In my previous two blog posts I provided an overview of the Intel® SGX design objectives. Without further ado, below is a more detailed description of the remaining design objectives.
As a reminder, I highlighted these eight design objectives for Intel® SGX:
- Allow application developers to protect sensitive data from unauthorized access or modification by rogue software running at higher privilege levels.
- Enable applications to preserve the confidentiality and integrity of sensitive code and data without disrupting the ability of legitimate system software to schedule and manage the use of platform resources.
- Enable consumers of computing devices to retain control of their platforms and the freedom to install and uninstall applications and services as they choose.
- Enable the platform to measure an application’s trusted code and produce a signed attestation, rooted in the processor, that includes this measurement and other certification that the code has been correctly initialized in a trustable environment.
- Enable the development of trusted applications using familiar tools and processes.
- Allow the performance of trusted applications to scale with the capabilities of the underlying application processor.
- Enable software vendors to deliver trusted applications and updates at their cadence, using the distribution channels of their choice.
- Enable applications to define secure regions of code and data that maintain confidentiality even when an attacker has physical control of the platform and can conduct direct attacks on memory.
In my previous two posts I expanded upon the first five objectives. In this post, I will review the remaining 3.
Objective 6 – Allow the performance of trusted applications to scale with the capabilities of the underlying application processor.
This objective builds from this idea of minimizing disruption to current development processes. One of the significant contributors to the software spiral has been the ability of software developers to take full advantage of increasing processor performance. For maximum utility, trusted applications should not incur significant performance penalties.
Objective 7 – Enable software vendors to deliver trusted applications and updates at their cadence, using the distribution channels of their choice.
If the proposed solution requires independent software vendors (ISVs) to work closely with platform manufacturers in order to pre-provision their applications at platform manufacturing time, or deliver updates only integrated with other platform level firmware and software updates, also it would drastically impede the ability of application providers to deliver innovation.
Objective 8 – Enable applications to define secure regions of code and data that maintain confidentiality even when an attacker has physical control of the platform and can conduct direct attacks on memory.
Given the number of ways that an adversary can choose to attack a platform that he or she has in his or her physical possession, an effective solution must provide protection from many types of hardware attacks. Researchers at Princeton University demonstrated one such attack: https://citp.princeton.edu/research/memory/. Many other attacks are possible using memory bus analyzers and related techniques.
Well this is it for the design objectives. I'll be back again when Intel is ready to provide more Intel® SGX information and resources.