Browse Source

background: Intel SGX

master
Trolli Schmittlauch 2 years ago
parent
commit
99dd83b1aa
3 changed files with 12 additions and 4 deletions
  1. +1
    -0
      glossary.tex
  2. +4
    -4
      main.tex
  3. +7
    -0
      mybib.bib

+ 1
- 0
glossary.tex View File

@ -1,6 +1,7 @@
\acro{DMCA}{Digital Millenium Copyright Act}
\acro{DRM}{Digital Rights Management}
\acro{OS}{operating system}
\acro{SGX}{Software Guard Extensions}
\acro{SoC}{system on a chip}
\acro{TPM}{Trusted Platform Module}
\acro{TEE}{Trusted Execution Environment}


+ 4
- 4
main.tex View File

@ -163,12 +163,12 @@ Although Apple's own \acp{SoC} use the ARM architecture, the company has decided
\subsubsection{Intel SGX}\label{sec:SGX}
Intel's \acf{SGX} are a method to launch multiple trusted components into their own fully isolated \textit{enclaves} and thus, according to \cite{hartigLateralThinkingTrustworthy2017}, can be seen as a more advanced version of the late-launch approach (\ref{sec:TPM}).
Enclaves can be scheduled by the OS like normal processes, but code and memory of enclaves are only visible from the inside. Enclave memory resides in the common system's DRAM but is transparently encrypted. \\
Additionally, \ac{SGX} includes attestation of code running within an enclave similar to \ac{TPM}, but itself doesn't provide secure storage or other \ac{TPM} features. \\
As only userland code running in ring 3 can be run inside enclaves, relying on the \ac{OS} for scheduling and resource management, \ac{SGX} is vulnerable to side-channel attacks \cite{peinadom.ControlledChannelAttacksDeterministic2015}.
lockdown techniques: TPM, secure boot
TEEs: SGX, TrustZone
(InkTag?)
Android DRM, EME DRM arch, TBDRM (-> fTPM)


+ 7
- 0
mybib.bib View File

@ -290,4 +290,11 @@ This paper's contributions are a summary of the Intel-specific architectural and
file = {/home/spiollinux/Zotero/storage/285DX2TJ/ARM Security Technology Building a Secure System u.pdf}
}
@inproceedings{peinadom.ControlledChannelAttacksDeterministic2015,
title = {Controlled-{{Channel Attacks}}: {{Deterministic Side Channels}} for {{Untrusted Operating Systems}}.},
booktitle = {Proc. of the 36th {{IEEE Symposium}} on {{Security}} and {{Pri}}- Vacy ({{Oakland}})},
author = {{PEINADO, M.} and {XU, Y.} and {CUI, W.}},
year = {2015}
}

Loading…
Cancel
Save