[Cryptography] Intel SGX: Augean stables piled higher & deeper?

Max Kington mkington at webhanger.com
Mon May 18 05:19:09 EDT 2015 

On 18 May 2015 09:30, "Henry Baker" <hbaker1 at pipeline.com> wrote:
>
> Perhaps it's just me, or perhaps it's just the lecturer, but this Intel
"SGX" looks like BS piled higher & deeper -- i.e., building better places
for hackers (including nation-states) to hide their malware, and still more
complexity that hasn't been (can't be ?) proven correct.
>

To be fair, it's not a bad idea and we'll need to wait and see about the
implementation. I hasten to add that VMM doesn't get this sort of press for
providing memory isolation in hardware and extensions like vt-d are
generally regarded as a good idea (people can moan about the way they do
it)

More abstractly pushing more of the responsibility of software protection
into hardware could well make it harder to attack by the vast majority of
threats.

Sure it's an evolving landscape and the bias  may just shift but that
doesn't mean it should get written off.

As for a place to hide malware, well there are plenty of places inside a
modern  processor architecture to achieve that today. Creating more
mechanisms, painting a target on them called 'security stuff' on them and
using them as a new vector seems at the very least unnecessary.

Max

> https://web.stanford.edu/class/ee380/Abstracts/150415.html
>
> Intel Software Guard Extensions
> Innovative Instructions for Next Generation Isolated Execution
>
> Frank McKeen
> Intel Corporation
>
> About the talk:
>
> This talk describes Intel's Software Guard Extensions (SGX) technology.
SGX provides new tools and hardware facilities to software developers to
protect an application's secrets.  In today's computing environment the
ability to keep a secret requires the integrity of millions of line of
software in the OS, VMM, and application.  SGX creates a trusted
environment called an enclave inside the application.  An enclave provides
an ability to protect the secret without dependency on the integrity of any
other code.  The talk will describe the programming environment,
instruction set, and hardware facilities which make up the SGX architecture.
>
> Slides:
>
> Download the de-animated slides for this talk in PDF format.
>
> http://ee380.stanford.edu/Abstracts/150415-slides.pdf
>
> Videos:
>
> Join the live presentation. Wednesday April 15, 4:15-5:30.  Requires
Microsoft Windows Media player.
> View video by lecture sequence. Spring 2015 series only, HTML5. Available
after 8PM on the days of the lecture.
> https://mvideos.stanford.edu/graduate#/SeminarDetail/Winter/2015/EE/380
>
> View Video on YouTube.
> https://youtu.be/mPT_vJrlHlg
>
> About the speaker:
>
> Frank McKeen: Principal Engineer, Security Research Lab, Intel, Portland
OR, USA.
>
> Frank is the inventor of the SGX architecture and leader of the SGX
architecture research team. He has previous experience in microprocessor
design, security concepts, and trusted computing. He received a BSEE from
Northeastern University and is a member of the IEEE.
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150518/becb0aad/attachment.html>

More information about the cryptography mailing list