Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1480 Discussions

How local attestation in SGX make sure code running in the Enclave is secure?

JulienNiu
Beginner
1,191 Views

I am reading the 'Local Attestation' sample code. I know local attestation can build a secure link so that two enclaves can share their secret data. However, if Enclave 2 wants to connect Enclave 1, how can Enclave 1 know the code in Enclave 2 is secure? For example, if the code in Enclave 2 is leaking private information to outside or unsafe space, how can Enclave 1 know it?

0 Kudos
1 Solution
JesusG_Intel
Moderator
1,162 Views

The only thing you can be sure of is that the code was written by a trustworthy party and then you can make assumptions about the code based on that. Your enclave should still do reasonable security checks on the data it interacts with.


View solution in original post

0 Kudos
3 Replies
JesusG_Intel
Moderator
1,167 Views

Hello Julien,


A basic premise of SGX enclaves is that enclaves do not trust the external environment, i.e. any code, including other enclaves, that is running outside of the enclave. Every enclave running on a platform is its own separate and independent DLL file. When local attestation occurs, the enclaves prove to each other that they are trustworthy enclaves that were instantiated on the same platform but the only way they communicate is by sending data to each other. Enclaves do not "connect" to each other; they are always separate and independent. They communicate via messages to each other and cannot see what the other enclave does beyond those messages.


So, if an enclave is doing something it should not do, such as leaking secrets, there is no SGX-native way for another enclave to know. The only way for another enclave to detect this is if it gets this information via other means.


0 Kudos
JulienNiu
Beginner
1,164 Views

Thanks!!!

My current understanding is that it is the programmer who should be responsible to make sure the enclave will not leak any private information. I noticed in 'local attestation', each enclave need to check the MRSIGNER of both enclaves, so that it can make sure the code in the enclave is written by a trustworthy party (I know it is just one of the policy). Therefore, if it is written by a trustworthy party, then we should believe the code in the enclave is secure (not leaking private information).

Did I understand it corrently?

JesusG_Intel
Moderator
1,163 Views

The only thing you can be sure of is that the code was written by a trustworthy party and then you can make assumptions about the code based on that. Your enclave should still do reasonable security checks on the data it interacts with.


0 Kudos
Reply