- Als neu kennzeichnen
- Lesezeichen
- Abonnieren
- Stummschalten
- RSS-Feed abonnieren
- Kennzeichnen
- Anstößigen Inhalt melden
Hi, I'm studying Intel SGX and applying it to an application.
And I am curious whether I can put all the application code in Enclave and run the application securely.
I mean whether I could put the all existing application codes in Enclave (for example including main function and some projects of the visual studio solution)
If It could be put in Enclave, I want to know how to do it.
Best regards
Suin
- Als neu kennzeichnen
- Lesezeichen
- Abonnieren
- Stummschalten
- RSS-Feed abonnieren
- Kennzeichnen
- Anstößigen Inhalt melden
Hi,
Intel SGX is a set of CPU code instructions that allows user-level code to allocate private regions of memory and the allocated memory needs to be minimal. The enclave size is 128 Mb and it is very small to load and entire application. And enclave must contain only the code that needs to be protected such as passwords,account numbers,financial information...to protect from Os attacks. And if the application size is large and it has some system calls,which are not supported inside enclave then it cannot be used inside the enclave.
But you can develop your application in such a way that no one can tamper with you data by storing all the critical functions inside the enclave.
Link kopiert
- Als neu kennzeichnen
- Lesezeichen
- Abonnieren
- Stummschalten
- RSS-Feed abonnieren
- Kennzeichnen
- Anstößigen Inhalt melden
Hi,
Intel SGX is a set of CPU code instructions that allows user-level code to allocate private regions of memory and the allocated memory needs to be minimal. The enclave size is 128 Mb and it is very small to load and entire application. And enclave must contain only the code that needs to be protected such as passwords,account numbers,financial information...to protect from Os attacks. And if the application size is large and it has some system calls,which are not supported inside enclave then it cannot be used inside the enclave.
But you can develop your application in such a way that no one can tamper with you data by storing all the critical functions inside the enclave.
- Als neu kennzeichnen
- Lesezeichen
- Abonnieren
- Stummschalten
- RSS-Feed abonnieren
- Kennzeichnen
- Anstößigen Inhalt melden
Generally, a SGX Application is partitioned into two parts, untrusted part and trusted part. Trusted part should include the code and data you want to protect. Untrusted part include normal code and data, as well as the code for managing enclave (load and destroy enclave). So you can not put all of your code into enclave.
- Als neu kennzeichnen
- Lesezeichen
- Abonnieren
- Stummschalten
- RSS-Feed abonnieren
- Kennzeichnen
- Anstößigen Inhalt melden
Library OS enables unmodified applications inside SGX. You could refer to Graphene-SGX for such a system on Linux.
- Als neu kennzeichnen
- Lesezeichen
- Abonnieren
- Stummschalten
- RSS-Feed abonnieren
- Kennzeichnen
- Anstößigen Inhalt melden
Thanks everyone
I understood that it is hard to put the entire application inside the enclave.
I have another question.
Could I use global variable inside enclave securely?
I checked that local variables of trusted function inside enclave were encrypted but global variables inside enclave were not encrypted.
I thought the local variables were encrypted because the variables were used in the trusted functions defined in .edl file.
I hope to know how to use the global variables in enclave if I could use them.
Best regards
Suin
- RSS-Feed abonnieren
- Thema als neu kennzeichnen
- Thema als gelesen kennzeichnen
- Diesen Thema für aktuellen Benutzer floaten
- Lesezeichen
- Abonnieren
- Drucker-Anzeigeseite