Intel® Software Guard Extensions (Intel® SGX) is Intel’s Trusted Execution Environment for client and data center. It provides the foundation for many secure use cases.
3. 3
Modern computing requires a capability to store secrets and
execute securely – a “Trusted Execution Environment” (TEE). This
need is increasing with new and more advanced threats in
computing.
1
2
3 SGX is the result of many years of research and builds on a
foundation of knowledge of bringing multiple security
technologies to market and includes solutions to a number of
very interesting challenges…
Intel® Software Guard Extensions (Intel® SGX) is Intel’s TEE for
client and data center. It provides the foundation for many secure
use cases.
Trusted Execution for all developers
Executivesummary
4. 4
Intel®SoftwareGuardExtension(SGX)Analogy
Intel® SGX is analogous to a safe in your hotel room
• You can put a few things in it – wallet, watch, sensitive
documents, keys, etc., … not your entire house.
• If the hotel experiences a catastrophic event, like a fire, your
high value items are secure.
• Similar to one’s high value items, our digital life needs to be
secure.
• SGX existence safeguards identity, data, and browsing, making
your life easier and better.
• SGX utilizes a small amount of CPU memory to protect sensitive
application information.
5. Intel®SGXIntel SGXprovidesatrustedcomputingenclave(island)wheredataandapplicationsareprotectedindependentlyoftheoperatingsystemorhardware
configurationitself.
Protects against SW attacks even if OS/drivers/
BIOS/VMM/SMM are compromised
Smallest possible Trusted Compute Block (TCB)
Secrets (data/keys/et al) remain protected
even when attacker has full control of platform
Other technologies allow some privileged SW in their
boundary
Prevents attacks like memory bus snooping,
memory tampering, and “cold boot” attacks
against memory contents in RAM
Protection for hard-to-protect or unprotected spaces
Provides hardware-based attestation
capabilities to measure and verify valid code
and data signatures
Increases transparency and accountability
5
Cloud
Tenant
&
Data
Provider
Untrusted - CSP Environment
Trusted – Intel® SGX enclave
Protected
Application
Protected
Input Data
Secrets
Ex. SSN, City,
Credit Card
Number
Encrypted
Data
Encrypted
Results
6. SGX enabled
solutions can
provide protection
for workloads
running on devices
Services&
Practices
Solutions
FPGA
PC Client DataCenter
Vehicles
Storage
New
Devices
Comms
AI &
Machine
Learning
Ecosystem3
Developers
4
SiliconFoundation1
5
IoT
2
SGX @ Root of Trust
SGX Protects App Data & Content
SGX APIs & SDKs
Attestation
Identity, Data, Compute
Enablingtrustedcomputing@thesiliconrootoftrust
6
7. 7
Academic papers
More than 125 (83 in
2017) academic papers
written on use cases
(and potential
vulnerabilities) for SGX
Intel Confidential
New use cases are
being termed as
“art of
possibilities”
9. 9
Execution Isolation at the Application boundary1
2
3 Recovery from HW Issues
Attestation and Sealing at the Application boundary
KeyChallenges
10. 10
Execution Isolation at the Application boundary1
2
3 Recovery from HW Issues
Attestation and Sealing at the Application boundary
KeyChallenges
11. ReducingtheAttackSurface
Hyper-focusedtrustboundary
Application gains ability to defend its own
secrets
Memory protection model changed for NEW protected
region of memory (PRM)
New instructions added to create smallest attack surface
Familiar IA Development and Debug
SDK & Integrated Dev Environment enhancements
Scalable
Main core performance
All HW threads can used inside an enclave
Protected memory can be securely paged
11
Attack surface for legacy platforms
Attack surface with Intel® SGX
Hardware
VMM
OS
App App App
1
12. Platform
12
SGXHigh-levelHardware/SoftwarePicture
EPC
M
EPC
SGX
Module
SGX User
Runtime
Enclave
New Kernel Level
Instructions
ECREATE
EADD
EEXTEND
EINIT
EBLOCK
SGX User
Runtime
Enclave
Hdw Data Structure
Hardware
Runtime
Application
OS Data structure
Application
Environment
Privileged
Environment
New Exposed
Hardware
New Application
Level Instructions
EEXIT
EGETKEY
EREPORT
EENTER
ERESUME
Page
tables
ETRACK
EWB
ELD
EPA
EREMOVE
1
14. Jco3lks937weu0cwejpoi9987v80we
IncreasingPhysicalAttackProtection
1. Security perimeter is the CPU package
boundary
2. Data and code unencrypted inside CPU
package
3. Data and code outside CPU package is
encrypted and integrity checked
4. External memory reads and bus snoops
see only encrypted data
14
System
Memory
Snoop
Snoop
Cores
CacheAMEX: 3234-
134584-26864
INTEL CONFIDENTIAL
15. 15
Execution Isolation at the Application boundary1
2
3 Recovery from HW Issues
Attestation and Sealing at the Application boundary
KeyChallenges
17. 17
Execution Isolation at the Application boundary1
2
3 TCB Recovery
Attestation and Sealing to the Application boundary
KeyChallenges
18. TCBRecovery
TCB recovery is the process of being able to cryptographically demonstrate that
the TCB has been updated to fix a potential security issue
First we issue all the HW component with a
“Security Version Number”
This is used to derive a “TCB specific” key from the
HW key in the part.
When a new update is issued all keys are derived
from a new TCB specific key.
Note: this mechanism is cannot be modified as part of a TCB update itself.
3
Unverifiable Code Base
HW Key TCB KeyPRF
TCB SVN
19. 19
DataMigration
But what about all the data sealed to an previous TCB key?
A backwards loop is used to provide forward
secrecy, but allows “previous” TCB specific keys
to be retrieved
This allows the CPU to continue to “go back” by
performing additional PRF’s
Unverifiable Code Base
Initial Key TCB KeyPRF
Derivation String
(usually a constant)
Temp
Loop (MAX-SVN) times
20. 20
Execution Isolation at the Application boundary1
2
3 Recovery from HW Issues
Attestation and Sealing at the Application boundary
KeyChallengessoftware.intel.com/SGX
The site has the latest info on:
SDK & Developer Resources
White Papers
Support Forum