Enable New Security Models and Innovation
Intel® SGX protects selected code and data from disclosure or modification. Developers can partition their application into processor-hardened enclaves or protected areas of execution in memory that increase security even on compromised platforms. Using this new application-layer trusted execution environment, developers can enable identity and records privacy, secure browsing, and digital rights management (DRM), as well as harden endpoint protection or any high-assurance security use case that needs to safely store secrets or protect data.
- Confidentiality and integrity: Enforced at the operating system, BIOS, VMM, SMM, or TEE layers even in the presence of privileged malware.
- Low learning curve: A familiar operating system programming model integrates with the parent application and executes on the main processor.
- Remote attest and provision: A remote party can verify an application enclave identity and securely provision keys, credentials, and other sensitive data to the enclave.
- Small attack surface: The processor boundary becomes the attack surface perimeter—all data, memory, and I/O outside this perimeter is encrypted.
A Developer Perspective