HOME
The Info List - Software Guard Extensions


--- Advertisement ---



Intel
Intel
SGX is a set of central processing unit (CPU) instruction codes from Intel
Intel
that allows user-level code to allocate private regions of memory, called enclaves, that are protected from processes running at higher privilege levels.[1] Intel
Intel
designed SGX to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM).[2]

Contents

1 Details 2 Prime+Probe attack 3 Spectre-like attack 4 References 5 External links

Details[edit] Support for SGX in the CPU is indicated in CPUID "Structured Extended feature Leaf", EBX bit 02,[3] but its availability to applications requires BIOS
BIOS
support and opt-in enabling which is not reflected in CPUID bits. This complicates the feature detection logic for applications.[4] Emulation of SGX was added to experimental version of the QEMU
QEMU
system emulator in 2014.[5] In 2015, researchers at the Georgia Institute of Technology released an open-source simulator known as OpenSGX.[6] It was introduced in 2015 with the sixth generation Intel
Intel
Core microprocessors based on the Skylake microarchitecture. One example of SGX used in security was a demo application from wolfSSL[7] using it for cryptography algorithms. One example of a secure service built using SGX is Fortanix's key management service.[8] This entire cloud based service is built using SGX servers and designed to provide privacy from cloud provider. An additional example is Numecent
Numecent
using SGX to protect the DRM that is used to authorize application execution with their Cloudpaging application delivery products.[9] Intel
Intel
Goldmont Plus (Gemini Lake) microarchitecture will also add support for Intel
Intel
SGX. Prime+Probe attack[edit] On 27 March 2017 researchers at Austria's Graz University of Technology developed a proof-of-concept that can grab RSA keys from SGX enclaves running on the same system within five minutes by using certain CPU instructions in lieu of a fine-grained timer to exploit cache DRAM
DRAM
side-channels.[10][11] One countermeasure for this type of attack was presented and published by Daniel Gruss et al. at the USENIX
USENIX
Security Symposium in 2017.[12] Among other published countermeasures, one countermeasure to this type of attack was published on September 28, 2017, a compiler-based tool, DR.SGX,[13] that claims to have superior performance with the elimination of the implementation complexity of other proposed solutions. Spectre-like attack[edit] The LSDS group at Imperial College London showed a proof of concept that the Spectre speculative execution security vulnerability can be adapted to attack the secure enclave.[14] References[edit]

Computer security
Computer security
portal

^ " Intel
Intel
SGX for Dummies ( Intel
Intel
SGX Design Objectives)". intel.com. 2013-09-26.  ^ " Intel
Intel
SGX Details". intel.com. 2017-07-05.  ^ Intel
Intel
Architecture Instruction Set Extensions Programming Reference, Intel, AUGUST 2015, page 36 "Structured Extended feature Leaf EAX=07h, EBX Bit 02: SGX" ^ "Properly Detecting Intel
Intel
Software Guard Extensions in Your Applications". intel.com. 2016-05-13.  ^ https://tc.gtisc.gatech.edu/bss/2014/l/final/pjain43.pdf ^ "sslab-gatech/opensgx". GitHub. Retrieved 2016-08-15.  ^ "wolfSSL At IDF". wolfssl. 2016-08-11.  ^ "Fortanix Intel
Intel
SGX Based Key Management". 2017-02-26.  ^ " Numecent
Numecent
Cloudpaging at Intel
Intel
IDF". numecent.com. 2016-08-16.  ^ Chirgwin, Richard (March 7, 2017). "Boffins show Intel's SGX can leak crypto keys". The Register. Retrieved 1 May 2017.  ^ Schwarz, Michael; Weiser, Samuel; Gruss, Daniel; Maurice, Clémentine; Mangard, Stefan (March 1, 2017). "Malware Guard Extension: Using SGX to Conceal Cache Attacks". Graz University of Technology. Retrieved 1 May 2017.  ^ "Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory" (PDF). USENIX. 2017-08-16.  ^ "DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization" (PDF). arxiv.org. 2017-09-28.  ^ Sample code demonstrating a Spectre-like attack against an Intel
Intel
SGX enclave. 

External links[edit]

Intel
Intel
Software Guard Extensions ( Intel
Intel
SGX) / ISA Extensions, Intel

Intel
Intel
Software Guard Extensions ( Intel
Intel
SGX) Programming Reference, Intel, October 2014 IDF 2015 - Tech Chat: A Primer on Intel
Intel
Software Guard Extensions, Intel
Intel
(poster) ISCA 2015 tutorial slides for Intel
Intel
SGX, Intel, June 2015

McKeen, Frank, et al. (Intel), Innovative Instructions and Software Model for Isolated Execution // Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 2013. Joanna Rutkowska, Thoughts on Intel's upcoming Software Guard Extensions (Part 1), August 2013 SGX: the good, the bad and the downright ugly / Shaun Davenport, Richard Ford (Florida Institute of Technology) / Virus Bulletin, 2014-01-07 Victor Costan and Srinivas Devadas, Intel
Intel
SGX Explained, January 2016. wolfSSL, October 2016. The Security of Intel
Intel
SGX for Key Protection and Data Privacy Applications / Professor Yehuda Lindell (Bar Ilan University & Unbound Tech), January 2018

v t e

Intel

Subsidiaries

3Dlabs Altera Comneon Intel
Intel
Security Mobileye Recon Instruments Virtutech Wind River Systems 4Group Holdings (50% owned by Technicolor SA)

Products

Intel
Intel
AZ210 3D XPoint Accounts & SSO Amplify Tablet Advanced Programmable Interrupt Controller Cache Acceleration Software Client Initiated Remote Access Direct Media Interface Flexible Display Interface Hella Zippy Intel
Intel
1103 Intel
Intel
Display Power Saving Technology Intel
Intel
Modular Server System Intel
Intel
Reader Intel
Intel
SPSH4 Intel
Intel
System Development Kit Intel
Intel
Upgrade Service Intel740 InTru3D IXP1200 OFono Omni-Path Performance acceleration technology Shooting Star Smart Cache SSDs (X25-M) Stable Image Platform Virtual 8086 mode WiDi X86 Intel
Intel
Clear Video Intel
Intel
Quick Sync Video

Litigation

Advanced Micro Devices, Inc. v. Intel
Intel
Corp. High-Tech Employee Antitrust Litigation Intel
Intel
Corp. v. Advanced Micro Devices, Inc. Intel
Intel
Corp. v. Hamidi Intel
Intel
Corporation Inc. v CPM United Kingdom Ltd Silvaco Data Systems v. Intel
Intel
Corp.

People

Gordon Moore Robert Noyce

Related

Intel
Intel
Foundation Achievement Award Apple's transition to Intel
Intel
processors Intel
Intel
Architecture Labs ASCI Red BiiN Classmate PC Convera Corporation Copy Exactly! Cornell Cup USA Intel
Intel
Developer Forum Dynamic video memory technology Intel
Intel
Extreme Masters List of Intel
Intel
microprocessors List of Intel
Intel
graphics processing units (2013 or earlier) I/O Acceleration Technology IA-32 Execution Layer IM Flash Technologies The Innovators Inside Inside Films Intel
Intel
ADX Intel
Intel
Capital Intel
Intel
Cluster Ready Intel
Intel
Compute Stick Intel
Intel
Ireland Intel
Intel
Mobile Communications Intel
Intel
Outstanding Researcher Award Intel
Intel
SHA extensions Intel
Intel
Teach List of semiconductor fabrication plants List of Intel
Intel
manufacturing sites Intel
Intel
Museum OnCue Intel
Intel
PRO/Wireless Intel
Intel
International Science and Engineering Fair Regeneron Science Talent Search Simple Firmware
Firmware
Interface Single-chip Cloud Computer Software Guard Extensions Supervisor Mode Access Prevention Tarari Intel
Intel
Technology Journal Intel
Intel
Tera-Scale Timeline of Intel Xircom

v t e

CPU technologies

Architecture

Turing machine Post–Turing machine Universal Turing machine Quantum Turing machine Belt machine Stack machine Register machine Counter machine Pointer machine Random access machine Random access stored program machine Finite-state machine Queue automaton Von Neumann Harvard (modified) Dataflow TTA Cellular Artificial neural network

Machine learning Deep learning Neural processing unit (NPU)

Convolutional neural network Load/store architecture Register memory architecture Endianness FIFO Zero-copy NUMA HUMA HSA Mobile computing Surface computing Wearable computing Heterogeneous computing Parallel computing Concurrent computing Distributed computing Cloud computing Amorphous computing Ubiquitous computing Fabric computing Cognitive computing Unconventional computing Hypercomputation Quantum computing Adiabatic quantum computing Linear optical quantum computing Reversible computing Reverse computation Reconfigurable computing Optical computing Ternary computer Analogous computing Mechanical computing Hybrid computing Digital computing DNA computing Peptide computing Chemical computing Organic computing Wetware computing Neuromorphic computing Symmetric multiprocessing
Symmetric multiprocessing
(SMP) Asymmetric multiprocessing
Asymmetric multiprocessing
(AMP) Cache hierarchy Memory hierarchy

ISA types

ASIP CISC RISC EDGE (TRIPS) VLIW (EPIC) MISC OISC NISC ZISC Comparison

ISAs

x86 z/Architecture ARM MIPS Power Architecture
Power Architecture
(PowerPC) SPARC Mill Itanium
Itanium
(IA-64) Alpha Prism SuperH V850 Clipper VAX Unicore PA-RISC MicroBlaze RISC-V

Word size

1-bit 2-bit 4-bit 8-bit 9-bit 10-bit 12-bit 15-bit 16-bit 18-bit 22-bit 24-bit 25-bit 26-bit 27-bit 31-bit 32-bit 33-bit 34-bit 36-bit 39-bit 40-bit 48-bit 50-bit 60-bit 64-bit 128-bit 256-bit 512-bit Variable

Execution

Instruction pipelining

Bubble Operand forwarding

Out-of-order execution

Register renaming

Speculative execution

Branch predictor Memory dependence prediction

Hazards

Parallel level

Bit

Bit-serial Word

Instruction Pipelining

Scalar Superscalar

Task

Thread Process

Data

Vector

Memory

Multithreading

Temporal Simultaneous (SMT) (Hyper-threading) Speculative (SpMT) Preemptive Cooperative Clustered Multi-Thread (CMT) Hardware scout

Flynn's taxonomy

SISD SIMD
SIMD
(SWAR) SIMT MISD MIMD

SPMD

Addressing mode

CPU performance

Instructions per second (IPS) Instructions per clock (IPC) Cycles per instruction (CPI) Floating-point operations per second (FLOPS) Transactions per second (TPS) Synaptic Updates Per Second (SUPS) Performance per watt Orders of magnitude (computing) Cache performance measurement and metric

Core count

Single-core processor Multi-core processor Manycore processor

Types

Central processing unit
Central processing unit
(CPU) GPGPU AI accelerator Vision processing unit (VPU) Vector processor Barrel processor Stream processor Digital signal processor
Digital signal processor
(DSP) I/O processor/DMA controller Network processor Baseband processor Physics processing unit
Physics processing unit
(PPU) Coprocessor Secure cryptoprocessor ASIC FPGA FPOA CPLD Microcontroller Microprocessor Mobile processor Notebook processor Ultra-low-voltage processor Multi-core processor Manycore processor Tile processor Multi-chip module
Multi-chip module
(MCM) Chip stack multi-chip modules System on a chip
System on a chip
(SoC) Multiprocessor system-on-chip (MPSoC) Programmable System-on-Chip
System-on-Chip
(PSoC) Network on a chip (NoC)

Components

Execution unit (EU) Arithmetic logic unit
Arithmetic logic unit
(ALU) Address generation unit
Address generation unit
(AGU) Floating-point unit
Floating-point unit
(FPU) Load-store unit (LSU) Branch predictor Unified Reservation Station Barrel shifter Uncore Sum addressed decoder (SAD) Front-side bus Back-side bus Northbridge (computing) Southbridge (computing) Adder (electronics) Binary multiplier Binary decoder Address decoder Multiplexer Demultiplexer Registers Cache Memory management unit
Memory management unit
(MMU) Input–output memory management unit
Input–output memory management unit
(IOMMU) Integrated Memory Controller (IMC) Power Management Unit (PMU) Translation lookaside buffer
Translation lookaside buffer
(TLB) Stack engine Register file Processor register Hardware register Memory buffer register (MBR) Program counter Microcode
Microcode
ROM Datapath Control unit Instruction unit Re-order buffer Data buffer Write buffer Coprocessor Electronic switch Electronic circuit Integrated circuit Three-dimensional integrated circuit Boolean circuit Digital circuit Analog circuit Mixed-signal integrated circuit Power management integrated circuit Quantum circuit Logic gate

Combinational logic Sequential logic Emitter-coupled logic
Emitter-coupled logic
(ECL) Transistor–transistor logic
Transistor–transistor logic
(TTL) Glue logic

Quantum gate Gate array Counter (digital) Bus (computing) Semiconductor device Clock rate CPU multiplier Vision chip Memristor

Power management

APM ACPI Dynamic frequency scaling Dynamic voltage scaling Clock gating

Hardware security

Non-executable memory (NX bit) Memory Protection Extensions ( Intel
Intel
MPX) Intel
Intel
Secure Key Hardware restriction (firmware) Software Guard Extensions ( Intel
Intel
SGX) Trusted Execution Technology Trusted Platform Module
Trusted Platform Module
(TPM) Secure cryptoprocessor Hardware security module Hengzhi chip

Related

History of general-purpose CPUs

v t e

Instruction set
Instruction set
extensions

SIMD
SIMD
(RISC)

Alpha

MVI

ARM

NEON

MIPS

MDMX MIPS-3D MXU MIPS SIMD

PA-RISC

MAX

Power ISA

AltiVec

SPARC

VIS

SIMD
SIMD
(x86)

MMX (1996) 3DNow! (1998) SSE (1999) SSE2 (2001) SSE3 (2004) S SSE3 (2006) SSE4 (2006) SSE5 (2007) AVX (2008) F16C (2009) XOP (2009) FMA (FMA4: 2011, FMA3: 2012) AVX2 (2013) AVX-512 (2015)

Bit manipulation

BMI (ABM: 2007, BMI1: 2012, BMI2: 2013, TBM: 2012) ADX (2014)

Compressed instructions

Thumb MIPS16e ASE

Security and cryptography

AES-NI (2008); 32- and 6 4-bit
4-bit
ARMv8 also has AES instructions CLMUL (2010) RdRand (2012) SHA (2013) MPX (2015) SGX (2015)

Transactional memory

TSX (2013) ASF

Virtualization

VT-x
VT-x
(2005) AMD-V
AMD-V
(2006)

Suspended extensions' dates have be

.