针对SGX的攻击与防御综述

Survey of Attacks and Defenses against SGX

如何防止恶意攻击者窃取用户数据或隐私,是当前信息安全领域研究的热难点问题。2013年,Intel公司在HASP会议上提出了新的处理器安全技术SGX(software guard extensions,软件保护扩展),能够在计算平台上提供一个可信的隔离空间enclave,用于保障用户代码和数据的机密性和完整性。SGX是信息安全领域突破性的研究成果,对于个人用户和云计算平台用户都具有重大意义。但同时针对SGX的攻击的威胁模型非常强大,SGX的攻击面不断地被发掘,其防御技术也不断更新。为更好地研究针对SGX的攻击与防御技术,介绍了针对SGX攻击的威胁模型,总结归纳了针对SGX的攻击类型,分析了针对SGX攻击的防御措施,并对未来可能的针对SGX的攻击与防御技术进行了探讨。

How to deal with the increasingly severe information security situation and prevent malicious attackers from stealing user data or privacy is a hot and difficult problem in the current information security field.In 2013,a new processor security technology SGX(software guard extensions)is proposed by Intel at the HASP conference,which can provide a trusted zone named enclave on the computing platform to protect the confidentiality and integrity of user code and data.SGX is a breakthrough research achievement in the field of information security,which is of great significance to individual users and tenants of cloud computing platforms.However,the threat model of SGX is quite strong,the attack surface against SGX is constantly being explored,and its defense technology is constantly updated.For in-depth research on SGX attack and defense technologies,we introduce the threat model of SGX,summarize the attack types against SGX,analyze the defense measures against SGX attacks,and discuss future possible attack and defense techniques against SGX.