Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Enforcing execute-only memory inside SGX enclaves

yunfeng7854
New Contributor I
189 Views

I have a question about enforcing execute-only memory inside SGX enclaves. What I am trying to do is to mark an enclave page as executable and non-readable. The XnR memory has been used by Readactor (link) to protect against return-oriented programming attacks.

As far as I know Intel provides the Extended Page Tables (EPTs) to translate guest physical memory to real physical memory, and it enables execute-only code pages in the guest address space. As both the guest operating system and the VMM are untrusted, I am curious about whether it's possible inside SGX enclaves.

Thanks

0 Kudos
0 Replies
Reply