One might be forgiven for having no idea what the acronym SGX stands for, especially with respect to the Intel chipset. Even a careful search of LexisNexis Academic failed to turn up any useful information. However, these three letters may prove to be the most significant thing to happen in the anti malware space in 2014. SGX stands for ‘Software Guard Extensions’ and it has the capacity to dramatically change long-held assumptions about how different software packages can coexist and, to some extent, battle each other in memory on untrusted platforms. This has tremendous implications both for malware authors and for defenders, as a whole new set of possibilities now exist.
One of the first articles we came across about the technology was a great post on Joanna Rutkowska’s Invisible Things blog [1]. That post and its follow-up are worth reading for Joanna’s take on what could be done with the new instructions. The blog post pre-dated the release of any technical documentation from Intel – now that this is available [2], we are in a position to take things a little further.
So, what exactly is SGX? Put simply, SGX is a brand new instruction set coming to Intel’s processors in the near future. While it may not make it to the desktop (this really is to be determined), it seems likely that it will be a big part of cloud servers in the future. The objective of SGX is to provide secure ‘enclaves’ in which data and code can execute without fear of inspection or modification. Coupled with remote attestation, it essentially attempts to allow developers to build a root of trust even in an untrusted environment.
As we have never seen a chip with SGX on it in the real world, we will take a rather lengthy quote from Intel’s website [2] to detail the intent of the new instruction set:
‘Much of the motivation for Intel® SGX can be summarized in the following eight objectives:
Intel SGX is designed to be regularly updated to be continuously hardened against attacks Verification Intel SGX enables applications to request verification that they are running on patched and uncompromised systems Intel SGX: oving beyond encrypted data to encrypted computing How Intel SGX addresses security vulnerabilities. Intel(R) SGX DCAP Installers for Ubuntu. 16.04; Intel(R) SGX DCAP Installers for Ubuntu. 18.04; Intel(R) SGX DCAP Installers for Ubuntu. 20.04; Intel(R) SGX DCAP Installers for Red Hat. Enterprise Linux.
// Intel is committed to respecting human rights and avoiding complicity in human rights abuses. See Intel’s Global Human Rights Principles. Intel’s products and software are intended only to be used in applications that do not cause or contribute to a violation of an internationally recognized human right. Intel® SGX To mitigate the potential exploits of Load Value Injection (LVI) on platforms and applications utilizing Intel® SGX, Intel is releasing updates to the SGX Platform Software (PSW) and SDK starting today. The Intel® SGX SDK includes guidance on how to.
Allow application developers to protect sensitive data from unauthorized access or modification by rogue software running at higher privilege levels.
Enable applications to preserve the confidentiality and integrity of sensitive code and data without disrupting the ability of legitimate system software to schedule and manage the use of platform resources.
Enable consumers of computing devices to retain control of their platforms and the freedom to install and uninstall applications and services as they choose.
Enable the platform to measure an application’s trusted code and produce a signed attestation, rooted in the processor, that includes this measurement and other certification that the code has been correctly initialized in a trustable environment.
Enable the development of trusted applications using familiar tools and processes.
Allow the performance of trusted applications to scale with the capabilities of the underlying application processor.
Enable software vendors to deliver trusted applications and updates at their cadence, using the distribution channels of their choice.
Enable applications to define secure regions of code and data that maintain confidentiality even when an attacker has physical control of the platform and can conduct direct attacks on memory.’
Intel Sgx Permanent Disable
That’s a pretty nice set of claims – so much so that it could be a real game changer if SGX delivers on its promises. However, as we shall see in this article, while trust sounds like a good thing, it is most definitely a double edged sword.
Intel Sgx Sdk
Using Intel’s roadmap, it is pretty clear to see one of the problem spaces Intel was intending to address: trustworthy cloud computing. The use-case for an application designer is pretty straightforward. If software and hardware could be ‘sealed’ in some way to prevent an attacker from examining data in main memory, even if the attacker had administrator level privileges on the machine, not only could the confidentiality and integrity of data in the cloud be protected, but the algorithms and design of cloud hosted applications could also be hidden from prying eyes.