Intel trusted execution environment, SGX, offers an attractive solution for protecting one's private data in the public cloud environment, even in the presence of a malicious OS or VMM.
In this talk, we will:
* explore how SGX mitigates various attack surfaces and the caveats of naively using the technology to protect applications,
* discuss the performance implications of SGX on common applications and understand the new bottlenecks created by SGX, which may lead to a 5X performance degradation.
* describe an optimized SGX interface, HotCalls, that provides a 13-27x speedup compared to the built-in mechanism supplied by the SGX SDK.
* discuss how it is possible for the OS to manage secure memory without having access to it.
* explore various attack surfaces and published attacks which require collusion with the OS. Specifically, page-fault and page-fault-less “controlled channel attacks”, branch-shadowing attacks and potential mitigations.
Ofir Weisse is a Researcher PhD Student at University of Michigan.
Video available at: https://www.youtube.com/watch?v=I3TCctdnOEc