<p dir="ltr"><br>
On 18 May 2015 09:30, "Henry Baker" <<a href="mailto:hbaker1@pipeline.com">hbaker1@pipeline.com</a>> wrote:<br>
><br>
> Perhaps it's just me, or perhaps it's just the lecturer, but this Intel "SGX" looks like BS piled higher & deeper -- i.e., building better places for hackers (including nation-states) to hide their malware, and still more complexity that hasn't been (can't be ?) proven correct.<br>
></p>
<p dir="ltr">To be fair, it's not a bad idea and we'll need to wait and see about the implementation. I hasten to add that VMM doesn't get this sort of press for providing memory isolation in hardware and extensions like vt-d are generally regarded as a good idea (people can moan about the way they do it) </p>
<p dir="ltr">More abstractly pushing more of the responsibility of software protection into hardware could well make it harder to attack by the vast majority of threats. </p>
<p dir="ltr">Sure it's an evolving landscape and the bias may just shift but that doesn't mean it should get written off.</p>
<p dir="ltr">As for a place to hide malware, well there are plenty of places inside a modern processor architecture to achieve that today. Creating more mechanisms, painting a target on them called 'security stuff' on them and using them as a new vector seems at the very least unnecessary. </p>
<p dir="ltr">Max</p>
<p dir="ltr">> <a href="https://web.stanford.edu/class/ee380/Abstracts/150415.html">https://web.stanford.edu/class/ee380/Abstracts/150415.html</a><br>
><br>
> Intel Software Guard Extensions<br>
> Innovative Instructions for Next Generation Isolated Execution<br>
><br>
> Frank McKeen<br>
> Intel Corporation<br>
><br>
> About the talk:<br>
><br>
> This talk describes Intel's Software Guard Extensions (SGX) technology. SGX provides new tools and hardware facilities to software developers to protect an application's secrets. In today's computing environment the ability to keep a secret requires the integrity of millions of line of software in the OS, VMM, and application. SGX creates a trusted environment called an enclave inside the application. An enclave provides an ability to protect the secret without dependency on the integrity of any other code. The talk will describe the programming environment, instruction set, and hardware facilities which make up the SGX architecture.<br>
><br>
> Slides:<br>
><br>
> Download the de-animated slides for this talk in PDF format.<br>
><br>
> <a href="http://ee380.stanford.edu/Abstracts/150415-slides.pdf">http://ee380.stanford.edu/Abstracts/150415-slides.pdf</a><br>
><br>
> Videos:<br>
><br>
> Join the live presentation. Wednesday April 15, 4:15-5:30. Requires Microsoft Windows Media player.<br>
> View video by lecture sequence. Spring 2015 series only, HTML5. Available after 8PM on the days of the lecture.<br>
> <a href="https://mvideos.stanford.edu/graduate#/SeminarDetail/Winter/2015/EE/380">https://mvideos.stanford.edu/graduate#/SeminarDetail/Winter/2015/EE/380</a><br>
><br>
> View Video on YouTube.<br>
> <a href="https://youtu.be/mPT_vJrlHlg">https://youtu.be/mPT_vJrlHlg</a><br>
><br>
> About the speaker:<br>
><br>
> Frank McKeen: Principal Engineer, Security Research Lab, Intel, Portland OR, USA.<br>
><br>
> Frank is the inventor of the SGX architecture and leader of the SGX architecture research team. He has previous experience in microprocessor design, security concepts, and trusted computing. He received a BSEE from Northeastern University and is a member of the IEEE.<br>
><br>
> _______________________________________________<br>
> The cryptography mailing list<br>
> <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a><br>
> <a href="http://www.metzdowd.com/mailman/listinfo/cryptography">http://www.metzdowd.com/mailman/listinfo/cryptography</a></p>