Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
82 Views

Putting All application code in Enclave

Jump to solution

Hi, I'm studying Intel SGX and applying it to an application.

And I am curious whether I can put all the application code in Enclave and run the application securely.

I mean whether I could put the all existing application codes in Enclave (for example including main function and some projects of the visual studio solution)

If It could be put in Enclave, I want to know how to do it.

 

Best regards

Suin

0 Kudos

Accepted Solutions
Highlighted
Employee
82 Views

Hi,

Intel SGX is a set of CPU code instructions that allows user-level code to allocate private regions of memory and the allocated memory needs to be minimal. The enclave size is 128 Mb and it is very small to load and entire application. And enclave must contain only the code that needs to be protected such as passwords,account numbers,financial information...to protect from Os attacks. And if the application size is large and it has some system calls,which are not supported inside enclave then it cannot be used inside the enclave. 

But you can develop your application in such a way that no one can tamper with you data by storing all the critical functions inside the enclave. 

View solution in original post

0 Kudos
4 Replies
Highlighted
Employee
83 Views

Hi,

Intel SGX is a set of CPU code instructions that allows user-level code to allocate private regions of memory and the allocated memory needs to be minimal. The enclave size is 128 Mb and it is very small to load and entire application. And enclave must contain only the code that needs to be protected such as passwords,account numbers,financial information...to protect from Os attacks. And if the application size is large and it has some system calls,which are not supported inside enclave then it cannot be used inside the enclave. 

But you can develop your application in such a way that no one can tamper with you data by storing all the critical functions inside the enclave. 

View solution in original post

0 Kudos
Highlighted
New Contributor III
82 Views

Generally, a SGX Application is partitioned into two parts, untrusted part and trusted part. Trusted part should include the code and data you want to protect. Untrusted part include normal code and data, as well as the code for managing enclave (load  and destroy enclave). So you can not put all of your code into enclave.

0 Kudos
Highlighted
New Contributor I
82 Views

Library OS enables unmodified applications inside SGX. You could refer to Graphene-SGX for such a system on Linux.

0 Kudos
Highlighted
Beginner
82 Views

Thanks everyone

I understood that it is hard to put the entire application inside the enclave.

I have another question.

Could I use global variable inside enclave securely?

I checked that local variables of trusted function inside enclave were encrypted but global variables inside enclave were not encrypted.

I thought the local variables were encrypted because the variables were used in the trusted functions defined in .edl file.

I hope to know how to use the global variables in enclave if I could use them.

Best regards

Suin

0 Kudos