Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Caller authentication

Lee__Junghee
Beginner
177 Views

Is there any method for Enclave to authenticate its caller? For example, Enclave A is supposed to be used only by application A. If an unauthorized application B (i.e. malware) tries to use Enclave A, how can Enclave A deny application B?

0 Kudos
1 Reply
Hoang_N_Intel
Employee
177 Views

Basically, this is part of the complexity on how to design the security of the application between the trusted and the untrusted part. In general, the Enclave should never disclose the secret or any sensitive data to external calls. Some simple technique such as using local file permission as authentication to pass data between the Enclave and only authorized application may work. It really depends on the application's use case and other factors such as performance.

Reply