Intel's SGX security extensions: Secure until you look at the detail A pair of cryptography researchers have published a graduate thesis that accuses Intel of ruining its “Software Guard Extensions” (SGX) with bad implementation decisions. Victor Costan and Srinivas Devadas of MIT criticize [PDF] the way SGX obtains cryptographic keys over the internet. Launched in 2013, SGX added CPU features …
That said, the situation does appear to be an intractable problem of "Whom do you trust?" If a program can secure its own enclave, absolutely nothing will prevent a malware from doing the same thing, thus bunkering itself beyond hope of extrication. If you trust any other party (be it Intel or whatever), Trent gets a big fat target on his back.
I trust myself - mostly - and not a corporation based in another jurisdiction.
But it is less of a concern that malware could create its own protected world, so long as I can create my own protected worlds against malware without NSA Intel having the key to it, forcing an external network connection to establish it, or ultimately holding my business to ransom by virtue of this key holding.
The thing is that the malware could both create a protected world for itself AND hook onto those necessary inter-process parts of the legitimate processes (protected or not) and still be able to wreak havoc while simultaneously staying protected in its own little bunker. After all, no program is an island these days. Programs eventually need to get in touch with other programs (like a web browser contacting the TCP/IP stack), and these links can still be tapped.
@Paul Crawford: +1.
The only person you *can* trust is yourself, and even then that's not *always* best...
However, it is not POSSIBLE to trust a corporation.
They exist to make money, and the more market control they get, the less they see consumer complaints as anything other than inconsequential noise.
P.
with ARM TrustZone, which appears to have similar goals, albeit ARM is historically associated with single-purpose systems where the SoC is specific to the target market (phones, set top boxes, etc) and hence has just one TrustZone, whereas new boy SGX has the potential for multiple enclaves in a system, as you might expect from a provider of multi-purpose chips where the system purpose is not known at chip design time.
That sounds more or less accurate. Whereas TrustZone is a binary "protected/unprotected" demarcation, SGX can have multiple protected enclaves, each exclusive to each other except where inter-process communication is necessary.
The statement "being able to decide which software vendors are allowed to use SGX can effectively put Intel in a position to decide winners and losers in many software markets" suggests something which I think is highly unlikely to become reality.
Instead, the reality will be sort of like the power ICANN wields; of course every business needs to have a URL for its web site, but everyone who can pay the money to register one will be accepted. That may still be an uncomfortable amount of power for Intel to have - but they would be very unlikely to attempt to pick and choose which businesses are allowed to use this for anticompetitive reasons.
Probably, though, they would require customers for this to be "reputable" so that viruses couldn't be protected with SGX. Too high a bar for that could stifle software innovation. So there probably are some dangers - but we need to be looking in the right place for them.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
