Sponsored by Intel®
Wtf?
https://www.theregister.co.uk/2019/12/24/intel_data_security_hybrid_cloud/
Sponsored by Intel®
" Security
To protect data and code in the age of hybrid cloud, you can always turn to Intel SGX
A gentle guide to enclaves and trusted execution environments
By Rene Millman 24 Dec 2019 at 07:00
Data and code are the lifeblood of digital organisations, and increasingly these are shared with others in order to achieve specific business goals. As such, data and code must be protected no matter where the workloads run, be they in on-premises data centers, remote cloud servers, or edge-of-the-network."
[Comments not permitted on that sponsored article? Anyone imagine why?]
See also other SGX-related articles here and elsewhere e.g.
https://www.theregister.co.uk/2018/08/15/foreshadow_sgx_software_attestations_collateral_damage/
""Marina [Minkin] had worked with SGX, we talked about it a bit, and she mentioned a scenario which in SGX caused an access violation exception, instead of falling into 'abort page semantics'. Because Meltdown is related to access violation exceptions we decided to give it a try."
Once you know where to look for a vulnerability, he said, "most of the hard part is done".
* The researchers have called two related vulns – CVE-2018-3620 and CVE-2018-3646 – "Foreshadow-NG" (next generation). Intel refers to the three flaws collectively as "L1 terminal fault".
Biting the hand that feeds IT
