Software developers face a number of challenges when creating applications that attempt to keep important data confidential. Even diligent use of correct software design and implementation practices, can allow secrets to be exposed through a single flaw in any of the privileged code on the platform, code which may have been written by thousands of developers from hundreds of organizations throughout the world.
Intel is developing innovative security technology that allows software developers control of the security of sensitive code and data by creating trusted domains within applications to protect critical information during execution and at rest.
This paper will show how protection of private information, including enterprise rights management, video chat, trusted financial transactions, among others, has been demonstrated using this technology.
Examples will include both protection of local processing and the establishment of secure communication with cloud services. It will illustrate useful software design patterns that can be followed to create many additional types of trusted software solutions.
We provide a description of Intel Software Guard Extensions (Intel SGX), a new set of CPU instructions that give application and service providers a safe place to stand when managing the use of the data they consume and collect.
Sensitive data is protected within applications even when the platforms on which they run are infected with more privileged malicious software or if the platform falls into the physical control of a person wishing to gain unauthorized access to the data.
The remainder of this paper provides a review of the programming model for SGX. It describes the design steps taken by developers wishing to take advantage of these instructions, and then reviews three example secure solutions that have been developed to take advantage of these new instructions.
To read this external content in full, download the complete paper from the author archives online at Intel Research