MPTEE: bringing flexible and efficient memory protection to Intel SGX [conference paper]
Three computers with locks in a circle illustration

Conference

Proceedings of the Fifteenth European Conference on Computer Systems - April 15, 2020

Authors

Wenjia Zhao (visiting Ph.D. student), Kangjie Lu (assistant professor), Yong Qi, Saiyu Qi

Abstract

Intel Software Guard extensions (SGX), a hardware-based Trusted Execution Environment (TEE), has become a promising solution to stopping critical threats such as insider attacks and remote exploits. SGX has recently drawn extensive research in two directions---using it to protect the confidentiality and integrity of sensitive data, and protecting itself from attacks. Both the applications and defense mechanisms of SGX have a fundamental need---flexible memory protection that updates memory-page permissions dynamically and enforces the least-privilege principle. Unfortunately, SGX does not provide such a memory-protection mechanism due to the lack of hardware support and the untrustedness of operating systems.

Link to full paper

MPTEE: bringing flexible and efficient memory protection to Intel SGX

Keywords

security

Share