Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Sam5
New Contributor I
103 Views

SGX enclaves

Jump to solution

Hi,

Are there any guarantees for freshness of sealed data? In other words, rollback attack, where a malicious OS tries to roll the state of the enclave back to some earlier point in time: e.g., checkpoint the saved state, run the enclave for a while, then possibly restore back to the checkpoint. Can SGX code defend against such rollback attacks? If so, how?

-Thanks

0 Kudos

Accepted Solutions
103 Views

Hi Sam,

The CPU does not directly provide such protection, but you can rely on the monotonic counter and the trusted time features of the ME to achieve it. They can be used to limit the duration for which a secret is valid (trusted time) and prevent replay attacks (monotonic counter). I would point them at the developer reference:

https://software.intel.com/sites/default/files/managed/b4/cf/Intel-SGX-SDK-Developer-Reference-for-W...

The section on Sealed Data talks about setting replay and time-based policies, and which functions in the SDK are there to assist.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

2 Replies
104 Views

Hi Sam,

The CPU does not directly provide such protection, but you can rely on the monotonic counter and the trusted time features of the ME to achieve it. They can be used to limit the duration for which a secret is valid (trusted time) and prevent replay attacks (monotonic counter). I would point them at the developer reference:

https://software.intel.com/sites/default/files/managed/b4/cf/Intel-SGX-SDK-Developer-Reference-for-W...

The section on Sealed Data talks about setting replay and time-based policies, and which functions in the SDK are there to assist.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

Sam5
New Contributor I
103 Views

Thanks Surenthar