华中科技大学学报(自然科学版)2024,Vol.52Issue(2):1-15,15.DOI:10.13245/j.hust.240204
SGX隔离技术研究综述
A survey on SGX isolation technology
摘要
Abstract
Intel SGX(software guard eXtensions)ensures the confidentiality and integrity for data in use by creating a trusted execution environment(TEE or enclave),which can prevent arbitrary access from any privileged software such as operating systems and Hypervisor.Although SGX is designed for a higher-level hardware-assisted security primitive,it is still faced with some crucial problems in aspects of compatibility,performance and security.This survey first systematically analyzed and summarized five SGX design restrictions,leading to the incompatibility or poor usability of SGX with binary applications and language runtimes.Working with restrictions,a"choose 2-out-of-3"trilemma between security,performance,and binary compatibility often occurred.Subsequently,three types of compatibility solutions were reviewed and the advantages and disadvantages for each were comprehensively analyzed.A classification method for popular attack techniques on SGX was presented and the key problems and root causes for each were described.The main factors that slowdown the performance of SGX enclave were summarized.Finally,the lessons from SGX studies were summarized,and several research directions on next-generation TEE were pointed out.关键词
可信执行环境/Intel SGX/兼容性/安全性/性能/机密计算Key words
trusted execution environment/Intel SGX/binary compatibility/security/performance/confidential computing分类
信息技术与安全科学引用本文复制引用
崔津华,蔡志平,刘柯江..SGX隔离技术研究综述[J].华中科技大学学报(自然科学版),2024,52(2):1-15,15.基金项目
湖南省自然科学基金资助项目(2023JJ40160) (2023JJ40160)
长沙市自然科学基金资助项目(kq2208212) (kq2208212)
中央高校基本科研业务费资助项目(531118010824) (531118010824)
国家重点研发计划资助项目(2020YFC2003400). (2020YFC2003400)
