Leveraging Intel SGX Technology to Protect Security-Sensitive Applications
Autor: | Daniil M. Utin, Sean O'Melia, Roger Khazan, Joseph Sobchuk |
---|---|
Rok vydání: | 2018 |
Předmět: |
Computer science
business.industry media_common.quotation_subject 020206 networking & telecommunications Cloud computing 02 engineering and technology computer.software_genre Memory management Debugging 0202 electrical engineering electronic engineering information engineering Operating system 020201 artificial intelligence & image processing Central processing unit business computer media_common Codebase |
Zdroj: | NCA |
DOI: | 10.1109/nca.2018.8548184 |
Popis: | This paper explains the process by which Intel Software Guard Extensions (SGX) can be leveraged into an existing codebase to protect a security-sensitive application. Intel SGX provides user-level applications with hardware-enforced confidentiality and integrity protections and incurs manageable impact on performance. These protections apply to all three phases of the operational data lifecycle: at rest, in use, and in transit. SGX shrinks the trusted computing base (and therefore the attack surface) of the application to only the hardware on the CPU chip and the portion of the application's software that is executed within the protected enclave. The SDK enables SGX integration into existing C/C++ codebases while still ensuring program support for legacy and non-Intel platforms. This paper is the first published work to walk through the step-by-step process of Intel SGX integration with examples and performance results from an actual cryptographic application produced in a standard Linux development environment. |
Databáze: | OpenAIRE |
Externí odkaz: |