****Update****
Microsoft Azure now supports Intel in a new technology feature called Azure confidential computing. The feature keeps sensitive information safe from hackers, malicious insiders, and government intrusion. Click here to read more about Intel SGX in Azure confidential computing.

While there might not be too many secrets (pace, Sneakers), there is definitely a lot of sensitive information in need of protection. Good crypto is certainly important for protecting our secrets in motion and at rest—but encryption can only go so far. If your operating system has been compromised by malware, no amount of cryptography will save you because the malware already has all of your encryption keys. It was this problem—how do you protect sensitive information even from the OS—that led Intel to produce Intel Software Guard Extensions (Intel SGX).

In future posts, I’ll explore more details about Intel SGX, but for now, let’s take a quick, high-level look at Intel’s take on the trusted execution environment. Intel centers its version of trusted execution on what it calls “enclaves,” protected regions of memory guarded by a mixture of software-based and hardware-based encryption. The hardware component of this protection is vital, because it helps ensure that even a compromised OS can’t see into an enclave.[1]

A key point to understand about enclaves is that they are small, with less than 128 MB of memory to share among all enclaves running on a Windows OS–based computer.[2] In other words, Intel SGX enclaves are best thought of as redoubts for small secrets that need high security rather than sprawling fortresses in which to keep everything worth protecting. For example, a digital-rights-management (DRM) application would keep the encryption key for a movie in an enclave rather than storing the entire movie itself within the enclave. The application would then read blocks of the encrypted movie from disk into the enclave; there, those blocks would be decrypted and written back out to unprotected memory, from which they could then be played for the user.

In my next post for this series, I’ll explain in more detail how the portions of applications running untrusted (that is, non-enclave) memory interact with enclaves, and later on I’ll explore other use cases for Intel SGX enclaves. Until then, you can learn more about Intel SGX on its homepage at https://software.intel.com/en-us/sgx.

To keep up with more emerging trends and technologies, follow Prowess on our blogTwitter, and LinkedIn.

[1] Another vital point about Intel SGX enclaves is that they run exclusively in protection Ring 3 (the application layer). There are some good logistical reasons for Intel’s design choice here, but the most compelling reason is that of security: if enclaves could run in Ring 0, any malware that got inside there would be the ultimate root kit!

[2] Intel SGX running on Linux OS–based computers supports paging, so theoretically enclaves on Linux boxes can be arbitrarily large, but the performance overhead of enclave-based operations makes sprawling enclaves impractical. Even on Linux, enclaves want to be as lean as possible.

Share this:

FacebooktwitterlinkedinmailFacebooktwitterlinkedinmail