The antivirus-centric conference VirusBulletin is happening this October, and there’s an Intel SGX talk on the agenda:
Trusted Code Execution on Untrusted Platform Using Intel SGX
Prof. Guevara Noubir (Northeastern University)
Amirali Sanatinia (Northeastern University)
Today, isolated trusted computation and code execution is of paramount importance to protect sensitive information and workflows from other malicious privileged or unprivileged software. Intel Software Guard Extensions (SGX), is a set of security architecture extensions introduced in the Skylake microarchitecture that enables a Trusted Execution Environment (TEE). It provides an ‘inverse sandbox’, for sensitive programs, and guarantees the integrity and confidentiality of secure computations even from the most privileged malicious software (e.g. OS, Hypervisor). SGX-capable CPUs only became available in production systems in Q3 2015, however they are not yet fully supported and adopted in systems. Besides the capability in the CPU, the BIOS also needs to provide support for the enclaves, and not many vendors have released the required updates for the system support. This led to many wrong assumptions being made about the capabilities, features, and ultimately dangers of secure enclaves. By having access to resources and publications such as white papers, patents and the actual SGX-capable hardware and software development environment, we are in a privileged position to be able to investigate and demystify SGX. In this paper, we first review the previous Trusted Execution technologies, such as ARM Trust Zone and Intel TXT, to better understand and appreciate the new innovations of SGX. Then we look at the details of SGX technology, cryptographic primitives and the underlying concepts that power it, namely the sealing, attestation, and the Memory Encryption Engine (MEE). Then we look at the use cases such as trusted and secure code execution on an untrusted cloud platform, and Digital Rights Management (DRM). This is followed by an overview of the software development environment and the available libraries.
https://www.virusbulletin.com/conference/vb2016/abstracts/trusted-code-execution-untrusted-platform-using-intel-sgx
https://www.virusbulletin.com/conference/vb2016/programme
You must be logged in to post a comment.