Intel SGX Explained

Intel\u27s Software Guard Extensions (SGX) is a set of extensions to the Intel architecture that aims to provide integrity and privacy guarantees to security-sensitive computation performed on a computer where all the privileged software (kernel, hypervisor, etc) is potentially malicious. This paper analyzes Intel SGX, based on the 3 papers that introduced it, on the Intel Software Developer\u27s Manual (which supersedes the SGX manuals), on an ISCA 2015 tutorial, and on two patents. We use the papers, reference manuals, and tutorial as primary data sources, and only draw on the patents to fill in missing information. This paper\u27s contributions are a summary of the Intel-specific architectural and micro-architectural details needed to understand SGX, a detailed and structured presentation of the publicly available information on SGX, a series of intelligent guesses about some important but undocumented aspects of SGX, and an analysis of SGX\u27s security properties

A Survey of Trustworthy Computing on Mobile & Wearable Systems

Mobile and wearable systems have generated unprecedented interest in recent years, particularly in the domain of mobile health (mHealth) where carried or worn devices are used to collect health-related information about the observed person. Much of the information - whether physiological, behavioral, or social - collected by mHealth systems is sensitive and highly personal; it follows that mHealth systems should, at the very least, be deployed with mechanisms suitable for ensuring confidentiality of the data it collects. Additional properties - such as integrity of the data, source authentication of data, and data freshness - are also desirable to address other security, privacy, and safety issues. Developing systems that are robust against capable adversaries (including physical attacks) is, and has been, an active area of research. While techniques for protecting systems that handle sensitive data are well-known today, many of the solutions in use today are not well suited for mobile and wearable systems, which are typically limited with respect to power, memory, computation, and other capabilities. In this paper we look at prior research on developing trustworthy mobile and wearable systems. To survey this topic we begin by discussing solutions for securing computing systems that are not subject to the type of strict constraints associated with mobile and wearable systems. Next, we present other efforts to design and implement trustworthy mobile and wearable systems. We end with a discussion of future directions

Strongly Secure and Efficient Data Shuffle On Hardware Enclaves

Mitigating memory-access attacks on the Intel SGX architecture is an important and open research problem. A natural notion of the mitigation is cache-miss obliviousness which requires the cache-misses emitted during an enclave execution are oblivious to sensitive data. This work realizes the cache-miss obliviousness for the computation of data shuffling. The proposed approach is to software-engineer the oblivious algorithm of Melbourne shuffle on the Intel SGX/TSX architecture, where the Transaction Synchronization eXtension (TSX) is (ab)used to detect the occurrence of cache misses. In the system building, we propose software techniques to prefetch memory data prior to the TSX transaction to defend the physical bus-tapping attacks. Our evaluation based on real implementation shows that our system achieves superior performance and lower transaction abort rate than the related work in the existing literature.Comment: Systex'1