Projects per year
Abstract
Application security traditionally strongly relies upon security of the underlying operating system.
However, operating systems often fall victim to software attacks, compromising security of applications as well.
To overcome this dependency, Intel SGX allows to protect application code against a subverted or malicious OS by running it in a hardware-protected enclave.
However, SGX lacks support for generic trusted I/O paths to protect user input and output between enclaves and I/O devices.
This work presents SGXIO, a generic trusted path architecture for SGX, allowing user applications to run securely on top of an untrusted OS, while at the same time supporting trusted paths to generic I/O devices.
To achieve this, SGXIO combines the benefits of SGX's easy programming model with traditional hypervisor-based trusted path architectures.
Moreover, SGXIO can tweak insecure debug enclaves to behave like secure production enclaves.
SGXIO surpasses traditional use cases in cloud computing and digital rights management and makes SGX technology usable for protecting user-centric, local applications against kernel-level keyloggers and likewise.
It is compatible to unmodified operating systems and works on a modern commodity notebook out of the box.
Hence, SGXIO is particularly promising for the broad x86 community to which SGX is readily available.
However, operating systems often fall victim to software attacks, compromising security of applications as well.
To overcome this dependency, Intel SGX allows to protect application code against a subverted or malicious OS by running it in a hardware-protected enclave.
However, SGX lacks support for generic trusted I/O paths to protect user input and output between enclaves and I/O devices.
This work presents SGXIO, a generic trusted path architecture for SGX, allowing user applications to run securely on top of an untrusted OS, while at the same time supporting trusted paths to generic I/O devices.
To achieve this, SGXIO combines the benefits of SGX's easy programming model with traditional hypervisor-based trusted path architectures.
Moreover, SGXIO can tweak insecure debug enclaves to behave like secure production enclaves.
SGXIO surpasses traditional use cases in cloud computing and digital rights management and makes SGX technology usable for protecting user-centric, local applications against kernel-level keyloggers and likewise.
It is compatible to unmodified operating systems and works on a modern commodity notebook out of the box.
Hence, SGXIO is particularly promising for the broad x86 community to which SGX is readily available.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the Seventh ACM Conference on Data and Application Security and Privacy |
| Pages | 261-268 |
| DOIs | |
| Publication status | Published - 2017 |
| Event | 7th ACM Conference on Data and Application Security and Privacy - Scottsdale, Arizona, United States Duration: 22 Mar 2017 → 24 Mar 2017 http://www.codaspy.org/ |
Conference
| Conference | 7th ACM Conference on Data and Application Security and Privacy |
|---|---|
| Abbreviated title | CODASPY 2017 |
| Country/Territory | United States |
| City | Scottsdale, Arizona |
| Period | 22/03/17 → 24/03/17 |
| Internet address |
Fingerprint
Dive into the research topics of 'SGXIO: Generic Trusted I/O Path for Intel SGX'. Together they form a unique fingerprint.Projects
- 1 Finished
-
Dependable Internet of Things
Boano, C. A., Kubin, G., Bloem, R., Horn, M., Pernkopf, F., Zakany, N., Mangard, S., Witrisal, K., Römer, K. U., Aichernig, B., Bösch, W., Baunach, M. C., Tappler, M., Malenko, M., Weiser, S., Eichlseder, M., Leitinger, E., Grosinger, J., Großwindhager, B., Ebrahimi, M., Alothman Alterkawi, A. B., Knoll, C., Teschl, R., Saukh, O., Rath, M., Steinberger, M., Steinbauer-Wagner, G. & Tranninger, M.
1/01/16 → 31/03/22
Project: Research project