179 Search Results

Refine by

    Results for:

Intel® Software Guard Extensions (Intel® SGX) Debug and Build Configurations

Last updated: April 23, 2019

This article explains the debug and build configurations used to develop Intel® Software Guard Extensions (Intel® SGX) enclaves. The goal is to give the Intel SGX application developer the information they need to choose the correct build configuration at each stage of the application’s development and release process. This article covers both the Intel SGX SDKs for Windows* and for Linux*. General information on Intel SGX is provided on the Intel SGX portal.

Enclave Signing Tool for Intel® Software Guard Extensions (Intel® SGX)

Last updated: April 23, 2019

The Intel® Software Guard Extensions (Intel® SGX) architecture performs checks at enclave load time to see:

  1. if the signed enclave has been altered
  2. if the enclave signer appears on the Intel SGX Whitelist

If any changes have been made, or if the enclave signer is not on the whitelist, the enclave load is aborted.

This paper explains how to use the Intel SGX signing tool, which signs enclave files and generates enclave whitelisting material. For an overview of the enclave signing and whitelisting flows, including business interaction with Intel, see this document.

Protected File System with Intel® Software Guard Extensions (Intel® SGX) on Windows*

Last updated: April 23, 2019

This article explains how to use the Protected File System library in Intel® Software Guard Extensions (Intel® SGX) enclaves on Windows*. General information on Intel SGX can be found on the Intel SGX portal.

C++11 Library Setup for Migrating Intel® Software Guard Extensions (Intel® SGX) Applications

Last updated: April 23, 2019

This paper describes the process for migrating an Intel® Software Guard Extensions (Intel® SGX) project created in Microsoft Visual Studio* 2013 that uses the (STLport based) trusted C++ Standard Library to Visual Studio 2015. General information on Intel SGX can be found on the Intel SGX portal.

Performance Considerations for Intel® Software Guard Extensions (Intel® SGX) Applications

Last updated: April 23, 2019

This paper covers four areas with respect to Intel® Software Guard Extensions (Intel® SGX) enabled applications where, depending on how an application is designed/behaves, noticeable performance impacts can be experienced. The article explains the reasons behind these potential impacts and makes recommendations to minimize them. The article assumes a basic knowledge of Intel SGX. General information on Intel SGX is provided on the Intel SGX portal.

Self-Defending Key Management Service with Intel® Software Guard Extensions (Intel® SGX)

Last updated: April 23, 2019

The audience of this whitepaper includes security architects and technical security leaders considering new and better approaches to help secure their applications in public, hybrid, and multi-cloud deployments by ensuring that there is protection from malicious processes running with higher privileges.

Intel® Software Guard Extensions (Intel® SGX) enables a fundamental change to enterprise security providing hardware-level trustworthy execution of x86 applications. It allows enterprises to help secure sensitive applications independent of the overall security of the infrastructure.

This whitepaper describes a Fortanix* Runtime Encryption Capsule* (REC). REC is a trusted execution environment for workloads to use Intel SGX enclaves for their cryptographic protection from rouge insiders, compromised OS, malware, and other vulnerabilities.

Integrating Remote Attestation with Transport Layer Security

Last updated: April 22, 2019

Intel® Software Guard Extensions (Intel® SGX) is a promising technology to securely process information in otherwise untrusted environments. An important aspect of Intel SGX is the ability to perform remote attestation to assess the endpoint’s trustworthiness. Ultimately, remote attestation will result in an attested secure channel to provision secrets to the enclave.

Input Types and Boundary Checking in Enclave-Definition Language (EDL) Files

Last updated: April 22, 2019

This paper explains the input types used in Intel® Software Guard Extensions (Intel® SGX) Enclave-Definition Language (EDL) files and describes the boundary conditions for each type. The paper also covers common build errors related to the definitions in an EDL file. The information in this paper applies to Intel SGX applications for both Microsoft* Windows* and for the Linux* operating system. The paper assumes a basic knowledge of Intel SGX. Information on Intel SGX can be found on the Intel SGX portal.

Enclave-to-Enclave Communication in Intel® Software Guard Extensions (Intel® SGX) Applications

Last updated: April 22, 2019

This paper describes how two Intel® Software Guard Extensions (Intel® SGX) enclaves can securely communicate with each other when they are on the same platform (Local Attestation). This information applies to Intel SGX enabled applications for the Microsoft* Windows* and Linux* operating system. The paper assumes a basic knowledge of Intel SGX. Information on Intel SGX can be found on the Intel SGX portal.

Enclave Memory Measurement Tool for Intel® Software Guard Extensions (Intel® SGX) Enclaves

Last updated: April 22, 2019

This paper describes how to use the Enclave Memory Measurement Tool (EMTT) to help tune the memory footprint of Intel® Software Guard Extensions (Intel® SGX) enclaves. Both Microsoft* Windows* and the Linux* operating systems are covered. The paper assumes an understanding of Intel SGX. General information on Intel SGX can be found on the Intel SGX portal.

Overview on Signing and Whitelisting for Intel® Software Guard Extensions (Intel® SGX) Enclaves

Last updated: April 22, 2019

This paper provides an overview on signing and whitelisting for Intel® Software Guard Extension (Intel® SGX) enclaves for application release. The information presented here applies to Intel SGX enabled applications developed for the Microsoft* Windows* and Linux* operating system. The paper assumes a basic understanding of Intel SGX. General information on Intel SGX can be found on the Intel SGX portal at: https://software.intel.com/sgx.

Debugging Intel® Software Guard Extensions (Intel® SGX) Enclaves in Microsoft Windows*

Last updated: April 22, 2019

This paper describes the process for debugging Intel® Software Guard Extensions (Intel® SGX) enclaves for Microsoft Windows*. The paper covers prerequisites and typical steps to debug an enclave using Microsoft Visual Studio*, the Intel SGX Debugger, and the Intel SGX debug API. Also included are examples of common errors that can occur in enclave code. This paper assumes a basic understanding of Intel SGX application development. Information on Intel SGX can be found on the Intel SGX portal at: https://software.intel.com/sgx.

Intel® Software Guard Extensions (SGX) SW Development Guidance for Potential Edger8r Generated CodeSide Channel Exploits

Last updated: April 19, 2019

In this document we will identify changes that have been made to the Intel® SGX SDK Edger8r Tool EDL Grammar and provide clarifying guidance on what the Intel® SGX developer needs to do to adapt their interface code to the updated EDL grammar.

Intel® Software Guard Extensions (Intel® SGX) Architecture for Oversubscription of Secure Memory in a Virtualized Environment

Last updated: April 19, 2019

As workloads and data move to the cloud, it is essential that software writers are able to protect their applications from untrusted hardware, systems software, and co-tenants. Intel® Software Guard Extensions (SGX) enables a new mode of execution that is protected from attacks in such an environment with strong confidentiality, integrity, and replay protection guarantees. Though SGX supports memory oversubscription via paging, virtualizing the protected memory presents a significant challenge to Virtual Machine Monitor (VMM) writers and comes with a high performance overhead. This paper introduces SGX Oversubscription Extensions that add additional instructions and virtualization support to the SGX architecture so that cloud service providers can oversubscribe secure memory in a less complex and more performant manner.

Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave

Last updated: April 19, 2019

We introduce Intel® Software Guard Extensions (Intel® SGX) SGX2 which extends the SGX instruction set to include dynamic memory management support for enclaves. Intel® SGX is a subset of the Intel Architecture Instruction Set. SGX1 allows an application developer to build a trusted environment and execute inside that space. However SGX1 imposes limitations regarding memory commitment and reuse of enclave memory. The software developer is required to allocate all memory at enclave instantiation. This paper describes new instructions and programming models to extend support for dynamic memory management inside an enclave.

Microsoft Visual Studio* 2015 and Microsoft* Universal C Run Time with Intel® Software Guard Extensions (Intel® SGX) Applications

Last updated: April 19, 2019

This paper explains how to use the Microsoft* Universal C Run Time (CRT) library with Intel® SGX-enabled applications and Microsoft Visual Studio* 2015, including building with and deploying the right CRT libraries. This paperis provided as background information so developers can plan deployment of their Intel SGX enabled applications to ensure the Microsoft* Universal CRT is available when their applications run. General information on Intel SGX is provided on the Intel SGX portal at: https://software.intel.com/en-us/sgx.

Trusted Time and Monotonic Counters with Intel® Software Guard Extensions Platform Services

Last updated: April 19, 2019

Intel® Software Guard Extensions (Intel® SGX) is an Intel® CPU based Trusted Execution Environment (TEE) technology. It consists of a set of processor extensions that allow a user-space application to create a Trusted Computing Base (TCB) called an enclave in its address space. An enclave has the CPU package boundary as its security perimeter and provides confidentiality and integrity protection, even in the presence of privileged malware or external memory bus snoops. Intel SGX provides support of enclave attestation to a 3rd party service, so the latter can verify the security properties of the Intel CPU and the enclave software before provisioning secrets. Intel SGX allows an enclave to seal its secrets using a hardware-derived sealing key that is unique to the CPU and the enclave identities.

Supporting Third Party Attestation for Intel® Software Guard Extensions Data Center Attestation Primitives

Last updated: April 19, 2019

Intel® Software Guard Extensions (SGX) has an attestation and sealing capability that can be used to remotely provision secrets and secure secrets to an enclave. Intel describes how Intel® Enhanced Privacy Identifier (EPID) based attestation keys are provisioned and describes the Intel provided online services to support this architecture. This paper describes additional services and primitives available to allow 3rd parties to build their own attestation infrastructure, using classical public key algorithms such as ECDSA or RSA. This paper also describes an example deployment pipeline with important trade-offs to be considered when deploying Intel® SGX at scale using these new elements.

Intel® Software Guard Extensions (Intel® SGX) Trusted Computing Base (TCB) Recovery

Last updated: April 19, 2019

We designed Intel® Software Guard Extensions (Intel® SGX) with the ability to update it in order to address any issues that might arise in the future. Merely providing this update mechanism, however, is not sufficient for a secure service infrastructure: if a client’s update is voluntary, then the remote service could be communicating with a client that is out of date and subject to security vulnerabilities. To address this issue, Intel SGX was also given the means to cryptographically prove, via remote attestation, that the client update has taken place. The mechanics of this process have been outlined in the whitepaper titled “Intel® Software Guard Extensions: EPID Attestation and Services”.

Debugging Intel® Software Guard Extensions (Intel® SGX) Enclaves for Linux* Operating System

Last updated: April 19, 2019

This paper describes the process for debugging an Intel® Software Guard Extensions (Intel® SGX) enclave for the Linux* operating system using the GDB debugger. The paper covers prerequisites and typical steps to debug an enclave using the GDB debugger with the Intel SGX GDB “plugin” from the Intel SGX SDK for Linux. Also included are descriptions of common errors that can occur in enclave code. This paper assumes a basic understanding of Intel SGX. Information on Intel SGX can be found on the Intel SGX portal at: https://software.intel.com/sgx.

Trusted CPU Feature Detection Library for Intel® Software Guard Extensions (Intel® SGX)

Published on April 9, 2019By John M.

A means of probing for selected CPU features without exiting an Intel SGX enclave.

Intel® Software Guard Extensions (Intel® SGX) - Fortanix* Testimonial

Last updated: March 19, 2019

Fortanix* talks about their implementation of Intel® SGX and how they use it in their portfolio of products and services.

still from security focused animation

Intel® Software Guard Extensions (Intel® SGX) Animation

Last updated: February 21, 2019Video length: 2 min

Intel® Software Guard Extensions (Intel® SGX) helps developers create a trusted space where new CPU instructions provide higher security access controls that help safeguard select information and code while in use

A Mutually-Trusted Enclave Inspection

Last updated: February 12, 2019

Hardware protects enclave contents in the cloud, resulting with providers being unable to enforce policy compliance. Use the EnGarde system to ensure compliance.

Page icon

Get Started with Microsoft Azure* Confidential Computing

Published on December 27, 2018By Dan Z.

Scope

This paper helps developers get started with Microsoft Azure* Confidential Computing (ACC) using the Open Enclave software development kit (SDK). Topics include the scope of support for the ACC public preview, step-...

Building the GNU* Multiple Precision* library for Intel® Software Guard Extensions

Published on October 3, 2018By John M.

How to adapt the GNU Multiple Precision Arithmetic Library (GMP) to work in Intel SGX enclaves.

Secure Genome Analysis

Last updated: October 2, 2018

This video is about Secure Genome Analysis with Intel® SGX Data Privacy.

Resolve the Privacy and Trust Quagmire

Last updated: October 2, 2018

Describe how trustworthy hardware such as Intel® SGX can be used client-side in contrast to much recent work exploring Intel® SGX in cloud services to realize the Glimmer architecture, and demonstrate how this realization is able to resolve the tension between privacy and trust in a variety of...

Use Oblivious Multiparty Machine Learning on Trusted Processors

Last updated: October 2, 2018

Guaranteeing the privacy of individual datasets requires a careful use of machine learning algorithms. Learn about a recommended algorithm and where to use it.

Efficient Two-Party Secure Function Evaluation

Last updated: October 2, 2018

This evaluation method's extensive use of cryptographic operations make protocols too slow for practical use. But, Intel® Software Guard Extensions provides an environment to address these concerns.

A Scalable Private Membership Test Using Trusted Hardware

Last updated: October 2, 2018

In cloud-assisted services, it's possible to infer users' personal traits. A private membership test can remove this privacy concern.

Protect the Privacy of Genetic Data from Rare Diseases

Last updated: October 2, 2018

PRINCESS analyzes genetic data from rare diseases across different continents. It is a privacy-preserving international collaboration framework that uses Intel® Software Guard Extensions for trustworthy computation.

Code Samples: A Privacy-Protecting Framework to Analyze Rare Diseases

Last updated: October 2, 2018

Get resources for setting up and using PRINCESS to study DNA using encryption functions in Intel® Software Guard Extensions.

A Privacy-Preserving Estimate of Individual Admixtures

Last updated: October 2, 2018

Identifying patients' demographic histories is important for biomedical research. Learn how multiple sites can securely collaborate in a secure enclave.

Achieve Secure Many-Party Applications

Last updated: October 1, 2018

A trusted third party (TTP) achieves secure multiparty computation between a small amount of participants. Intel® Software Guard Extensions is the most promising trustworthy remote entity (TRE) for many-party applications.

An Authenticated Data Feed for Smart Contracts

Last updated: October 1, 2018

Town Crier acts as a bridge between smart contracts and existing websites that are already trusted for nonblockchain applications. Its blockchain front end and trusted hardware back end serve source-authenticated data to relying smart contracts.

Payment Channels That Use Trusted Execution Environments

Last updated: October 1, 2018

Blockchain protocols have a limited transaction throughput and latency. Off-chain payment channels attempt to address performance issues, but a secure deployment is hard. Learn how the Teechan framework resolves these issues.

An Efficient Blockchain Consensus Protocol

Last updated: October 1, 2018

Access designs for blockchain consensus primitives and a novel blockchain system that are based on trusted execution environments (TEE), such as CPUs that are enabled for Intel® Software Guard Extensions.

A Generic Trusted I/O Path for Intel® SGX

Last updated: October 1, 2018

This work presents SGXIO, a generic trusted path architecture for Intel® SGX, allowing user applications to run securelyon top of an untrusted OS, while at the same time supporting trusted paths to generic I/O devices.

Secure Network Functions at Near-Native Speed

Last updated: October 1, 2018

Outsourcing software middleboxes raises severe security concerns. LightBox enables enterprises to safely forward packets to the enclaved middlebox for processing without unreasonable overhead.

Preserve the Privacy of Routing Policies at Internet Exchange Points

Last updated: October 1, 2018

Internet exchange points (IXP) help network service providers obtain connectivity but provide no guarantees for privacy enforcement. Learn about an approach that enforces the privacy of peering relationships and routing policies.

Secure & Transparent Termination of Transport Layer Security

Last updated: October 1, 2018

TaLoS is a replacement for existing transport layer security (TLS) libraries. It imposes a maximum of 31 percent overhead by minimizing the amount of enclave transitions and reducing the remainder.

Code Samples: Secure & Transparent Termination of Transport Layer Security

Last updated: October 1, 2018

TaLoS has a streamlined interface to process transport layer security (TLS) communications. Use these samples to securely send HTTPS requests and responses to another enclave or for encryption before logging them to persistent storage.

Overcome Network Function Virtualization (NFV) Security Issues in the Cloud

Last updated: October 1, 2018

Intel® Software Guard Extensions protects network functions, but its usability in arbitrary NFV applications and performance is questionable. Learn how to use this tool for network deployments.

Enhance the Security and Privacy of Tor's Ecosystem Using Trusted Execution Environments

Last updated: October 1, 2018

A practical approach to effectively enhancing the security and privacy of Tor by utilizing Intel® SGX, a commodity trusted execution environment

Documentation | Securing NFV States Using Intel® SGX Documentation

Last updated: October 1, 2018

A new protection scheme, S-NFV that incorporates Intel® SGX to securely isolate the states of NFV applications.

Secure Network Function Virtualization (NFV) States

Last updated: October 1, 2018

Learn about a new protection scheme that incorporates Intel® Software Guard Extensions to securely isolate the states of NFV applications.

How Return-Oriented Programming is Used Against Secure Enclaves

Last updated: October 1, 2018

Despite protection from Intel® Software Guard Extensions, vulnerabilities are expected in nontrivial applications. Explore exploitation techniques that prevent vulnerabilities inside enclaves.

Presentation | Stealthy Page Table-Based Attacks on Enclaved Execution

Last updated: October 1, 2018

Protected module architectures, such as Intel® Software Guard Extensions (Intel® SGX), enable strong trusted computing guarantees for hardware-enforced enclaves on top a potentially malicious operating system.

Documentation | Stealthy Page Table-Based Attacks on Enclaved Execution

Last updated: October 1, 2018

Protected module architectures, such as Intel® Software Guard Extensions (Intel® SGX), enable strong trusted computing guarantees for hardware enforced enclaves on top a potentially malicious operating system.

Pages