Intel® Software Guard Extensions

Applications often have some private information like passwords, cryptographic keys or confidential data that only specific recipients should see. The operating system hosting the application provides some level of protection for the application. However, these protections are not enough when the application host is itself malicious or compromised. Intel® SGX is a technology to provide an extra layer of protection for the private information. The three key concepts that SGX provides to protect the data are enclaves, attestation and data sealing.

Intel® SGX is a set of CPU instructions for creating and operating with enclaves. When an application creates an enclave, it provides a protected memory area with confidentiality and integrity guarantees. These guarantees hold even if privileged malware is present in the system, meaning that the enclave is protected even from the operating system that is running the enclave. With enclaves, it is possible to significantly reduce the attack surface of an application.

When building an SGX application, the application should be separated into a trusted and untrusted part. The trusted part takes care of handling the private information and should be small. The untrusted part is responsible for orchestrating the rest of the application. It creates the enclaves, reads and writes files, communicates over the network and carries out the processing on the data that is not privacy sensitive.

In the Sharemind HI Server, the solution developer only develops code which runs inside of Intel® SGX in the form of the task enclaves.

Attestation is a mechanism for cryptographically proving that an enclave with specific fingerprints and attributes was created and is running on a trusted platform. SGX offers two variants of attestation: local attestation and remote attestation.

Local attestation is performed between two enclaves on the same machine. Each enclave verifies that the other is the expected enclave. Local attestation is essential for building applications consisting of multiple enclaves where communication between the enclaves is required.

Remote attestation is used to prove to an external party that the expected enclave was created on a remote machine with trustworthy Intel® SGX support. During remote attestation, the enclave generates a report that can be remotely verified. Using remote attestation, an application can verify that a server is running trusted software before private information is uploaded.

Data sealing allows enclaves to store data outside of the enclave without compromising confidentiality and integrity of the data. The sealing is achieved by encrypting the data before it exits the enclave. The encryption key is derived in a way that only the specific enclave on that platform can later decrypt it.