Visible to the public Biblio

Filters: Keyword is Intel SGX  [Clear All Filters]
2017-08-02
Krawiecka, Klaudia, Paverd, Andrew, Asokan, N..  2016.  Protecting Password Databases Using Trusted Hardware. Proceedings of the 1st Workshop on System Software for Trusted Execution. :9:1–9:6.
2017-05-22
Strackx, Raoul, Piessens, Frank.  2016.  Developing Secure SGX Enclaves: New Challenges on the Horizon. Proceedings of the 1st Workshop on System Software for Trusted Execution. :3:1–3:2.

The combination of (1) hard to eradicate low-level vulnerabilities, (2) a large trusted computing base written in a memory-unsafe language and (3) a desperate need to provide strong software security guarantees, led to the development of protected-module architectures. Such architectures provide strong isolation of protected modules: Security of code and data depends only on a module's own implementation. In this paper we discuss how such protected modules should be written. From an academic perspective it is clear that the future lies with memory-safe languages. Unfortunately, from a business and management perspective, that is a risky path and will remain so in the near future. The use of well-known but memory-unsafe languages such as C and C++ seem inevitable. We argue that the academic world should take another look at the automatic hardening of software written in such languages to mitigate low-level security vulnerabilities. This is a well-studied topic for full applications, but protected-module architectures introduce a new, and much more challenging environment. Porting existing security measures to a protected-module setting without a thorough security analysis may even harm security of the protected modules they try to protect.