diff --git a/glossary.tex b/glossary.tex index b9bd8ff..b0f6077 100644 --- a/glossary.tex +++ b/glossary.tex @@ -1,6 +1,7 @@ \acro{DMCA}{Digital Millenium Copyright Act} \acro{DRM}{Digital Rights Management} \acro{OS}{operating system} +\acro{SGX}{Software Guard Extensions} \acro{SoC}{system on a chip} \acro{TPM}{Trusted Platform Module} \acro{TEE}{Trusted Execution Environment} diff --git a/main.tex b/main.tex index d33d9f9..529bc94 100755 --- a/main.tex +++ b/main.tex @@ -163,12 +163,12 @@ Although Apple's own \acp{SoC} use the ARM architecture, the company has decided \subsubsection{Intel SGX}\label{sec:SGX} +Intel's \acf{SGX} are a method to launch multiple trusted components into their own fully isolated \textit{enclaves} and thus, according to \cite{hartigLateralThinkingTrustworthy2017}, can be seen as a more advanced version of the late-launch approach (\ref{sec:TPM}). +Enclaves can be scheduled by the OS like normal processes, but code and memory of enclaves are only visible from the inside. Enclave memory resides in the common system's DRAM but is transparently encrypted. \\ +Additionally, \ac{SGX} includes attestation of code running within an enclave similar to \ac{TPM}, but itself doesn't provide secure storage or other \ac{TPM} features. \\ +As only userland code running in ring 3 can be run inside enclaves, relying on the \ac{OS} for scheduling and resource management, \ac{SGX} is vulnerable to side-channel attacks \cite{peinadom.ControlledChannelAttacksDeterministic2015}. -lockdown techniques: TPM, secure boot - -TEEs: SGX, TrustZone - (InkTag?) Android DRM, EME DRM arch, TBDRM (-> fTPM) diff --git a/mybib.bib b/mybib.bib index 86f7f8e..252eaf6 100644 --- a/mybib.bib +++ b/mybib.bib @@ -290,4 +290,11 @@ This paper's contributions are a summary of the Intel-specific architectural and file = {/home/spiollinux/Zotero/storage/285DX2TJ/ARM Security Technology Building a Secure System u.pdf} } +@inproceedings{peinadom.ControlledChannelAttacksDeterministic2015, + title = {Controlled-{{Channel Attacks}}: {{Deterministic Side Channels}} for {{Untrusted Operating Systems}}.}, + booktitle = {Proc. of the 36th {{IEEE Symposium}} on {{Security}} and {{Pri}}- Vacy ({{Oakland}})}, + author = {{PEINADO, M.} and {XU, Y.} and {CUI, W.}}, + year = {2015} +} +