Leveraging Intel SGX Technology to Protect Security Sensitive Applications

Sobchuk, Joseph M.; O'melia, Sean R.; Utin, Dan M.; Khazan, Roger I.

Leveraging Intel SGX Technology to Protect Security Sensitive Applications

Active / Technical Report | Accesssion Number: AD1054456 |

Open PDF

Abstract:

This report explains the basic process by which Intel Software Guard Extensions (SGX) can be leveraged into an existing codebase to protect a security-sensitive application. Intel SGX provides user-level applications with hardware-enforced confidentiality and integrity protections. These protections apply to all three phases of the operational data lifecycle: at rest, in use, and in transit. SGX shrinks the trusted computing base (and therefore the attack surface) of the application to only the hardware on the CPU chip and the portion of the applications software that is executed within the protected enclave. The SGX SDK enables relatively straightforward integration into existing C/C++ codebases while still ensuring program support for legacy and non-Intel platforms.

Author(s):

Sobchuk, Joseph M. ; O'melia, Sean R. ; Utin, Dan M. ; Khazan, Roger I.

Author Organization(s):

MASSACHUSETTS INST OF TECH LEXINGTON

Funding Organization(s):

Publication Date:

2018 Jan 29

Pagination:

0

Security Markings

RECORD

Collection: TRECMS

Subject Terms

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

debugging, computer programs, simulations, software development, computer programming, cryptography, firmware, authentication, boundaries, computers, data storage systems, instructions, materials, microarchitecture, compilers, computing system architectures, environment

Keyword(s):

SGX(Software Guard Extensions), mee(Memory Encryption Engine), dram(main memory), vmm(virtual machine monitor), tcb(trusted computing base)

Subject Categories:

Mathematical and Computer Sciences

Update Date:

2018 Jun 29