Protecting User Applications Using Trusted Execution Environment




Journal Title

Journal ISSN

Volume Title



Recently, Intel introduced Software Guard eXtensions (SGX), a set of new instructions that enable application developers to directly protect the confidentiality and integrity of code and data in an enclave. Similarly to how Intel VT has made virtualization practical, SGX is likely going to make outsourced computing in data centers and the cloud practical. Thus, we explore the security guarantees provided by SGX and demonstrate its use in protecting user applications running at both server and client side. At server side, system logs are the greatest forensics assets that capture how an operating system or a program behaves. To this end, we redesign standard log-server to build SGX-Log, a new logging system that ensures the integrity and confidentiality of critical log data. In protecting client side game applications, we develop an SGX-enabled game protection framework, SGX-Monitor, that can transparently address cheating problems without compromising on code-level compatibility for legacy programs. Additionally, to answer the question of how much overhead SGX could bring to an application, we systematically measure the overhead of SGX by using both fine-grained micro-level and coarse-grained macro-level benchmarks. Even though In- tel SGX delivers its high security promises, our studies show that developers have to make a considerable amount of trade-offs in performance optimization.



Application software—Security measures, Contracting out, Coding theory, Cloud computing


©2018 Vishal M. Karande. All rights reserved.