Functional Encryption using Intel SGX


{\sc{Iron}}: Functional Encryption using Intel SGX
Ben A Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov
Functional encryption (FE) is an extremely powerful cryptographic mechanism that lets an authorized entity compute on encrypted data, and learn the results in the clear. However, all current cryptographic instantiations for general FE are too impractical to be implemented. We build {\sc{Iron}}, a practical and usable FE system using Intel’s recent Software Guard Extensions (SGX). We show that {\sc{Iron}} can be applied to complex functionalities, and even for simple functions, outperforms the best known cryptographic schemes. We argue security by modeling FE in the context of hardware elements, and prove that {\sc{Iron}} satisfies the security model.




more on SCONE

Re: SCONE, mentioned here: https://firmwaresecurity.com/2017/01/07/secure-linux-containers-with-intel-sgx/


SCONE: Secure Linux Containers with Intel SGX
Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, Christof Fetzer

In multi-tenant environments, Linux containers managed by Docker or Kubernetes have a lower resource footprint, faster startup times, and higher I/O performance compared to virtual machines (VMs) on hypervisors. Yet their weaker isolation guarantees, enforced through software kernel mechanisms, make it easier for attackers to compromise the confidentiality and integrity of application data within containers. We describe SCONE, a secure container mechanism for Docker that uses the SGX trusted execution support of Intel CPUs to protect container processes from outside attacks. The design of SCONE leads to (i) a small trusted computing base (TCB) and (ii) a low performance overhead: SCONE offers a secure C standard library interface that transparently encrypts/decrypts I/O data; to reduce the performance impact of thread synchronization and system calls within SGX enclaves, SCONE supports user-level threading and asynchronous system calls. Our evaluation shows that it protects unmodified applications with SGX, achieving 0.6✓–1.2✓ of native throughput.[…]





Secure Linux containers with Intel SGX

Diogo Mónica, Security Lead at Docker, posts this:

We looked at Haven earlier this year, which demonstrated how Intel’s SGX could be used to shield an application from an untrusted cloud provider. Today’s paper choice, SCONE, looks at how to employ similar ideas in the context of containers.[…] What’s the best way to adapt a container to run within an enclave, accommodating all of the restrictions that come with that? Can it be done in a way that doesn’t break compatibility with existing container platforms (e.g., Docker)? Will the end result pay too high a performance overhead to be usable in practice? […]

SCONE: Secure Linux containers with Intel SGX


Intel SGX tutorial part 4 to be released shortly

John M. of Intel has a new blog post with status on his next Intel SGX tutorial. Nice, it looks like there are many upcoming articles!

[…] Part 4 of the Intel Software Guard Extensions (Intel SGX) Tutorial Series will be coming out in the next few days. In it, we’ll be starting our enclave implementation, focusing on the bridge/proxy functions for the enclave itself as well as the middleware layer needed for the C++ code to interact with it. If you recall from the introduction, we are planning five broad phases in the series. With part 4 we complete our transition from the first phase, which focused on concepts and design, to the development and integration in the second. I want to take a few minutes to talk about what else is coming up and roughly where we are headed over the coming weeks. Part 5 will complete the development of the enclave. While part 4 is focused on the enclave interface layer and the enclave definition language (EDL), in part 5 we will code up the internals of enclave itself. In part 6, we’ll add support for dual code paths so that the application runs on hardware that is both Intel SGX capable and incapable. In a change from our original plan for the series, part 7 will look at power events (specifically, suspend and resume) and its impact on enclaves. After that, we’ll enter into the third phase of the tutorial which focuses on testing and validation. Here, we’ll demonstrate that Intel SGX is providing the expected security benefits. We’ll also look at tuning the enclave configuration to better match our usage. The final two phases, packaging and deployment, and disposition, will follow.




Intel SGX tutorial part3 published today

Thanks to John M. of Intel for noting on this blog that part 3 of his tutorial is now available:




“In Part 3 of the Intel® Software Guard Extensions (Intel® SGX) tutorial series we’ll talk about how to design an application with Intel SGX in mind. We’ll take the concepts that we reviewed in Part 1, and apply them to the high-level design of our sample application, the Tutorial Password Manager, laid out in Part 2. We’ll look at the overall structure of the application and how it is impacted by Intel SGX and create a class model that will prepare us for the enclave design and integration.”[…]


Intel SGX tutorial, part 3 underway

If you haven’t seen the Intel SGX tutorial, the first 2 parts are out, and the 3rd part is nearly out:


It sounds like part3 is nearly out:






parse_enclave.py takes an enclave in binary form and extracts some metadata

parse_quote.py takes a quote in binary form and extracts its fields

parse_sealed.py takes a sealed blob of data and extracts its fields