TWC: Medium: Collaborative: Systems, Tools, and Techniques for Executing, Managing, and Securing SGX Programs

TWC：媒介：协作：用于执行、管理和保护 SGX 程序的系统、工具和技术

• 批准号: 1834213
• 负责人: Zhiqiang Lin
• 金额: $ 46.15万
• 依托单位: Ohio State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-01-01 至 2022-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1834213&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Systems; Tools

The Intel Software Guard Extensions (SGX) is a new technology introduced to make secure and trustworthy computing in a hostile environment practical. However, SGX is merely just a set of instructions. Its software support that includes the OS support, toolchain and libraries, is currently developed in a closed manner, limiting its impact only within the boundary of big companies such as Intel and Microsoft. Meanwhile, SGX does not automatically secure everything and it still faces various attacks such as controlled-side channel and enclave memory corruption.This research investigates how to enable application developers to securely use the SGX instructions, with an open source software support including a toolchain, programming abstractions (e.g., library), and operating system support (e.g., kernel modules). In addition, this research systematically explores the systems and software defenses necessary to secure the SGX programs from the enclave itself and defeat the malicious use of SGX from the underlying OS.

英特尔软件防护扩展 (SGX) 是一项新技术，旨在在恶劣环境中实现安全可靠的计算。然而，SGX仅仅是一组指令。 其软件支持包括操作系统支持、工具链和库，目前以封闭的方式开发，其影响力仅限于英特尔和微软等大公司的范围内。同时，SGX 不会自动保护所有内容，它仍然面临各种攻击，例如受控端通道和 enclave 内存损坏。这项研究探讨了如何使应用程序开发人员能够安全地使用 SGX 指令，并提供包括工具链在内的开源软件支持，编程抽象（例如库）和操作系统支持（例如内核模块）。此外，这项研究系统地探索了保护 SGX 程序免受飞地本身侵害并阻止底层操作系统对 SGX 的恶意使用所需的系统和软件防御。