|国家科技期刊平台

SGX隔离技术研究综述OA北大核心CSTPCD

A survey on SGX isolation technology

中文摘要英文摘要

Intel SGX(software guard eXtensions)通过创建一个可信执行环境(TEE或enclave)来保护用户使用中的数据,它可以阻止任何特权软件,例如操作系统和虚拟机管理程序等的任意访问,确保数据和代码的机密性和完整性.尽管SGX技术拥有高安全、硬件级别的保护属性,但是其构建的可信执行环境在兼容性、性能和安全性等方面仍然存在关键的研究挑战.该综述首先系统地分析和总结了五个SGX自身设计约束,它们直接导致了SGX与二进制软件和运行时语言的不兼容性或可用性差问题,致使用户面临性能、安全性和兼容性无法全部兼顾的局面.然后,针对SGX兼容性/可用性挑战,全面梳理和总结了三种不同类型的解决方案,分析了它们的优缺点;针对SGX安全性问题,对当前流行的攻击技术进行了分类,描述了攻击关键要素和根本原因;针对SGX性能瓶颈,总结了制约enclave运行性能的主要因素,分析了SGX内部设计权衡.最后,总结了SGX研究的经验教训,展望了新一代enclave或TEE技术的研究趋势,指出了若干研究方向.

Intel SGX(software guard eXtensions)ensures the confidentiality and integrity for data in use by creating a trusted execution environment(TEE or enclave),which can prevent arbitrary access from any privileged software such as operating systems and Hypervisor.Although SGX is designed for a higher-level hardware-assisted security primitive,it is still faced with some crucial problems in aspects of compatibility,performance and security.This survey first systematically analyzed and summarized five SGX design restrictions,leading to the incompatibility or poor usability of SGX with binary applications and language runtimes.Working with restrictions,a"choose 2-out-of-3"trilemma between security,performance,and binary compatibility often occurred.Subsequently,three types of compatibility solutions were reviewed and the advantages and disadvantages for each were comprehensively analyzed.A classification method for popular attack techniques on SGX was presented and the key problems and root causes for each were described.The main factors that slowdown the performance of SGX enclave were summarized.Finally,the lessons from SGX studies were summarized,and several research directions on next-generation TEE were pointed out.

崔津华;蔡志平;刘柯江

湖南大学半导体学院(集成电路学院),湖南 长沙 410082国防科技大学计算机学院,湖南 长沙 410073

计算机与自动化

可信执行环境Intel SGX兼容性安全性性能机密计算

trusted execution environmentIntel SGXbinary compatibilitysecurityperformanceconfidential computing

《华中科技大学学报(自然科学版)》 2024 (002)

1-15 / 15

湖南省自然科学基金资助项目(2023JJ40160);长沙市自然科学基金资助项目(kq2208212);中央高校基本科研业务费资助项目(531118010824);国家重点研发计划资助项目(2020YFC2003400).

10.13245/j.hust.240204

评论