80 Search Results

A Mutually-Trusted Enclave Inspection

Last updated: February 12, 2019

Hardware protects enclave contents in the cloud, resulting with providers being unable to enforce policy compliance. Use the EnGarde system to ensure compliance.

Secure Genome Analysis

Last updated: October 2, 2018

This video is about Secure Genome Analysis with Intel® SGX Data Privacy.

Use Oblivious Multiparty Machine Learning on Trusted Processors

Last updated: October 2, 2018

Guaranteeing the privacy of individual datasets requires a careful use of machine learning algorithms. Learn about a recommended algorithm and where to use it.

Efficient Two-Party Secure Function Evaluation

Last updated: October 2, 2018

This evaluation method's extensive use of cryptographic operations make protocols too slow for practical use. But, Intel® Software Guard Extensions provides an environment to address these concerns.

A Scalable Private Membership Test Using Trusted Hardware

Last updated: October 2, 2018

In cloud-assisted services, it's possible to infer users' personal traits. A private membership test can remove this privacy concern.

Protect the Privacy of Genetic Data from Rare Diseases

Last updated: October 2, 2018

PRINCESS analyzes genetic data from rare diseases across different continents. It is a privacy-preserving international collaboration framework that uses Intel® Software Guard Extensions for trustworthy computation.

Code Samples: A Privacy-Protecting Framework to Analyze Rare Diseases

Last updated: October 2, 2018

Get resources for setting up and using PRINCESS to study DNA using encryption functions in Intel® Software Guard Extensions.

A Privacy-Preserving Estimate of Individual Admixtures

Last updated: October 2, 2018

Identifying patients' demographic histories is important for biomedical research. Learn how multiple sites can securely collaborate in a secure enclave.

Achieve Secure Many-Party Applications

Last updated: October 1, 2018

A trusted third party (TTP) achieves secure multiparty computation between a small amount of participants. Intel® Software Guard Extensions is the most promising trustworthy remote entity (TRE) for many-party applications.

An Authenticated Data Feed for Smart Contracts

Last updated: October 1, 2018

Town Crier acts as a bridge between smart contracts and existing websites that are already trusted for nonblockchain applications. Its blockchain front end and trusted hardware back end serve source-authenticated data to relying smart contracts.

Payment Channels That Use Trusted Execution Environments

Last updated: October 1, 2018

Blockchain protocols have a limited transaction throughput and latency. Off-chain payment channels attempt to address performance issues, but a secure deployment is hard. Learn how the Teechan framework resolves these issues.

An Efficient Blockchain Consensus Protocol

Last updated: October 1, 2018

Access designs for blockchain consensus primitives and a novel blockchain system that are based on trusted execution environments (TEE), such as CPUs that are enabled for Intel® Software Guard Extensions.

Secure Network Functions at Near-Native Speed

Last updated: October 1, 2018

Outsourcing software middleboxes raises severe security concerns. LightBox enables enterprises to safely forward packets to the enclaved middlebox for processing without unreasonable overhead.

Preserve the Privacy of Routing Policies at Internet Exchange Points

Last updated: October 1, 2018

Internet exchange points (IXP) help network service providers obtain connectivity but provide no guarantees for privacy enforcement. Learn about an approach that enforces the privacy of peering relationships and routing policies.

Secure & Transparent Termination of Transport Layer Security

Last updated: October 1, 2018

TaLoS is a replacement for existing transport layer security (TLS) libraries. It imposes a maximum of 31 percent overhead by minimizing the amount of enclave transitions and reducing the remainder.

Code Samples: Secure & Transparent Termination of Transport Layer Security

Last updated: October 1, 2018

TaLoS has a streamlined interface to process transport layer security (TLS) communications. Use these samples to securely send HTTPS requests and responses to another enclave or for encryption before logging them to persistent storage.

Overcome Network Function Virtualization (NFV) Security Issues in the Cloud

Last updated: October 1, 2018

Intel® Software Guard Extensions protects network functions, but its usability in arbitrary NFV applications and performance is questionable. Learn how to use this tool for network deployments.

Documentation | Securing NFV States Using Intel® SGX Documentation

Last updated: October 1, 2018

A new protection scheme, S-NFV that incorporates Intel® SGX to securely isolate the states of NFV applications.

Secure Network Function Virtualization (NFV) States

Last updated: October 1, 2018

Learn about a new protection scheme that incorporates Intel® Software Guard Extensions to securely isolate the states of NFV applications.

How Return-Oriented Programming is Used Against Secure Enclaves

Last updated: October 1, 2018

Despite protection from Intel® Software Guard Extensions, vulnerabilities are expected in nontrivial applications. Explore exploitation techniques that prevent vulnerabilities inside enclaves.

Code Samples: Tell Your Secrets without Page Faults

Last updated: October 1, 2018

Hostile software can extract sensitive data from enclaves by revoking access rights and then recording the page faults. Learn about an even greater threat: how an untrusted operating system observes enclave page accesses without page faults.

High-Resolution Side Channels for Untrusted Operating Systems

Last updated: October 1, 2018

Mass-market operating systems have a history of vulnerabilities. For an untrusted operating system, use two side channels achieve higher temporal and spatial resolution.

An Analysis of Side-Channel Attacks on Secure Enclaves

Last updated: October 1, 2018

Review the results of attacks on SSL and TLS implementations in Intel® Software Guard Extension enclaves.

How Intel® Software Guard Extensions Amplifies the Power of Cache Attacks

Last updated: October 1, 2018

The trusted execution environment in this application disregards side-channel attacks. Explore how CacheZoom virtually tracks all memory accesses and recovers AES keys.

Cache Attacks on Intel® Software Guard Extensions

Last updated: October 1, 2018

This case study demonstrates that enclaves are vulnerable against cache-timing attacks.

Exploit Synchronization Bugs in Enclaves

Last updated: October 1, 2018

Synchronization bugs that used to be considered harmless can cause severe security vulnerabilities for Intel® Software Guard Extensions. AsyncShock exploits these bugs in multithreaded code that runs within this application.

Deterministic Side Channels for Untrusted Operating Systems

Last updated: October 1, 2018

Controlled channel attacks (a type of side-channel attack) can allow an untrusted operating system to extract sensitive information from protected applications. Explore the extent of these attacks through extracted documents and images.

Infer Fine-Grained Control Flow Inside Enclaves with Branch Shadowing

Last updated: October 1, 2018

Explore a side-channel attack that can reveal fine-grained control flows of an enclave program that runs on Intel® Software Guard Extensions hardware.

Conceal Cache Attacks

Last updated: October 1, 2018

In the cloud, the hypervisor isolates tenants from other tenants that are co-located on the same physical machine. But, it does not protect against the cloud provider. Learn about a mechanism that resolves this scenario.

A Practical Use for Cache Attacks

Last updated: October 1, 2018

Side-channel information leaks are a known limitation of Intel® Software Guard Extensions (Intel® SGX). This study focuses on the extent of those leaks.

Automatic Application Partitioning

Last updated: September 27, 2018

Trusted execution support in modern CPUs can protect applications in untrusted environments, resulting with a large trusted computing base (TCB). Explore an approach that results with a smaller TCB.

Protect Cache-Based Side-Channels Using Hardware Transactional Memory

Last updated: September 27, 2018

Address side-channel attacks in multitenant environments, such as cloud data centers.

Formal Abstractions for Attested Execution in Secure Processors

Last updated: September 27, 2018

Realistic secure processors, including for academic and commercial purposes, commonly realize “attested execution” abstractions. Learn about formal abstractions for secure processors and explore their power.

Towards Safe Enclaves

Last updated: September 27, 2018

Protected module architectures, like the recently launched Intel® Software Guard Extensions (Intel® SGX), make it possible to protect individual software modules of an application against attacks from other modules of the application, or from the...

Moat: Verifying Confidentiality Properties of Enclave Programs

Last updated: September 27, 2018

Security-critical applications constantly face threats from exploits in lower computing layers such as the operating system, virtual machine monitors, or even attacks from malicious administrators. To help protect application secrets from such...

A Design and Verification Method for Secure Isolated Regions

Last updated: September 27, 2018

Hardware support for isolated execution keeps code and data confidential even on a hostile or compromised host. Learn an application design method that enables certification for confidentiality.

A Minimal Approach to State Continuity

Last updated: September 27, 2018

Protected module architectures isolate sensitive parts of an application while it's running. Adriane provides additional security measures to ensure a recovery or fail stop if the system goes down.

Use Transparent Enclaves to Prove and Sell Knowledge

Last updated: September 27, 2018

Trusted hardware systems provide confidentiality and integrity for applications but leave them open to side-channel attacks. A Sealed-Glass Proof cryptographic primitive allows safe, verifiable computing in zero knowledge (along with other uses).

Foundations of Hardware-Based Attested Computation

Last updated: September 27, 2018

New capabilities in trusted hardware allow code to run in isolated environments and securely report to remote parties. Learn about three cryptographic tools that are associated with the new generation of trusted hardware solutions.

A Distributed Sandbox for Untrusted Computation on Secret Data

Last updated: September 27, 2018

Users of data processing services (such as tax preparation or genomic screening) are forced to trust those agencies with secret data. Ryoan accomplishes this task through hardware and a request-oriented data model

Memory Safety for Shielded Execution

Last updated: September 27, 2018

Shielded execution based on Intel® Software Guard Extensions secures legacy applications on untrusted platforms, but they are still vulnerable to memory attacks. SGXBounds is an efficient approach for shielded execution to help prevent attacks.

Code Samples: Preserve Data Confidentiality & Integrity in Apache ZooKeeper*

Last updated: September 27, 2018

Cloud computing has trust issues for applications that manage sensitive data. Get resources for using Intel® Software Guard Extensions with an enhanced version of ZooKeeper* (SecureKeeper) to manage this information.

Enable Address Space Layout Randomization (ASLR)

Last updated: September 27, 2018

ASLR defends against memory corruption attacks. However, Intel® Software Guard Extensions lacks this feature. Learn how SGX-Shield (an ASLR scheme) deploys randomness in memory layouts and stops memory corruption attacks.

Eradicate Controlled-Channel Attacks Against Enclave Programs

Last updated: September 27, 2018

Enclaves are vulnerable to accurate controlled-channel attacks from malicious operating systems. Use T-SGX as a complete mitigation solution to the controlled-channel attack.

Trustworthy Data Analytics in the Cloud

Last updated: September 27, 2018

Verifiable Confidential Cloud Computing (VC3) runs distributed MapReduce computations in the cloud. It keeps code and data secret, and ensures correct and complete results.

IP Protection for Portable Executable Packing Schemes

Last updated: September 27, 2018

These schemes blur the binary code in a target program and protects proprietary code against analysis and reverse engineering. However, the prepended decryption or decompression code is a target. Learn how to thwart these attacks.

Code Samples: Exitless Services for Enclaves

Last updated: September 27, 2018

Running I/O-intensive, memory-demanding server applications in enclaves incur high costs for exits. Address these performance issues in Eleos by enabling exitless system calls and paging in enclaves.

An Oblivious & Encrypted Distributed Analytics Platform

Last updated: September 27, 2018

The Opaque platform supports a wide range of queries while providing strong security guarantees.

Code Samples: Enable Analytics for Sensitive Data in an Untrusted Cloud

Last updated: September 27, 2018

The Opaque package for the Apache Spark* SQL enables encryption for DataFrames that use Intel® Software Guard Extensions trusted hardware.

Secure Processors (Part 1): Background & Taxonomy

Last updated: September 27, 2018

Minimize trusted software with practical trusted hardware and reasonable performance overhead using an isolation container primitive.

Pages