TU BRAUNSCHWEIG
| Carl Friedrich Gauß Faculty | Department of Computer Science
Informatikzentrum

Support for Intel SGX v2 in the SGX SDK

Student(anonymous, Login required)
SupervisorNico Weichbrodt
ProfessorProf. Dr. Rüdiger Kapitza
IBR GroupDS (Prof. Kapitza)
TypeBachelor Thesis
Statusfinished

Introduction

In the last years, a need for secure computing on untrusted host has come up. To achieve this, Intel developed Software Guard Extensions (SGX) [1,2] that allows developers to create secure compartments for their applications, called enclaves. Enclaves are a secure part of applications that can be entered to perform security critical computations while being guarded from an untrusted operating system and attackers by the processor itself. Enclaves operate in completely encrypted memory that only they can access. To ease development of enclaves, Intel released a Software Development Kit (SDK) [0].

Problem statement

Adapt the SDK to enable use of SGXv2 features

Task description

...

  • Implement sgx_alloc_pages and sgx_free_pages using EACCEPT
  • Implement sgx_mprotect using EMODP/EMODT

Prerequisites

  • Basic knowledge of Linux systems as we work with SGX exclusively on Linux
  • Good knowledge of C/C++
  • Knowledge of x86-64 assembler is of advantage

Links

[0] https://01.org/intel-softwareguard-extensions
[1] https://software.intel.com/en-us/blogs/2013/09/26/protecting-application-secrets-with-intel-sgx
[2] https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf



last changed 2019-02-05, 14:52 by Nico Weichbrodt
printemailtop