Intel SGX Explained
@article{Costan2016IntelSE,
title={Intel SGX Explained},
author={Victor Costan and Srinivas Devadas},
journal={IACR Cryptol. ePrint Arch.},
year={2016},
volume={2016},
pages={86}
}Intel’s Software Guard Extensions (SGX) is a set of extensions to the Intel architecture that aims to provide integrity and confidentiality guarantees to securitysensitive computation performed on a computer where all the privileged software (kernel, hypervisor, etc) is potentially malicious. This paper analyzes Intel SGX, based on the 3 papers [14, 78, 137] that introduced it, on the Intel Software Developer’s Manual [100] (which supersedes the SGX manuals [94, 98]), on an ISCA 2015 tutorial…
Figures and Tables from this paper
figure 1 
table 1 
figure 2 
table 2 
figure 3 
table 3 
figure 4 
table 4 
table 5 
figure 6 
table 6 
figure 8 
table 8 
figure 9 
table 9 
figure 10 
table 10 
figure 11 
table 11 
figure 12 
table 12 
figure 13 
table 13 
figure 14 
table 14 
figure 15 
table 15 
figure 16 
table 16 
figure 17 
table 17 
figure 18 
table 18 
figure 19 
table 19 
figure 20 
table 20 
figure 21 
table 21 
figure 22 
table 22 
figure 23 
table 23 
figure 24 
table 24 
figure 25 
figure 26 
figure 27 
figure 28 
figure 29 
figure 30 
figure 31 
figure 32 
figure 33 
figure 34 
figure 35 
figure 36 
figure 37 
figure 38 
figure 39 
figure 40 
figure 41 
figure 42 
figure 43 
figure 44 
figure 45 
figure 46 
figure 47 
figure 48 
figure 49 
figure 50 
figure 51 
figure 52 
figure 53 
figure 54 
figure 55 
figure 56 
figure 57 
figure 58 
figure 59 
figure 60 
figure 61 
figure 62 
figure 63 
figure 64 
figure 65 
figure 66 
figure 67 
figure 68 
figure 69 
figure 70 
figure 71 
figure 72 
figure 73 
figure 74 
figure 75 
figure 76 
figure 77 
figure 78 
figure 79 
figure 80 
figure 81 
figure 82 
figure 83 
figure 84 
figure 85 
figure 86 
figure 91 
figure 93 
figure 94
1,114 Citations
Secure Programming with Intel SGX and Novel Applications
- Computer Science
- 2017
The thesis describes the implementation of a prototype decryption device for the Accountable Decryption protocol, a novel protocol that can provide confidentiality and integrity guarantees by using the SGX technology.
SGAxe: How SGX Fails in Practice
- Computer Science
- 2020
It is shown how CacheOut can be leveraged to compromise the confidentiality and the integrity of a victim enclave’s long-term storage and the impact of the attack on two proposed SGX applications, the Signal communication app and Town Crier, an SGX-based blockchain application.
TRUSTED CODE EXECUTION ON UNTRUSTED PLATFORMS USING INTEL SGX
- Computer Science
- 2016
The previous trusted execution technologies are reviewed to better understand and appreciate the new innovations of SGX and use cases such as trusted and secure code execution on an untrusted cloud platform, and digital rights management (DRM).
Secure Processors Part II: Intel SGX Security Analysis and MIT Sanctum Architecture
- Computer ScienceFound. Trends Electron. Des. Autom.
- 2017
The MIT Sanctum processor developed by the authors is introduced: a system designed to offer stronger security guarantees, lend itself better to analysis and formal verification, and offer a more straightforward and complete threat model than the Intel system, all with an equivalent programming model.
Leveraging Intel SGX to Create a Nondisclosure Cryptographic library
- Computer ScienceArXiv
- 2017
The Intel SGX is leveraged to produce a secure cryptographic library which keeps the generated keys inside an enclave restricting use and dissemination of confidential cryptographic keys.
Benchmarking the Second Generation of Intel SGX Hardware
- Computer ScienceDaMoN
- 2022
A first systematic performance study of Intel SGXv2 is conducted and it is compared to the previous generation of SGX to answer the question whether previous efforts to overcome the limitations of SGZ for DBMSs are still applicable and if the new generation ofSGX can truly deliver on the promise to secure data without compromising on performance.
A Comprehensive Benchmark Suite for Intel SGX
- Computer ScienceArXiv
- 2022
The suite, SGXGauge, contains a diverse set of workloads such as blockchain codes, secure machine learning algorithms, lightweight web servers, secure key-value stores, etc and thoroughly characterize the behavior of the benchmark suite on a native platform and on a platform that uses a library OS-based shimming layer (GrapheneSGX).
A survey of Intel SGX and its applications
- Computer ScienceFrontiers Comput. Sci.
- 2021
A comprehensive survey on the development of Intel SGX (software guard extensions) processors and its applications and a systematic analysis of the related papers in this area is presented.
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
- Computer ScienceUSENIX Security Symposium
- 2016
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable isolation of software modules running concurrently and sharing resources, but protects against an…
SGX - TURVALISUSE JA JÕUDLUSE HINNANG
- Computer Science
- 2019
SGX virtualization uncovers interesting results both from systems and security perspectives, and important security features like key hierarchy, encryption and attestation are broken down.
References
SHOWING 1-10 OF 247 REFERENCES
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
- Computer ScienceUSENIX Security Symposium
- 2016
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable isolation of software modules running concurrently and sharing resources, but protects against an…
Innovative Technology for CPU Based Attestation and Sealing
- Computer Science
- 2013
The technology components that allow provisioning of secrets to an enclave include a method to generate a hardware based attestation of the software running inside an enclave and a means for enclave software to seal secrets and export them outside of the enclave such that only the same enclave software would be able un-seal them back to their original form.
Attacking Intel TXT via SINIT code execution hijacking
- Computer Science
- 2011
A software attack against Intel TXT is presented that exploits an implementation problem within a so called SINIT module, an internal part of theintel TXT infrastructure, that allows to fully bypassIntel TXT, Intel Launch Control Policy (LCP), and additionally also provides yet-another-way to compromise SMM code on the platform.
TrustVisor: Efficient TCB Reduction and Attestation
- Computer Science2010 IEEE Symposium on Security and Privacy
- 2010
TrustVisor is presented, a special-purpose hypervisor that provides code integrity as well as data integrity and secrecy for selected portions of an application that has a very small code base that makes verification feasible.
A Memory Encryption Engine Suitable for General Purpose Processors
- Computer ScienceIACR Cryptol. ePrint Arch.
- 2016
The purpose of this paper is to explain how this hardware component of SGX works, and the rationale behind some of its design choices, and to formalize the MEE threat model and security objectives, describe the Mee design, cryptographic properties, security margins, and report some concrete performance results.
SMM rootkit: a new breed of OS independent malware
- Computer ScienceSecur. Commun. Networks
- 2013
A proof of concept SMM rootkit is presented, exploring the potential of system management mode for malicious use by implementing a chipset level keylogger and a network backdoor capable of directly interacting with the network card to send logged keystrokes to a remote machine via UDP and receive remote command packets stealthily.
Architectural support for copy and tamper resistant software
- Computer ScienceSIGP
- 2000
The hardware implementation of a form of execute-only memory (XOM) that allows instructions stored in memory to be executed but not otherwise manipulated is studied, indicating that it is possible to create a normal multi-tasking machine where nearly all applications can be run in XOM mode.
Intel® Software Guard Extensions: EPID Provisioning and Attestation Services
- Computer Science
- 2016
This paper describes how the SGX attestation key are remotely provisioned to Intel SGX enabled platforms, the hardware primitives used to support the process, and the Intel Verification Service that simplifies the verification of an SGXattestation.
Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution
- Computer Science2014 47th Annual IEEE/ACM International Symposium on Microarchitecture
- 2014
Iso-X is proposed -- a flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces of an application such that they can execute securely even in the presence of untrusted system software.
Security Analysis of x86 Processor Microcode
- Computer Science
- 2014
It is shown that a malicious microcode update can potentially implement a new malicious instructions or alter the functionality of existing instructions, including processor-accelerated virtualization or cryptographic primitives, in order to subvert all software-enforced security policies and access controls.