schmittlauch/surveypaper-drm-tee
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

background: Intel SGX

Browse source
This commit is contained in:
Trolli Schmittlauch 2018-09-07 15:29:46 +02:00
parent e2c16a23b3
commit 99dd83b1aa
3 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
glossary.tex
View file

@ -1,6 +1,7 @@
\acro{DMCA}{Digital Millenium Copyright Act}
\acro{DRM}{Digital Rights Management}
\acro{OS}{operating system}
\acro{SGX}{Software Guard Extensions}
\acro{SoC}{system on a chip}
\acro{TPM}{Trusted Platform Module}
\acro{TEE}{Trusted Execution Environment}

8
main.tex
View file

@ -163,12 +163,12 @@ Although Apple's own \acp{SoC} use the ARM architecture, the company has decided
\subsubsection{Intel SGX}\label{sec:SGX}
Intel's \acf{SGX} are a method to launch multiple trusted components into their own fully isolated \textit{enclaves} and thus, according to \cite{hartigLateralThinkingTrustworthy2017}, can be seen as a more advanced version of the late-launch approach (\ref{sec:TPM}).
Enclaves can be scheduled by the OS like normal processes, but code and memory of enclaves are only visible from the inside. Enclave memory resides in the common system's DRAM but is transparently encrypted. \\
Additionally, \ac{SGX} includes attestation of code running within an enclave similar to \ac{TPM}, but itself doesn't provide secure storage or other \ac{TPM} features. \\
As only userland code running in ring 3 can be run inside enclaves, relying on the \ac{OS} for scheduling and resource management, \ac{SGX} is vulnerable to side-channel attacks \cite{peinadom.ControlledChannelAttacksDeterministic2015}.
lockdown techniques: TPM, secure boot
TEEs: SGX, TrustZone
(InkTag?)
Android DRM, EME DRM arch, TBDRM (-> fTPM)

7
mybib.bib
View file

@ -290,4 +290,11 @@ This paper's contributions are a summary of the Intel-specific architectural and
file = {/home/spiollinux/Zotero/storage/285DX2TJ/ARM Security Technology Building a Secure System u.pdf}
}
@inproceedings{peinadom.ControlledChannelAttacksDeterministic2015,
title = {Controlled-{{Channel Attacks}}: {{Deterministic Side Channels}} for {{Untrusted Operating Systems}}.},
booktitle = {Proc. of the 36th {{IEEE Symposium}} on {{Security}} and {{Pri}}- Vacy ({{Oakland}})},
author = {{PEINADO, M.} and {XU, Y.} and {CUI, W.}},
year = {2015}
}