使用Intel SGX加强应用程序安全

2018 IEEE International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2018-07-01 DOI:10.1109/QRS.2018.00050

Max Plauth, Fredrik Teschke, D. Richter, A. Polze

{"title":"使用Intel SGX加强应用程序安全","authors":"Max Plauth, Fredrik Teschke, D. Richter, A. Polze","doi":"10.1109/QRS.2018.00050","DOIUrl":null,"url":null,"abstract":"The release of Intel's Software Guard Extensions (SGX) refueled the interest in trusted computing approaches across industry and academia. The corresponding hardware is available, but practical usage patterns and applications are still lacking notable prevalence rates. This paper addresses this gap by approaching trusted computing from the point of view of a software engineer. To help developers in overcoming the initial hurdles of integrating SGX with existing code bases, a small helper library is presented. Furthermore, hardening strategies are identified and applied in a case study based on the simple KISSDB database, demonstrating how SGX can be used in practice.","PeriodicalId":114973,"journal":{"name":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"16 2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Hardening Application Security Using Intel SGX\",\"authors\":\"Max Plauth, Fredrik Teschke, D. Richter, A. Polze\",\"doi\":\"10.1109/QRS.2018.00050\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The release of Intel's Software Guard Extensions (SGX) refueled the interest in trusted computing approaches across industry and academia. The corresponding hardware is available, but practical usage patterns and applications are still lacking notable prevalence rates. This paper addresses this gap by approaching trusted computing from the point of view of a software engineer. To help developers in overcoming the initial hurdles of integrating SGX with existing code bases, a small helper library is presented. Furthermore, hardening strategies are identified and applied in a case study based on the simple KISSDB database, demonstrating how SGX can be used in practice.\",\"PeriodicalId\":114973,\"journal\":{\"name\":\"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)\",\"volume\":\"16 2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/QRS.2018.00050\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS.2018.00050","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

英特尔软件防护扩展(SGX)的发布激起了工业界和学术界对可信计算方法的兴趣。相应的硬件是可用的，但是实际的使用模式和应用程序仍然缺乏显著的流行率。本文通过从软件工程师的角度接近可信计算来解决这一差距。为了帮助开发人员克服将SGX与现有代码库集成的最初障碍，本文提供了一个小的辅助库。此外，在基于简单KISSDB数据库的案例研究中，确定并应用了加固策略，演示了如何在实践中使用SGX。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Hardening Application Security Using Intel SGX

The release of Intel's Software Guard Extensions (SGX) refueled the interest in trusted computing approaches across industry and academia. The corresponding hardware is available, but practical usage patterns and applications are still lacking notable prevalence rates. This paper addresses this gap by approaching trusted computing from the point of view of a software engineer. To help developers in overcoming the initial hurdles of integrating SGX with existing code bases, a small helper library is presented. Furthermore, hardening strategies are identified and applied in a case study based on the simple KISSDB database, demonstrating how SGX can be used in practice.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)

自引率

0.00%

发文量