- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I'm studying Intel SGX and applying it to an application.
And I am curious whether I can put all the application code in Enclave and run the application securely.
I mean whether I could put the all existing application codes in Enclave (for example including main function and some projects of the visual studio solution)
If It could be put in Enclave, I want to know how to do it.
Best regards
Suin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Intel SGX is a set of CPU code instructions that allows user-level code to allocate private regions of memory and the allocated memory needs to be minimal. The enclave size is 128 Mb and it is very small to load and entire application. And enclave must contain only the code that needs to be protected such as passwords,account numbers,financial information...to protect from Os attacks. And if the application size is large and it has some system calls,which are not supported inside enclave then it cannot be used inside the enclave.
But you can develop your application in such a way that no one can tamper with you data by storing all the critical functions inside the enclave.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Intel SGX is a set of CPU code instructions that allows user-level code to allocate private regions of memory and the allocated memory needs to be minimal. The enclave size is 128 Mb and it is very small to load and entire application. And enclave must contain only the code that needs to be protected such as passwords,account numbers,financial information...to protect from Os attacks. And if the application size is large and it has some system calls,which are not supported inside enclave then it cannot be used inside the enclave.
But you can develop your application in such a way that no one can tamper with you data by storing all the critical functions inside the enclave.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Generally, a SGX Application is partitioned into two parts, untrusted part and trusted part. Trusted part should include the code and data you want to protect. Untrusted part include normal code and data, as well as the code for managing enclave (load and destroy enclave). So you can not put all of your code into enclave.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Library OS enables unmodified applications inside SGX. You could refer to Graphene-SGX for such a system on Linux.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks everyone
I understood that it is hard to put the entire application inside the enclave.
I have another question.
Could I use global variable inside enclave securely?
I checked that local variables of trusted function inside enclave were encrypted but global variables inside enclave were not encrypted.
I thought the local variables were encrypted because the variables were used in the trusted functions defined in .edl file.
I hope to know how to use the global variables in enclave if I could use them.
Best regards
Suin
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page