Intel software guard extension
2 likes•995 views
The document outlines Intel's Software Guard Extensions (SGX), a technology designed to create a trusted execution environment for secure data and application processing in both client and data center settings. It emphasizes SGX's ability to protect sensitive information from various attacks while also detailing the need for hardware-based security measures in modern computing. Additionally, the document mentions the significance of SGX in safeguarding identity and data against evolving security threats.
Intel software guard extension
- 1. FOR EXTERNAL USE – 12th September , 2017
- 2. LegalDisclaimersandNotices No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest forecast, schedule, specifications and roadmaps. The products described in this document may contain defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com. Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. © 2017 Intel Corporation 2
- 3. 3 Modern computing requires a capability to store secrets and execute securely – a “Trusted Execution Environment” (TEE). This need is increasing with new and more advanced threats in computing. 1 2 3 SGX is the result of many years of research and builds on a foundation of knowledge of bringing multiple security technologies to market and includes solutions to a number of very interesting challenges… Intel® Software Guard Extensions (Intel® SGX) is Intel’s TEE for client and data center. It provides the foundation for many secure use cases. Trusted Execution for all developers Executivesummary
- 4. 4 Intel®SoftwareGuardExtension(SGX)Analogy Intel® SGX is analogous to a safe in your hotel room • You can put a few things in it – wallet, watch, sensitive documents, keys, etc., … not your entire house. • If the hotel experiences a catastrophic event, like a fire, your high value items are secure. • Similar to one’s high value items, our digital life needs to be secure. • SGX existence safeguards identity, data, and browsing, making your life easier and better. • SGX utilizes a small amount of CPU memory to protect sensitive application information.
- 5. Intel®SGXIntel SGXprovidesatrustedcomputingenclave(island)wheredataandapplicationsareprotectedindependentlyoftheoperatingsystemorhardware configurationitself. Protects against SW attacks even if OS/drivers/ BIOS/VMM/SMM are compromised Smallest possible Trusted Compute Block (TCB) Secrets (data/keys/et al) remain protected even when attacker has full control of platform Other technologies allow some privileged SW in their boundary Prevents attacks like memory bus snooping, memory tampering, and “cold boot” attacks against memory contents in RAM Protection for hard-to-protect or unprotected spaces Provides hardware-based attestation capabilities to measure and verify valid code and data signatures Increases transparency and accountability 5 Cloud Tenant & Data Provider Untrusted - CSP Environment Trusted – Intel® SGX enclave Protected Application Protected Input Data Secrets Ex. SSN, City, Credit Card Number Encrypted Data Encrypted Results
- 6. SGX enabled solutions can provide protection for workloads running on devices Services& Practices Solutions FPGA PC Client DataCenter Vehicles Storage New Devices Comms AI & Machine Learning Ecosystem3 Developers 4 SiliconFoundation1 5 IoT 2 SGX @ Root of Trust SGX Protects App Data & Content SGX APIs & SDKs Attestation Identity, Data, Compute Enablingtrustedcomputing@thesiliconrootoftrust 6
- 7. 7 Academic papers More than 125 (83 in 2017) academic papers written on use cases (and potential vulnerabilities) for SGX Intel Confidential New use cases are being termed as “art of possibilities”
- 8. ®
- 9. 9 Execution Isolation at the Application boundary1 2 3 Recovery from HW Issues Attestation and Sealing at the Application boundary KeyChallenges
- 10. 10 Execution Isolation at the Application boundary1 2 3 Recovery from HW Issues Attestation and Sealing at the Application boundary KeyChallenges
- 11. ReducingtheAttackSurface Hyper-focusedtrustboundary Application gains ability to defend its own secrets Memory protection model changed for NEW protected region of memory (PRM) New instructions added to create smallest attack surface Familiar IA Development and Debug SDK & Integrated Dev Environment enhancements Scalable Main core performance All HW threads can used inside an enclave Protected memory can be securely paged 11 Attack surface for legacy platforms Attack surface with Intel® SGX Hardware VMM OS App App App 1
- 12. Platform 12 SGXHigh-levelHardware/SoftwarePicture EPC M EPC SGX Module SGX User Runtime Enclave New Kernel Level Instructions ECREATE EADD EEXTEND EINIT EBLOCK SGX User Runtime Enclave Hdw Data Structure Hardware Runtime Application OS Data structure Application Environment Privileged Environment New Exposed Hardware New Application Level Instructions EEXIT EGETKEY EREPORT EENTER ERESUME Page tables ETRACK EWB ELD EPA EREMOVE 1
- 13. 13 SGXAccessControl Traditional IA Page Table Checks Enclave Access? Address in EPC? Address in EPC? Check EPCM Checks Pass ? Signal Fault No Yes No Yes No Allow Memory Access Replace Address With Abort Page Yes No Yes Linear Address Physical Address Non-Enclave Access Enclave Access 1
- 14. Jco3lks937weu0cwejpoi9987v80we IncreasingPhysicalAttackProtection 1. Security perimeter is the CPU package boundary 2. Data and code unencrypted inside CPU package 3. Data and code outside CPU package is encrypted and integrity checked 4. External memory reads and bus snoops see only encrypted data 14 System Memory Snoop Snoop Cores CacheAMEX: 3234- 134584-26864 INTEL CONFIDENTIAL
- 15. 15 Execution Isolation at the Application boundary1 2 3 Recovery from HW Issues Attestation and Sealing at the Application boundary KeyChallenges
- 16. 16 CriticalFeatures:AttestationandSealing Remote Platform Client Application Enclave Authenticated Channel Intel • App executes on local platform • HW based Attestation provides remote platform assurance that “this is the right app executing in the right platform” =>Remote platform can provision local platform with secrets • App can seal secrets to platform for future use 2
- 17. 17 Execution Isolation at the Application boundary1 2 3 TCB Recovery Attestation and Sealing to the Application boundary KeyChallenges
- 18. TCBRecovery TCB recovery is the process of being able to cryptographically demonstrate that the TCB has been updated to fix a potential security issue First we issue all the HW component with a “Security Version Number” This is used to derive a “TCB specific” key from the HW key in the part. When a new update is issued all keys are derived from a new TCB specific key. Note: this mechanism is cannot be modified as part of a TCB update itself. 3 Unverifiable Code Base HW Key TCB KeyPRF TCB SVN
- 19. 19 DataMigration But what about all the data sealed to an previous TCB key? A backwards loop is used to provide forward secrecy, but allows “previous” TCB specific keys to be retrieved This allows the CPU to continue to “go back” by performing additional PRF’s Unverifiable Code Base Initial Key TCB KeyPRF Derivation String (usually a constant) Temp Loop (MAX-SVN) times
- 20. 20 Execution Isolation at the Application boundary1 2 3 Recovery from HW Issues Attestation and Sealing at the Application boundary KeyChallengessoftware.intel.com/SGX The site has the latest info on: SDK & Developer Resources White Papers Support Forum
- 21. 21