Trusted Code Execution on Untrusted Platform Using Intel SGX

Presented at VB2016, Oct. 5, 2016, 4:30 p.m. (30 minutes)

Today, isolated trusted computation and code execution is of paramount importance to protect sensitive information and workflows from other malicious privileged or unprivileged software. *Intel Software Guard Extensions* (*SGX*), is a set of security architecture extensions introduced in the *Skylake* microarchitecture that enables a Trusted Execution Environment (TEE). It provides an 'inverse sandbox', for sensitive programs, and guarantees the integrity and confidentiality of secure computations even from the most privileged malicious software (e.g. OS, Hypervisor). *SGX*-capable CPUs only became available in production systems in Q3 2015, however they are not yet fully supported and adopted in systems. Besides the capability in the CPU, the BIOS also needs to provide support for the enclaves, and not many vendors have released the required updates for the system support. This led to many wrong assumptions being made about the capabilities, features, and ultimately dangers of secure enclaves. By having access to resources and publications such as white papers, patents and the actual *SGX*-capable hardware and software development environment, we are in a privileged position to be able to investigate and demystify *SGX*. In this paper, we first review the previous Trusted Execution technologies, such as *ARM Trust Zone* and* Intel TXT*, to better understand and appreciate the new innovations of *SGX*. Then we look at the details of *SGX* technology, cryptographic primitives and the underlying concepts that power it, namely the sealing, attestation, and the Memory Encryption Engine (MEE). Then we look at the use cases such as trusted and secure code execution on an untrusted cloud platform, and Digital Rights Management (DRM). This is followed by an overview of the software development environment and the available libraries.

Presenters:

• Amirali Sanatinia - Northeastern University
  Amirali Sanatinia Amirali Sanatinia is a Computer Science PhD student at Northeastern advised by Professor Guevara Noubir, and holds a Bachelors degree in CS from St Andrews University. His research focusses on cyber security and privacy, and was covered by venues such as MIT Technology Review and ACM Tech News. He is also the OWASP Boston NEU Student chapter founder and leader. @sanatinia
• Prof. Guevara Noubir - Northeastern University
  Guevara Noubir Guevara Noubir holds a Ph.D. in computer science from EPFL and is currently a professor at Northeastern University. His research focuses on privacy and security. He is a recipient of the National Science Foundation CAREER Award (2005). He led the winning team of the 2013 DARPA Spectrum Cooperative Challenge. Dr Noubir has held visiting research positions at Eurecom, MIT, and UNL. He served as program co-chair of several conferences in his areas of expertise such as the ACM Conference on Security and Privacy in Wireless and Mobile Networks, and IEEE Conference on Communications and Network Security. He serves on the editorial board of the ACM Transaction on Information and Systems Security, and IEEE Transaction on Mobile Computing.

Links:

• https://www.virusbulletin.com/conference/vb2016/abstracts/trusted-code-execution-untrusted-platform-using-intel-sgx

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Poetically Opaque (or other John Updike Quotes)
• Black Hat USA 2016 / SGX Secure Enclaves in Practice: Security and Crypto Review
• TROOPERS18 (2018) / The Wolf In SGX Clothing