Intel SGX Explained
@article{Costan2016IntelSE, title={Intel SGX Explained}, author={Victor Costan and Srinivas Devadas}, journal={IACR Cryptol. ePrint Arch.}, year={2016}, volume={2016}, pages={86} }
Intel’s Software Guard Extensions (SGX) is a set of extensions to the Intel architecture that aims to provide integrity and confidentiality guarantees to securitysensitive computation performed on a computer where all the privileged software (kernel, hypervisor, etc) is potentially malicious. This paper analyzes Intel SGX, based on the 3 papers [14, 78, 137] that introduced it, on the Intel Software Developer’s Manual [100] (which supersedes the SGX manuals [94, 98]), on an ISCA 2015 tutorial…
Figures and Tables from this paper
figure 1 table 1 figure 2 table 2 figure 3 table 3 figure 4 table 4 table 5 figure 6 table 6 figure 8 table 8 figure 9 table 9 figure 10 table 10 figure 11 table 11 figure 12 table 12 figure 13 table 13 figure 14 table 14 figure 15 table 15 figure 16 table 16 figure 17 table 17 figure 18 table 18 figure 19 table 19 figure 20 table 20 figure 21 table 21 figure 22 table 22 figure 23 table 23 figure 24 table 24 figure 25 figure 26 figure 27 figure 28 figure 29 figure 30 figure 31 figure 32 figure 33 figure 34 figure 35 figure 36 figure 37 figure 38 figure 39 figure 40 figure 41 figure 42 figure 43 figure 44 figure 45 figure 46 figure 47 figure 48 figure 49 figure 50 figure 51 figure 52 figure 53 figure 54 figure 55 figure 56 figure 57 figure 58 figure 59 figure 60 figure 61 figure 62 figure 63 figure 64 figure 65 figure 66 figure 67 figure 68 figure 69 figure 70 figure 71 figure 72 figure 73 figure 74 figure 75 figure 76 figure 77 figure 78 figure 79 figure 80 figure 81 figure 82 figure 83 figure 84 figure 85 figure 86 figure 91 figure 93 figure 94
1,114 Citations
Secure Programming with Intel SGX and Novel Applications
- Computer Science
- 2017
The thesis describes the implementation of a prototype decryption device for the Accountable Decryption protocol, a novel protocol that can provide confidentiality and integrity guarantees by using the SGX technology.
SGAxe: How SGX Fails in Practice
- Computer Science
- 2020
It is shown how CacheOut can be leveraged to compromise the confidentiality and the integrity of a victim enclave’s long-term storage and the impact of the attack on two proposed SGX applications, the Signal communication app and Town Crier, an SGX-based blockchain application.
TRUSTED CODE EXECUTION ON UNTRUSTED PLATFORMS USING INTEL SGX
- Computer Science
- 2016
The previous trusted execution technologies are reviewed to better understand and appreciate the new innovations of SGX and use cases such as trusted and secure code execution on an untrusted cloud platform, and digital rights management (DRM).
Secure Processors Part II: Intel SGX Security Analysis and MIT Sanctum Architecture
- Computer ScienceFound. Trends Electron. Des. Autom.
- 2017
The MIT Sanctum processor developed by the authors is introduced: a system designed to offer stronger security guarantees, lend itself better to analysis and formal verification, and offer a more straightforward and complete threat model than the Intel system, all with an equivalent programming model.
Leveraging Intel SGX to Create a Nondisclosure Cryptographic library
- Computer ScienceArXiv
- 2017
The Intel SGX is leveraged to produce a secure cryptographic library which keeps the generated keys inside an enclave restricting use and dissemination of confidential cryptographic keys.
Benchmarking the Second Generation of Intel SGX Hardware
- Computer ScienceDaMoN
- 2022
A first systematic performance study of Intel SGXv2 is conducted and it is compared to the previous generation of SGX to answer the question whether previous efforts to overcome the limitations of SGZ for DBMSs are still applicable and if the new generation ofSGX can truly deliver on the promise to secure data without compromising on performance.
A Comprehensive Benchmark Suite for Intel SGX
- Computer ScienceArXiv
- 2022
The suite, SGXGauge, contains a diverse set of workloads such as blockchain codes, secure machine learning algorithms, lightweight web servers, secure key-value stores, etc and thoroughly characterize the behavior of the benchmark suite on a native platform and on a platform that uses a library OS-based shimming layer (GrapheneSGX).
A survey of Intel SGX and its applications
- Computer ScienceFrontiers Comput. Sci.
- 2021
A comprehensive survey on the development of Intel SGX (software guard extensions) processors and its applications and a systematic analysis of the related papers in this area is presented.
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
- Computer ScienceUSENIX Security Symposium
- 2016
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable isolation of software modules running concurrently and sharing resources, but protects against an…
SGX - TURVALISUSE JA JÕUDLUSE HINNANG
- Computer Science
- 2019
SGX virtualization uncovers interesting results both from systems and security perspectives, and important security features like key hierarchy, encryption and attestation are broken down.
References
SHOWING 1-10 OF 247 REFERENCES
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
- Computer ScienceUSENIX Security Symposium
- 2016
Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable isolation of software modules running concurrently and sharing resources, but protects against an…
Innovative Technology for CPU Based Attestation and Sealing
- Computer Science
- 2013
The technology components that allow provisioning of secrets to an enclave include a method to generate a hardware based attestation of the software running inside an enclave and a means for enclave software to seal secrets and export them outside of the enclave such that only the same enclave software would be able un-seal them back to their original form.
Attacking Intel TXT via SINIT code execution hijacking
- Computer Science
- 2011
A software attack against Intel TXT is presented that exploits an implementation problem within a so called SINIT module, an internal part of theintel TXT infrastructure, that allows to fully bypassIntel TXT, Intel Launch Control Policy (LCP), and additionally also provides yet-another-way to compromise SMM code on the platform.
TrustVisor: Efficient TCB Reduction and Attestation
- Computer Science2010 IEEE Symposium on Security and Privacy
- 2010
TrustVisor is presented, a special-purpose hypervisor that provides code integrity as well as data integrity and secrecy for selected portions of an application that has a very small code base that makes verification feasible.
A Memory Encryption Engine Suitable for General Purpose Processors
- Computer ScienceIACR Cryptol. ePrint Arch.
- 2016
The purpose of this paper is to explain how this hardware component of SGX works, and the rationale behind some of its design choices, and to formalize the MEE threat model and security objectives, describe the Mee design, cryptographic properties, security margins, and report some concrete performance results.
SMM rootkit: a new breed of OS independent malware
- Computer ScienceSecur. Commun. Networks
- 2013
A proof of concept SMM rootkit is presented, exploring the potential of system management mode for malicious use by implementing a chipset level keylogger and a network backdoor capable of directly interacting with the network card to send logged keystrokes to a remote machine via UDP and receive remote command packets stealthily.
Architectural support for copy and tamper resistant software
- Computer ScienceSIGP
- 2000
The hardware implementation of a form of execute-only memory (XOM) that allows instructions stored in memory to be executed but not otherwise manipulated is studied, indicating that it is possible to create a normal multi-tasking machine where nearly all applications can be run in XOM mode.
Intel® Software Guard Extensions: EPID Provisioning and Attestation Services
- Computer Science
- 2016
This paper describes how the SGX attestation key are remotely provisioned to Intel SGX enabled platforms, the hardware primitives used to support the process, and the Intel Verification Service that simplifies the verification of an SGXattestation.
Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution
- Computer Science2014 47th Annual IEEE/ACM International Symposium on Microarchitecture
- 2014
Iso-X is proposed -- a flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces of an application such that they can execute securely even in the presence of untrusted system software.
Security Analysis of x86 Processor Microcode
- Computer Science
- 2014
It is shown that a malicious microcode update can potentially implement a new malicious instructions or alter the functionality of existing instructions, including processor-accelerated virtualization or cryptographic primitives, in order to subvert all software-enforced security policies and access controls.