Secure Processors Part II: Intel SGX Security Analysis and MIT Sanctum Architecture

Q1 Computer Science Foundations and Trends in Electronic Design Automation Pub Date : 2017-07-13 DOI:10.1561/1000000052

Victor Costan, Ilia A. Lebedev, S. Devadas

{"title":"Secure Processors Part II: Intel SGX Security Analysis and MIT Sanctum Architecture","authors":"Victor Costan, Ilia A. Lebedev, S. Devadas","doi":"10.1561/1000000052","DOIUrl":null,"url":null,"abstract":"This manuscript is the second in a two part survey and analysis of the state of the art in secure processor systems, with a specific focus on remote software attestation and software isolation. The first part established the taxonomy and prerequisite concepts relevant to an examination of the state of the art in trusted remote computation: attested software isolation containers (enclaves). This second part extends Part I’s description of Intel’s Software Guard Extensions (SGX), an available and documented enclave-capable system, with a rigorous security analysis of SGX as a system for trusted remote computation. This part documents the authors’ concerns over the shortcomings of SGX as a secure system and introduces the MIT Sanctum processor developed by the authors: a system designed to offer stronger security guarantees, lend itself better to analysis and formal verification, and offer a more straightforward and complete threat model than the Intel system, all with an equivalent programming model. This two part work advocates a principled, transparent, and wellscrutinized approach to system design, and argues that practical guarantees of privacy and integrity for remote computation are achievable at a reasonable design cost and performance overhead. V. Costan, I. Lebedev and S. Devadas. Secure Processors Part II: Intel SGX Security Analysis and MIT Sanctum Architecture. Foundations and Trends © in Electronic Design Automation, vol. 11, no. 3, pp. 249–361, 2017. DOI: 10.1561/1000000052. Full text available at: http://dx.doi.org/10.1561/1000000052","PeriodicalId":42137,"journal":{"name":"Foundations and Trends in Electronic Design Automation","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Foundations and Trends in Electronic Design Automation","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1561/1000000052","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 21

Abstract

This manuscript is the second in a two part survey and analysis of the state of the art in secure processor systems, with a specific focus on remote software attestation and software isolation. The first part established the taxonomy and prerequisite concepts relevant to an examination of the state of the art in trusted remote computation: attested software isolation containers (enclaves). This second part extends Part I’s description of Intel’s Software Guard Extensions (SGX), an available and documented enclave-capable system, with a rigorous security analysis of SGX as a system for trusted remote computation. This part documents the authors’ concerns over the shortcomings of SGX as a secure system and introduces the MIT Sanctum processor developed by the authors: a system designed to offer stronger security guarantees, lend itself better to analysis and formal verification, and offer a more straightforward and complete threat model than the Intel system, all with an equivalent programming model. This two part work advocates a principled, transparent, and wellscrutinized approach to system design, and argues that practical guarantees of privacy and integrity for remote computation are achievable at a reasonable design cost and performance overhead. V. Costan, I. Lebedev and S. Devadas. Secure Processors Part II: Intel SGX Security Analysis and MIT Sanctum Architecture. Foundations and Trends © in Electronic Design Automation, vol. 11, no. 3, pp. 249–361, 2017. DOI: 10.1561/1000000052. Full text available at: http://dx.doi.org/10.1561/1000000052

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

安全处理器第二部分:Intel SGX安全分析和MIT Sanctum架构

这份手稿是安全处理器系统的两部分调查和分析中的第二部分，特别关注远程软件认证和软件隔离。第一部分建立了与检查可信远程计算的最新技术相关的分类法和先决概念:经过验证的软件隔离容器(enclave)。第二部分扩展了第1部分对Intel的Software Guard Extensions (SGX)的描述，SGX是一个可用的、文档化的支持飞地的系统，并对SGX作为可信远程计算系统进行了严格的安全性分析。这一部分记录了作者对SGX作为一个安全系统的缺点的关注，并介绍了作者开发的MIT Sanctum处理器:一个旨在提供更强的安全保证的系统，使其更好地用于分析和形式化验证，并提供比英特尔系统更直接和完整的威胁模型，所有这些都具有等效的编程模型。这两部分的工作提倡一种有原则的、透明的、经过仔细审查的系统设计方法，并认为在合理的设计成本和性能开销下，可以实现远程计算的隐私和完整性的实际保证。V. Costan, I. Lebedev和S. Devadas。安全处理器第二部分:Intel SGX安全分析和MIT Sanctum架构。基础与趋势©电子设计自动化，第11卷，第11期。3，第249-361页，2017。DOI: 10.1561 / 1000000052。全文可在:http://dx.doi.org/10.1561/1000000052

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Foundations and Trends in Electronic Design Automation ENGINEERING, ELECTRICAL & ELECTRONIC-

自引率

0.00%

发文量

期刊介绍： Foundations and Trends® in Electronic Design Automation publishes survey and tutorial articles in the following topics: - System Level Design - Behavioral Synthesis - Logic Design - Verification - Test - Physical Design - Circuit Level Design - Reconfigurable Systems - Analog Design Each issue of Foundations and Trends® in Electronic Design Automation comprises a 50-100 page monograph written by research leaders in the field.

期刊最新文献

From CNN to DNN Hardware Accelerators: A Survey on Design, Exploration, Simulation, and Frameworks Self-Powered Wearable IoT Devices for Health and Activity Monitoring On-Chip Dynamic Resource Management Contracts for System Design Non-Boolean Computing with Spintronic Devices