196 Search Results

Refine by

    Results for:

Code Sample: Gateway Key Provisioning and Secure Signing using Intel® Software Guard Extensions

Published on June 21, 2019

This application demonstrates the use of Intel® SGX to protect the private key of an asymmetric ECC 256 key pair.

Getting Started with Intel® Software Guard Extensions (Intel® SGX) on the Intel VCA Card

Published on June 7, 2019By John M.

This guide steps through the process of setting up the Intel SGX Card

Secure Enterprise Blockchains (Infographic)

Last updated: May 8, 2019

An infographic-based description of how Intel® Software Guard Extensions (Intel® SGX) could be implemented to improve the privacy, security, and scalability of enterprise blockchains.

Learn How to Protect Your Sensitive Data: Presentation

Last updated: May 8, 2019

A self-paced webinar that will explain the constructs of an Intel® SGX application. You will become familiar with the structure of an Intel SGX application, what protections are offered for application components, and design considerations. This webinar also includes a demonstration that creates an actual application project.

Intel® Software Guard Extensions and the Development Flow: Infographic

Last updated: May 8, 2019

Intel® Software Guard Extensions (Intel® SGX) at a glance. Check out a one-stop primer that will explain what Intel SGX can be used for, how it works, and a handy reference for application development.

Virtualizing Intel® Software Guard Extensions with KVM and QEMU

Published on May 8, 2019By John M.

Use the Linux* kernel KVM virtualization module and the QEMU* VMM to virtualize Intel® SGX, then create a VM with access to Intel SGX in the guest OS.

Hardware-Assisted Security for High-Value Information

Last updated: April 26, 2019

Recognizing the need for a new model that protects selected code and data from disclosure or modification, Intel designed Intel® Software Guard Extensions (Intel® SGX), a hardware-assisted trusted execution environment with the smallest possible attack surface. With Intel SGX, developers can partition their application into CPU-hardened “enclaves,” or protected areas of execution, that increase security even on compromised platforms.

Intel Integrated Performance Primitives in Intel® SGX Applications

Last updated: April 26, 2019

The Intel® Software Guard Extensions (Intel® SGX) SDK incorporates the Intel® Integrated Performance Primitives (Intel® IPP) Cryptography library. This article provides basic information on this Intel IPP Cryptography library and how to get set up to use it with Windows* Visual Studio* and the Linux* OS.

Exception Handling in Intel® Software Guard Extensions Applications

Last updated: April 26, 2019

This article describes how HW exceptions are handled in Intel® Software Guard Extensions (SGX) enclaves.

Snort® Intrusion Detection System with Intel® Software Guard Extension

Last updated: April 26, 2019

In this paper, is described the experience with hardening the “king of middleboxes”– Intrusion Detection Systems (IDS) – using Intel® Software Guard Extensions (Intel® SGX) technology. The secured IDS using Intel® SGX, called SEC-IDS, is an unmodified Snort® 3 with a DPDK network layer that achieves 10Gbps line rate.

Intel® SGX Enabled Key Manager Service with OpenStack Barbican

Last updated: April 26, 2019

We propose to build an Intel® Software Guard Extension (Intel® SGX) based software crypto plugin that offers security similar to an HSM with the low cost and scalability of a software based solution. We extend OpenStack Barbican API to support attestation of an Intel® SGX crypto plugin, to allow clients higher confidence in the software they are using for storing keys.

Using Intel® VTune™ Amplifier XE with Intel® SGX Enabled Applications on Linux*

Last updated: April 26, 2019

This paper describes how to use Intel® VTune™ Amplifier XE to gather and analyze performance data from Intel® Software Guard Extensions (Intel® SGX) enabled applications for the Linux* OS. Intel VTune Amplifier XE is an application for software performance analysis of 32- and 64-bit x86 based machines.

Using Intel® VTune™ Amplifier XE with Intel® SGX Enabled Applications on Microsoft* Windows*

Last updated: April 26, 2019

This paper describes how to use Intel® VTune™ Amplifier XE to gather and analyze performance data from Intel® Software Guard Extensions (Intel® SGX) enabled applications for Microsoft* Windows*. Intel VTune Amplifier XE is an application for software performance analysis of 32- and 64-bit x86 based machines.

Using the Intel® Software Guard Extensions SSL Library

Last updated: April 26, 2019

This paper describes how to use the Intel® Software Guard Extensions (Intel® SGX) SSL Library for Intel SGX enabled applications. The Intel SGX SSL enclave libraries are derived from OpenSSL* and can be used for secure communications (TLS) across the network and for cryptographic operations within an enclave. This paper covers applications targeting Microsoft* Windows*.

Power Transitions in Intel® Software Guard Extensions Applications for Windows*

Last updated: April 26, 2019

This article provides guidelines on handling power transitions for Intel® Software Guard Extension (Intel® SGX) enabled applications running on Microsoft Windows*.

VeriClouds CredVerify* Uses Intel® Software Guard Extensions: Credential Verification with Privacy By Design

Last updated: April 26, 2019

VeriClouds CredVerify uses Intel® Software Guard Extensions (Intel® SGX) to protect the sensitive credential verification process with hardware-based crypto built inside the CPU. The solution significantly advances the security of VeriClouds service.

Enclave Signing Tool for Intel® Software Guard Extensions (Intel® SGX)

Last updated: April 23, 2019

The Intel® Software Guard Extensions (Intel® SGX) architecture performs checks at enclave load time to see:

  1. if the signed enclave has been altered
  2. if the enclave signer appears on the Intel SGX Whitelist

If any changes have been made, or if the enclave signer is not on the whitelist, the enclave load is aborted.

This paper explains how to use the Intel SGX signing tool, which signs enclave files and generates enclave whitelisting material. For an overview of the enclave signing and whitelisting flows, including business interaction with Intel, see this document.

Intel® Software Guard Extensions (Intel® SGX) Debug and Build Configurations

Last updated: April 23, 2019

This article explains the debug and build configurations used to develop Intel® Software Guard Extensions (Intel® SGX) enclaves. The goal is to give the Intel SGX application developer the information they need to choose the correct build configuration at each stage of the application’s development and release process. This article covers both the Intel SGX SDKs for Windows* and for Linux*. General information on Intel SGX is provided on the Intel SGX portal.

Protected File System with Intel® Software Guard Extensions (Intel® SGX) on Windows*

Last updated: April 23, 2019

This article explains how to use the Protected File System library in Intel® Software Guard Extensions (Intel® SGX) enclaves on Windows*. General information on Intel SGX can be found on the Intel SGX portal.

C++11 Library Setup for Migrating Intel® Software Guard Extensions (Intel® SGX) Applications

Last updated: April 23, 2019

This paper describes the process for migrating an Intel® Software Guard Extensions (Intel® SGX) project created in Microsoft Visual Studio* 2013 that uses the (STLport based) trusted C++ Standard Library to Visual Studio 2015. General information on Intel SGX can be found on the Intel SGX portal.

Performance Considerations for Intel® Software Guard Extensions (Intel® SGX) Applications

Last updated: April 23, 2019

This paper covers four areas with respect to Intel® Software Guard Extensions (Intel® SGX) enabled applications where, depending on how an application is designed/behaves, noticeable performance impacts can be experienced. The article explains the reasons behind these potential impacts and makes recommendations to minimize them. The article assumes a basic knowledge of Intel SGX. General information on Intel SGX is provided on the Intel SGX portal.

Self-Defending Key Management Service with Intel® Software Guard Extensions (Intel® SGX)

Last updated: April 23, 2019

The audience of this whitepaper includes security architects and technical security leaders considering new and better approaches to help secure their applications in public, hybrid, and multi-cloud deployments by ensuring that there is protection from malicious processes running with higher privileges.

Intel® Software Guard Extensions (Intel® SGX) enables a fundamental change to enterprise security providing hardware-level trustworthy execution of x86 applications. It allows enterprises to help secure sensitive applications independent of the overall security of the infrastructure.

This whitepaper describes a Fortanix* Runtime Encryption Capsule* (REC). REC is a trusted execution environment for workloads to use Intel SGX enclaves for their cryptographic protection from rouge insiders, compromised OS, malware, and other vulnerabilities.

Debugging Intel® Software Guard Extensions (Intel® SGX) Enclaves in Microsoft Windows*

Last updated: April 22, 2019

This paper describes the process for debugging Intel® Software Guard Extensions (Intel® SGX) enclaves for Microsoft Windows*. The paper covers prerequisites and typical steps to debug an enclave using Microsoft Visual Studio*, the Intel SGX Debugger, and the Intel SGX debug API. Also included are examples of common errors that can occur in enclave code. This paper assumes a basic understanding of Intel SGX application development. Information on Intel SGX can be found on the Intel SGX portal at: https://software.intel.com/sgx.

Integrating Remote Attestation with Transport Layer Security

Last updated: April 22, 2019

Intel® Software Guard Extensions (Intel® SGX) is a promising technology to securely process information in otherwise untrusted environments. An important aspect of Intel SGX is the ability to perform remote attestation to assess the endpoint’s trustworthiness. Ultimately, remote attestation will result in an attested secure channel to provision secrets to the enclave.

Input Types and Boundary Checking in Enclave-Definition Language (EDL) Files

Last updated: April 22, 2019

This paper explains the input types used in Intel® Software Guard Extensions (Intel® SGX) Enclave-Definition Language (EDL) files and describes the boundary conditions for each type. The paper also covers common build errors related to the definitions in an EDL file. The information in this paper applies to Intel SGX applications for both Microsoft* Windows* and for the Linux* operating system. The paper assumes a basic knowledge of Intel SGX. Information on Intel SGX can be found on the Intel SGX portal.

Enclave-to-Enclave Communication in Intel® Software Guard Extensions (Intel® SGX) Applications

Last updated: April 22, 2019

This paper describes how two Intel® Software Guard Extensions (Intel® SGX) enclaves can securely communicate with each other when they are on the same platform (Local Attestation). This information applies to Intel SGX enabled applications for the Microsoft* Windows* and Linux* operating system. The paper assumes a basic knowledge of Intel SGX. Information on Intel SGX can be found on the Intel SGX portal.

Enclave Memory Measurement Tool for Intel® Software Guard Extensions (Intel® SGX) Enclaves

Last updated: April 22, 2019

This paper describes how to use the Enclave Memory Measurement Tool (EMTT) to help tune the memory footprint of Intel® Software Guard Extensions (Intel® SGX) enclaves. Both Microsoft* Windows* and the Linux* operating systems are covered. The paper assumes an understanding of Intel SGX. General information on Intel SGX can be found on the Intel SGX portal.

Overview on Signing and Whitelisting for Intel® Software Guard Extensions (Intel® SGX) Enclaves

Last updated: April 22, 2019

This paper provides an overview on signing and whitelisting for Intel® Software Guard Extension (Intel® SGX) enclaves for application release. The information presented here applies to Intel SGX enabled applications developed for the Microsoft* Windows* and Linux* operating system. The paper assumes a basic understanding of Intel SGX. General information on Intel SGX can be found on the Intel SGX portal at: https://software.intel.com/sgx.

Intel® Software Guard Extensions (SGX) SW Development Guidance for Potential Edger8r Generated CodeSide Channel Exploits

Last updated: April 19, 2019

In this document we will identify changes that have been made to the Intel® SGX SDK Edger8r Tool EDL Grammar and provide clarifying guidance on what the Intel® SGX developer needs to do to adapt their interface code to the updated EDL grammar.

Intel® Software Guard Extensions (Intel® SGX) Architecture for Oversubscription of Secure Memory in a Virtualized Environment

Last updated: April 19, 2019

As workloads and data move to the cloud, it is essential that software writers are able to protect their applications from untrusted hardware, systems software, and co-tenants. Intel® Software Guard Extensions (SGX) enables a new mode of execution that is protected from attacks in such an environment with strong confidentiality, integrity, and replay protection guarantees. Though SGX supports memory oversubscription via paging, virtualizing the protected memory presents a significant challenge to Virtual Machine Monitor (VMM) writers and comes with a high performance overhead. This paper introduces SGX Oversubscription Extensions that add additional instructions and virtualization support to the SGX architecture so that cloud service providers can oversubscribe secure memory in a less complex and more performant manner.

Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave

Last updated: April 19, 2019

We introduce Intel® Software Guard Extensions (Intel® SGX) SGX2 which extends the SGX instruction set to include dynamic memory management support for enclaves. Intel® SGX is a subset of the Intel Architecture Instruction Set. SGX1 allows an application developer to build a trusted environment and execute inside that space. However SGX1 imposes limitations regarding memory commitment and reuse of enclave memory. The software developer is required to allocate all memory at enclave instantiation. This paper describes new instructions and programming models to extend support for dynamic memory management inside an enclave.

Microsoft Visual Studio* 2015 and Microsoft* Universal C Run Time with Intel® Software Guard Extensions (Intel® SGX) Applications

Last updated: April 19, 2019

This paper explains how to use the Microsoft* Universal C Run Time (CRT) library with Intel® SGX-enabled applications and Microsoft Visual Studio* 2015, including building with and deploying the right CRT libraries. This paperis provided as background information so developers can plan deployment of their Intel SGX enabled applications to ensure the Microsoft* Universal CRT is available when their applications run. General information on Intel SGX is provided on the Intel SGX portal at: https://software.intel.com/en-us/sgx.

Trusted Time and Monotonic Counters with Intel® Software Guard Extensions Platform Services

Last updated: April 19, 2019

Intel® Software Guard Extensions (Intel® SGX) is an Intel® CPU based Trusted Execution Environment (TEE) technology. It consists of a set of processor extensions that allow a user-space application to create a Trusted Computing Base (TCB) called an enclave in its address space. An enclave has the CPU package boundary as its security perimeter and provides confidentiality and integrity protection, even in the presence of privileged malware or external memory bus snoops. Intel SGX provides support of enclave attestation to a 3rd party service, so the latter can verify the security properties of the Intel CPU and the enclave software before provisioning secrets. Intel SGX allows an enclave to seal its secrets using a hardware-derived sealing key that is unique to the CPU and the enclave identities.

Supporting Third Party Attestation for Intel® Software Guard Extensions Data Center Attestation Primitives

Last updated: April 19, 2019

Intel® Software Guard Extensions (SGX) has an attestation and sealing capability that can be used to remotely provision secrets and secure secrets to an enclave. Intel describes how Intel® Enhanced Privacy Identifier (EPID) based attestation keys are provisioned and describes the Intel provided online services to support this architecture. This paper describes additional services and primitives available to allow 3rd parties to build their own attestation infrastructure, using classical public key algorithms such as ECDSA or RSA. This paper also describes an example deployment pipeline with important trade-offs to be considered when deploying Intel® SGX at scale using these new elements.

Intel® Software Guard Extensions (Intel® SGX) Trusted Computing Base (TCB) Recovery

Last updated: April 19, 2019

We designed Intel® Software Guard Extensions (Intel® SGX) with the ability to update it in order to address any issues that might arise in the future. Merely providing this update mechanism, however, is not sufficient for a secure service infrastructure: if a client’s update is voluntary, then the remote service could be communicating with a client that is out of date and subject to security vulnerabilities. To address this issue, Intel SGX was also given the means to cryptographically prove, via remote attestation, that the client update has taken place. The mechanics of this process have been outlined in the whitepaper titled “Intel® Software Guard Extensions: EPID Attestation and Services”.

Debugging Intel® Software Guard Extensions (Intel® SGX) Enclaves for Linux* Operating System

Last updated: April 19, 2019

This paper describes the process for debugging an Intel® Software Guard Extensions (Intel® SGX) enclave for the Linux* operating system using the GDB debugger. The paper covers prerequisites and typical steps to debug an enclave using the GDB debugger with the Intel SGX GDB “plugin” from the Intel SGX SDK for Linux. Also included are descriptions of common errors that can occur in enclave code. This paper assumes a basic understanding of Intel SGX. Information on Intel SGX can be found on the Intel SGX portal at: https://software.intel.com/sgx.

Trusted CPU Feature Detection Library for Intel® Software Guard Extensions (Intel® SGX)

Published on April 9, 2019By John M.

A means of probing for selected CPU features without exiting an Intel SGX enclave.

Intel® Software Guard Extensions (Intel® SGX) - Fortanix* Testimonial

Last updated: March 19, 2019

Fortanix* talks about their implementation of Intel® SGX and how they use it in their portfolio of products and services.

Page icon

Can a Blockchain-Controlled Robot Change the Future?

Imagine a world in which your drone or robot malfunctions and is lost in the wilderness, but you can summon a rescue robot to retrieve it.

still from security focused animation

Intel® Software Guard Extensions (Intel® SGX) Animation

Last updated: February 21, 2019Video length: 2 min

Intel® Software Guard Extensions (Intel® SGX) helps developers create a trusted space where new CPU instructions provide higher security access controls that help safeguard select information and code while in use

A Mutually-Trusted Enclave Inspection

Last updated: February 12, 2019

Hardware protects enclave contents in the cloud, resulting with providers being unable to enforce policy compliance. Use the EnGarde system to ensure compliance.

Page icon

Get Started with Microsoft Azure* Confidential Computing

Scope

This paper helps developers get started with Microsoft Azure* Confidential Computing (ACC) using the Open Enclave software development kit (SDK). Topics include the scope of support for the ACC public preview, step-...

Building the GNU* Multiple Precision* library for Intel® Software Guard Extensions

Published on October 3, 2018By John M.

How to adapt the GNU Multiple Precision Arithmetic Library (GMP) to work in Intel SGX enclaves.

Secure Genome Analysis

Last updated: October 2, 2018

This video is about Secure Genome Analysis with Intel® SGX Data Privacy.

Resolve the Privacy and Trust Quagmire

Last updated: October 2, 2018

Describe how trustworthy hardware such as Intel® SGX can be used client-side in contrast to much recent work exploring Intel® SGX in cloud services to realize the Glimmer architecture, and demonstrate how this realization is able to resolve the tension between privacy and trust in a variety of...

Use Oblivious Multiparty Machine Learning on Trusted Processors

Last updated: October 2, 2018

Guaranteeing the privacy of individual datasets requires a careful use of machine learning algorithms. Learn about a recommended algorithm and where to use it.

Efficient Two-Party Secure Function Evaluation

Last updated: October 2, 2018

This evaluation method's extensive use of cryptographic operations make protocols too slow for practical use. But, Intel® Software Guard Extensions provides an environment to address these concerns.

A Scalable Private Membership Test Using Trusted Hardware

Last updated: October 2, 2018

In cloud-assisted services, it's possible to infer users' personal traits. A private membership test can remove this privacy concern.

Protect the Privacy of Genetic Data from Rare Diseases

Last updated: October 2, 2018

PRINCESS analyzes genetic data from rare diseases across different continents. It is a privacy-preserving international collaboration framework that uses Intel® Software Guard Extensions for trustworthy computation.

Pages