Trusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of the most representative TEEs that creates an isolated environment on an untrusted operating system, thus providing run-time protection for the execution of security-critical code and data. However, Intel SGX is far from the acme of perfection. It has become a target of various attacks due to its security vulnerabilities. Researchers and practitioners have paid attention to the security vulnerabilities of SGX and investigated optimization solutions in real applications. Unfortunately, existing literature lacks a thorough review of security vulnerabilities of SGX and their countermeasures. In this article, we fill this gap. Specifically, we propose two sets of criteria for estimating security risks of existing attacks and evaluating defense effects brought by attack countermeasures. Furthermore, we propose a taxonomy of SGX security vulnerabilities and shed light on corresponding attack vectors. After that, we review published attacks and existing countermeasures, as well as evaluate them by employing our proposed criteria. At last, on the strength of our survey, we propose some open challenges and future directions in the research of SGX security.

中文翻译：

---

新交所的安全漏洞及对策

可信执行环境 (TEE) 已广泛用于许多安全关键型应用程序中。TEE 的流行源于其由安全硬件支持的高安全性和可信赖性。英特尔软件防护扩展 (SGX) 是最具代表性的 TEE 之一，它在不受信任的操作系统上创建隔离环境，从而为安全关键代码和数据的执行提供运行时保护。然而，英特尔 SGX 远非完美。由于其安全漏洞，它已成为各种攻击的目标。研究人员和从业者已经关注了新交所的安全漏洞，并研究了实际应用中的优化解决方案。不幸的是，现有文献缺乏对新交所安全漏洞及其对策的全面审查。在本文中，我们填补了这一空白。具体来说，我们提出了两套标准，用于估计现有攻击的安全风险和评估攻击对策带来的防御效果。此外，我们提出了 SGX 安全漏洞的分类，并阐明了相应的攻击向量。之后，我们审查已发布的攻击和现有的对策，并使用我们提出的标准对其进行评估。最后，根据我们的调查，我们提出了新交所安全研究中的一些开放挑战和未来方向。我们提出了 SGX 安全漏洞的分类，并阐明了相应的攻击向量。之后，我们审查已发布的攻击和现有的对策，并使用我们提出的标准对其进行评估。最后，根据我们的调查，我们提出了新交所安全研究中的一些开放挑战和未来方向。我们提出了 SGX 安全漏洞的分类，并阐明了相应的攻击向量。之后，我们审查已发布的攻击和现有的对策，并使用我们提出的标准对其进行评估。最后，根据我们的调查，我们提出了新交所安全研究中的一些开放挑战和未来方向。