针对 SGX 的攻击与防御综述-《计算机技术与发展》

文章信息/Info

Author(s):: ZHANG Ya-hui¹; ZHAO Min²; HAN Huan¹; 1. Army Engineering University of PLA,Chongqing 400035,China; 2. Army Engineering University of PLA,Nanjing 210007,China

Keywords:: SGX; threat model; trusted computing base; attack vectors; countermeasures

摘要:: 如何防止恶意攻击者窃取用户数据或隐私,是当前信息安全领域研究的热难点问题。 2013 年,Intel 公司在 HASP 会议上提出了新的处理器安全技术 SGX(software guard extensions,软件保护扩展), 能够在计算平台上提供一个可信的隔离空间 enclave,用于保障用户代码和数据的机密性和完整性。 SGX 是信息安全领域突破性的研究成果, 对于个人用户和云计算平台用户都具有重大意义。但同时针对 SGX 的攻击的威胁模型非常强大,SGX 的攻击面不断地被发掘,其防御技术也不断更新。为更好地研究针对 SGX 的攻击与防御技术,介绍了针对 SGX 攻击的威胁模型,总结归纳了针对 SGX 的攻击类型,分析了针对 SGX 攻击的防御措施,并对未来可能的针对 SGX 的攻击与防御技术进行了探讨。

Abstract:: How to deal with the increasingly severe information security situation and prevent malicious attackers from stealing user data or privacy is a hot and difficult problem in the current information security field. In 2013, a new processor security technology SGX(software guard extensions) is proposed by Intel at the HASP conference,which can provide a trusted zone named enclave on the computing platform to protect the confiden-tiality and integrity of user code and data. SGX is a breakthrough research achievement in the field of information security,which is of great significance to individual users and tenants of cloud computing platforms. However,the threat model of SGX is quite strong,the attack surface against SGX is constantly being explored,and its defense technology is constantly updated. For in-depth research on SGX attack and defense technologies,we introduce the threat model of SGX,summarize the attack types against SGX, analyze the defense measures against SGX attacks, and discuss future possible attack and defense techniques against SGX.