of Intel SGX and its applications
- Computer Science
- Frontiers Comput. Sci.
- 2021
A comprehensive survey on the development of Intel SGX (software guard extensions) processors and its applications and a systematic analysis of the related papers in this area is presented. Expand
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
- Computer Science
- USENIX Security Symposium
- 2016
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable isolation of software modules running concurrently and sharing resources, but protects against an… Expand
SGX - TURVALISUSE JA JÕUDLUSE HINNANG
- 2019
Intel Software Guard Extensions (SGX) is collection of instruction set extensions and mechanisms for memory access that provide integrity and confidentiality guarantees on modern Intel processors.… Expand
Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
- Computer Science
- USENIX Security Symposium
- 2018
This work presents Foreshadow, a practical software-only microarchitectural attack that decisively dismantles the security objectives of current SGX implementations and develops a novel exploitation methodology to reliably leak plaintext enclave secrets from the CPU cache. Expand
A Survey of Published Attacks on Intel SGX
- Computer Science
- ArXiv
- 2020
This paper presents a survey of all attacks specifically targeting Intel \kw{SGX} that are known to the authors, to date and categorized the attacks based on their implementation details into 7 different categories. Expand
References
SHOWING 1-10 OF 245 REFERENCES
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
- Computer Science
- USENIX Security Symposium
- 2016
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable isolation of software modules running concurrently and sharing resources, but protects against an… Expand
Innovative Technology for CPU Based Attestation and Sealing
- 2013
Intel is developing the Intel® Software Guard Extensions (Intel® SGX) technology, an extension to Intel® Architecture for generating protected software containers. The container is referred to as an… Expand
Attacking Intel TXT via SINIT code execution hijacking
- 2011
We present a software attack against Intel TXT that exploits an implementation problem within a so called SINIT module. The attack allows to fully bypass Intel TXT, Intel Launch Control Policy (LCP),… Expand
TrustVisor: Efficient TCB Reduction and Attestation
- Computer Science
- 2010 IEEE Symposium on Security and Privacy
- 2010
TrustVisor is presented, a special-purpose hypervisor that provides code integrity as well as data integrity and secrecy for selected portions of an application that has a very small code base that makes verification feasible. Expand
A Memory Encryption Engine Suitable for General Purpose Processors
- Computer Science
- IACR Cryptol. ePrint Arch.
- 2016
The purpose of this paper is to explain how this hardware component of SGX works, and the rationale behind some of its design choices, and to formalize the MEE threat model and security objectives, describe the Mee design, cryptographic properties, security margins, and report some concrete performance results. Expand
SMM rootkit: a new breed of OS independent malware
- Computer Science
- Secur. Commun. Networks
- 2013
A proof of concept SMM rootkit is presented, exploring the potential of system management mode for malicious use by implementing a chipset level keylogger and a network backdoor capable of directly interacting with the network card to send logged keystrokes to a remote machine via UDP and receive remote command packets stealthily. Expand
Architectural support for copy and tamper resistant software
- Computer Science
- SIGP
- 2000
The hardware implementation of a form of execute-only memory (XOM) that allows instructions stored in memory to be executed but not otherwise manipulated is studied, indicating that it is possible to create a normal multi-tasking machine where nearly all applications can be run in XOM mode. Expand
Intel® Software Guard Extensions: EPID Provisioning and Attestation Services
- 2016
Intel® Software Guard Extensions (SGX) has an attestation capability that can be used to remotely provision secrets to an enclave. Use of Intel® SGX attestation and sealing has been described in [1].… Expand
Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution
- Computer Science
- 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture
- 2014
Iso-X is proposed -- a flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces of an application such that they can execute securely even in the presence of untrusted system software. Expand
Security Analysis of x86 Processor Microcode
- Computer Science
- 2014
It is shown that a malicious microcode update can potentially implement a new malicious instructions or alter the functionality of existing instructions, including processor-accelerated virtualization or cryptographic primitives, in order to subvert all software-enforced security policies and access controls. Expand