SGX Enclave programming: common mistakes

Presented at REcon 2017, June 18, 2017, 1 p.m. (60 minutes)

No security technology is secure against programmer misuse. This talk implements a “Damn Vulnerable” approach to identifying bad programming practices that could undermine the security of SGX Enclaves, Intel’s new TEE technology. A deliberately created “DVSE” demonstrates and shames such practices that the author actually encountered during security evaluation and penetration testing of enclaved software. The talk also discusses the techniques used to identify and exploit such practices, and BKMs to avoid them.



Similar Presentations: