Corpus ID: 28642809

Intel SGX Explained

@article{Costan2016IntelSE,
  title={Intel SGX Explained},
  author={Victor Costan and Srinivas Devadas},
  journal={IACR Cryptol. ePrint Arch.},
  year={2016},
  volume={2016},
  pages={86}
}
Intel’s Software Guard Extensions (SGX) is a set of extensions to the Intel architecture that aims to provide integrity and confidentiality guarantees to securitysensitive computation performed on a computer where all the privileged software (kernel, hypervisor, etc) is potentially malicious. This paper analyzes Intel SGX, based on the 3 papers [14, 78, 137] that introduced it, on the Intel Software Developer’s Manual [100] (which supersedes the SGX manuals [94, 98]), on an ISCA 2015 tutorial… Expand
Secure Programming with Intel SGX and Novel Applications
TLDR
The thesis describes the implementation of a prototype decryption device for the Accountable Decryption protocol, a novel protocol that can provide confidentiality and integrity guarantees by using the SGX technology. Expand
SGAxe: How SGX Fails in Practice
Intel’s Software Guard Extensions (SGX) promises an isolated execution environment, protected from all software running on the machine. A significant limitation of SGX is its lack of protectionExpand
TRUSTED CODE EXECUTION ON UNTRUSTED PLATFORMS USING INTEL SGX
Today, isolated trusted computation and code execution is of paramount importance to protect sensitive information and workfl ows from other malicious privileged or unprivileged software. IntelExpand
Secure Processors Part II: Intel SGX Security Analysis and MIT Sanctum Architecture
TLDR
The MIT Sanctum processor developed by the authors is introduced: a system designed to offer stronger security guarantees, lend itself better to analysis and formal verification, and offer a more straightforward and complete threat model than the Intel system, all with an equivalent programming model. Expand
Leveraging Intel SGX to Create a Nondisclosure Cryptographic library
TLDR
The Intel SGX is leveraged to produce a secure cryptographic library which keeps the generated keys inside an enclave restricting use and dissemination of confidential cryptographic keys. Expand
A survey of Intel SGX and its applications
TLDR
A comprehensive survey on the development of Intel SGX (software guard extensions) processors and its applications and a systematic analysis of the related papers in this area is presented. Expand
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable isolation of software modules running concurrently and sharing resources, but protects against anExpand
SGX - TURVALISUSE JA JÕUDLUSE HINNANG
  • 2019
Intel Software Guard Extensions (SGX) is collection of instruction set extensions and mechanisms for memory access that provide integrity and confidentiality guarantees on modern Intel processors.Expand
Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
TLDR
This work presents Foreshadow, a practical software-only microarchitectural attack that decisively dismantles the security objectives of current SGX implementations and develops a novel exploitation methodology to reliably leak plaintext enclave secrets from the CPU cache. Expand
A Survey of Published Attacks on Intel SGX
TLDR
This paper presents a survey of all attacks specifically targeting Intel \kw{SGX} that are known to the authors, to date and categorized the attacks based on their implementation details into 7 different categories. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 245 REFERENCES
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable isolation of software modules running concurrently and sharing resources, but protects against anExpand
Innovative Technology for CPU Based Attestation and Sealing
Intel is developing the Intel® Software Guard Extensions (Intel® SGX) technology, an extension to Intel® Architecture for generating protected software containers. The container is referred to as anExpand
Attacking Intel TXT via SINIT code execution hijacking
We present a software attack against Intel TXT that exploits an implementation problem within a so called SINIT module. The attack allows to fully bypass Intel TXT, Intel Launch Control Policy (LCP),Expand
TrustVisor: Efficient TCB Reduction and Attestation
TLDR
TrustVisor is presented, a special-purpose hypervisor that provides code integrity as well as data integrity and secrecy for selected portions of an application that has a very small code base that makes verification feasible. Expand
A Memory Encryption Engine Suitable for General Purpose Processors
  • S. Gueron
  • Computer Science
  • IACR Cryptol. ePrint Arch.
  • 2016
TLDR
The purpose of this paper is to explain how this hardware component of SGX works, and the rationale behind some of its design choices, and to formalize the MEE threat model and security objectives, describe the Mee design, cryptographic properties, security margins, and report some concrete performance results. Expand
SMM rootkit: a new breed of OS independent malware
TLDR
A proof of concept SMM rootkit is presented, exploring the potential of system management mode for malicious use by implementing a chipset level keylogger and a network backdoor capable of directly interacting with the network card to send logged keystrokes to a remote machine via UDP and receive remote command packets stealthily. Expand
Architectural support for copy and tamper resistant software
TLDR
The hardware implementation of a form of execute-only memory (XOM) that allows instructions stored in memory to be executed but not otherwise manipulated is studied, indicating that it is possible to create a normal multi-tasking machine where nearly all applications can be run in XOM mode. Expand
Intel® Software Guard Extensions: EPID Provisioning and Attestation Services
Intel® Software Guard Extensions (SGX) has an attestation capability that can be used to remotely provision secrets to an enclave. Use of Intel® SGX attestation and sealing has been described in [1].Expand
Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution
TLDR
Iso-X is proposed -- a flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces of an application such that they can execute securely even in the presence of untrusted system software. Expand
Security Analysis of x86 Processor Microcode
TLDR
It is shown that a malicious microcode update can potentially implement a new malicious instructions or alter the functionality of existing instructions, including processor-accelerated virtualization or cryptographic primitives, in order to subvert all software-enforced security policies and access controls. Expand
...
1
2
3
4
5
...