Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Can SGX protect applications without source code

yuanhai_c_
Beginner
405 Views

Hi,

I'm learning the Intel SGX and I have a question:
I wonder if I can use SGX to protect an application when I'm not the developer.In other words,if I can protect the application with only x86 binaries from service providers and application logic.
Tell me how.

Thank you.

0 Kudos
4 Replies
Shivananda_H_Intel
405 Views

No. 

You need to write your code using SGX API's and put the secretive part in enclave so that its protected .

You can refer to below link for for details on how to write a design an application using SGX API's.

https://software.intel.com/en-us/articles/introducing-the-intel-software-guard-extensions-tutorial-series

 

Regards

Shivnananda

0 Kudos
Dr__Greg
Super User
405 Views
For some definition of no.... :-) We build infrastructure on top of Linux which allows SGX to be used to protect the kernel and an application stack on top of it. The applications do not need to be modified in order to participate in the SGX protected security envelope. The protections are a subset of what would be enjoyed by a 'true' SGX enabled application but there are many applications which will never enjoy SGX protections so the operative question is whether or not some protection can be extended to them through the use of this technology. Security is all about making risk management decisions and gaining as much protection for as little cost as possible.
0 Kudos
Rodolfo_S_
New Contributor III
405 Views

Hi, Greg.

Are you able to attest your infrastructure prior to sending the application to it?

Best regards,
Rodolfo

0 Kudos
Dr__Greg
Super User
405 Views
Hi Rodolfo, sorry for the delay in responding back. Yes, an enclave which is either protecting the root behavior domain (platform) or a canister (container) can generate a quote which attests to either the behavior of the platform or the namespace which it is protecting. Our platforms integrate TXT and SGX so the behavioral quotes are tied to the dynamic root of trust measurement which is generated by the measured launch of the platform. SGX provides the protection envelope for the modeling engine which is measuring the conformance of the platform or container for adherence to the behavior which was designated for the entity by the developer. The value quoted is the extension sum of all the inode mediated information exchange events which the operating system has presided over. The quote thus informs a verifier that the application and kernel are in a known state at the time the quote was generated which of course can then be used to generate a seal for that platform state.
0 Kudos
Reply