SGX Reading List

SGX technology

Intel SGX Explained

Victor Costan and Srinivas Devadas, 2016.

SGX Secure Enclaves in Practice Security and Crypto Review

JP Aumasson, Luis Merino, Blackhat 2016

Innovative Technology for CPU Based Attestation and Sealing

I. Anati, S. Gueron, S. P. Johnson, and V. R. Scarlata, HASP 2013.

Innovative Instructions and Software Model for Isolated Execution

F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar, HASP 2013.

Intel® Software Guard Extensions (Intel® SGX) Software Support for Dynamic Memory Allocation inside an Enclave, Bin Cedric Xing, Mark Shanahan, Rebekah Leslie-Hurd, HASP'16

Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave, Frank McKeen, Ilya Alexandrovich, Ittai Anati, Dror Caspi, Simon Johnson, Rebekah Leslie-Hurd, Carlos Rozas, HASP'16

Attacks and defenses (for both H/W and S/W)

Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems

Yuanzhong Xu, Weidong Cui, Marcus Peinado, S&P'15

Moat: Verifying confidentiality of enclave programs

R. Sinha, S. Rajamani, S. Seshia, and K. Vaswani,  ACM CCS 2015

Inferring fine-grained control flow inside SGX enclaves with branch shadowing

S Lee, MW Shih, P Gera, T Kim, H Kim, ArXiv 2016

Sanctum: Minimal hardware extensions for strong software isolation

V Costan, I Lebedev, S Devadas USENIX Security 2016

Preventing Your Faults from Telling Your Secrets: Defenses against Pigeonhole Attacks

Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, Prateek Saxena, ASIACCS 2016

A Design and Verification Methodology for Secure Isolated Regions

Rohit Sinha, Manuel Costa, Akash Lal, Nuno P. Lopes, Sriram Rajamani, Sanjit A. Seshia, Kapil Vaswani, PLDI 2016

AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves

Weichbrodt, Nico, Anil Kurmus, Peter Pietzuch, and Rüdiger Kapitza, ESORICS'16

SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs

Jaebaek Seo, Byoungyoung Lee, Sungmin Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, Taesoo Kim, NDSS 2017

T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs

M.-W. Shih, S. Lee, T. Kim, and M. Peinado, NDSS 2017

Useful tools for research

Intel Software Guard Extensions (Intel SGX) SDK 

SGX virtualization:

  https://github.com/01org/xen-sgx/wiki 

  https://github.com/01org/kvm-sgx/wiki 

  https://01.org/intelsoftware-guard-extensions/sgx-virtualization

OpenSGX: An Open Platform for SGX Research [code]

Prerit Jain, Soham Desai, Seongmin Kim, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin, Taesoo Kim, Brent Byunghoon Kang, Dongsu Han, NDSS 2016

Other useful software:

   Openssl SGX port by the Tor-SGX people

   Libevent SGX port by the Tor-SGX people

 

Applications of SGX

Cloud computing/OS

Shielding Applications from an Untrusted Cloud with Haven

A. Baumann, M. Peinado, and G. Hunt, USENIX OSDI 2014

M2R: Enabling Stronger Privacy in MapReduce Computation

Tien Tuan Anh Dinh, Prateek Saxena, Ee-Chien Chang, Beng Chin Ooi, and Chunwang Zhang, USENIX Security 2015

VC3: Trustworthy data analytics in the cloud using SGX

F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich, IEEE Security and Privacy (SP) 2015

Ryoan:A Distributed Sandbox for Untrusted Computation on Secret Data

T. Hunt, Z. Zhu, Y. Xu, S. Peter, and E. Witchel, USENIX OSDI 2016.

Fast, Scalable and Secure Onloading of Edge Functions using AirBox

Ketan Bhardwaj, Ming-Wei Shih, Pragya Agarwal, Ada Gavrilovska, Taesoo Kim, and Karsten Schwan. IEEE/ACM Symposium on Edge Computing 2016

SCONE: Secure Linux Containers with Intel SGX

Arnautov S, Trach B, Gregor F, Knauth T, Martin A, Priebe C, Lind J, Muthukumaran D, O'Keeffe D, Stillwell ML, Goltzsche D, Eyers D, Kapitza R, Pietzuch P, Fetzer C

OSDI 2016

Panoply: Low-TCB Linux Applications With SGX Enclaves

Shweta Shinde, Dat Le Tien, Shruti Tople, Prateek Saxena, NDSS 17

Networking/P2P/IoT

A First Step Towards Leveraging Commodity Trusted Execution Environments for Network Applications Seongmin Kim, Youjung Shin, Jaehyung Ha, Taesoo Kim, Dongsu Han, ACM HotNets 2015

Town Crier: An Authenticated Data Feed for Smart Contracts

Fan Zhang, Ethan Cecchetti, Kyle Croman, Elaine Shi, and Ari Juels, CCS 2016

Teechan: Payment Channels Using Trusted Execution Environments

Joshua Lind, Ittay Eyal, Peter Pietzuch, and Emin Gun Sirer, 2016

Enhancing Security and Privacy of Tor's Ecosystem by using Trusted Execution Environments

Seongmin Kim, Juhyeng Han, Jaehyeong Ha, Taesoo Kim, Dongsu Han

USENIX NSDI 2017

(compiled by Dongsu Han)