Leveraging Intel SGX Technology to Protect Security-Sensitive Applications

2018 IEEE 17th International Symposium on Network Computing and Applications (NCA) Pub Date : 2018-01-29 DOI:10.1109/NCA.2018.8548184

Joseph Sobchuk, Sean R. O'Melia, Daniil M. Utin, R. Khazan

{"title":"Leveraging Intel SGX Technology to Protect Security-Sensitive Applications","authors":"Joseph Sobchuk, Sean R. O'Melia, Daniil M. Utin, R. Khazan","doi":"10.1109/NCA.2018.8548184","DOIUrl":null,"url":null,"abstract":"This paper explains the process by which Intel Software Guard Extensions (SGX) can be leveraged into an existing codebase to protect a security-sensitive application. Intel SGX provides user-level applications with hardware-enforced confidentiality and integrity protections and incurs manageable impact on performance. These protections apply to all three phases of the operational data lifecycle: at rest, in use, and in transit. SGX shrinks the trusted computing base (and therefore the attack surface) of the application to only the hardware on the CPU chip and the portion of the application's software that is executed within the protected enclave. The SDK enables SGX integration into existing C/C++ codebases while still ensuring program support for legacy and non-Intel platforms. This paper is the first published work to walk through the step-by-step process of Intel SGX integration with examples and performance results from an actual cryptographic application produced in a standard Linux development environment.","PeriodicalId":268662,"journal":{"name":"2018 IEEE 17th International Symposium on Network Computing and Applications (NCA)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-01-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE 17th International Symposium on Network Computing and Applications (NCA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NCA.2018.8548184","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

This paper explains the process by which Intel Software Guard Extensions (SGX) can be leveraged into an existing codebase to protect a security-sensitive application. Intel SGX provides user-level applications with hardware-enforced confidentiality and integrity protections and incurs manageable impact on performance. These protections apply to all three phases of the operational data lifecycle: at rest, in use, and in transit. SGX shrinks the trusted computing base (and therefore the attack surface) of the application to only the hardware on the CPU chip and the portion of the application's software that is executed within the protected enclave. The SDK enables SGX integration into existing C/C++ codebases while still ensuring program support for legacy and non-Intel platforms. This paper is the first published work to walk through the step-by-step process of Intel SGX integration with examples and performance results from an actual cryptographic application produced in a standard Linux development environment.

查看原文本刊更多论文

利用英特尔SGX技术保护对安全敏感的应用

本文解释了将Intel Software Guard Extensions (SGX)利用到现有代码库中以保护对安全敏感的应用程序的过程。英特尔SGX为用户级应用程序提供硬件强制的机密性和完整性保护，并对性能产生可管理的影响。这些保护适用于操作数据生命周期的所有三个阶段:静态、使用和传输。SGX将应用程序的可信计算基础(以及攻击面)缩小到仅CPU芯片上的硬件和在受保护区域内执行的部分应用程序软件。该SDK使SGX能够集成到现有的C/ c++代码库中，同时仍然确保程序对传统和非英特尔平台的支持。本文是第一个通过在标准Linux开发环境中生成的实际加密应用程序的示例和性能结果逐步介绍英特尔SGX集成过程的出版作品。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE 17th International Symposium on Network Computing and Applications (NCA)

自引率

0.00%

发文量