Abstract
This paper presents a comprehensive survey on the development of Intel SGX (software guard extensions) processors and its applications. With the advent of SGX in 2013 and its subsequent development, the corresponding research works are also increasing rapidly. In order to get a more comprehensive literature review related to SGX, we have made a systematic analysis of the related papers in this area. We first search through five large-scale paper retrieval libraries by keywords (i.e., ACM Digital Library, IEEE/IET Electronic Library, SpringerLink, Web of Science, and Elsevier Science Direct). We read and analyze a total of 128 SGX-related papers. The first round of extensive study is conducted to classify them. The second round of intensive study is carried out to complete a comprehensive analysis of the paper from various aspects. We start with the working environment of SGX and make a conclusive summary of trusted execution environment (TEE). We then focus on the applications of SGX. We also review and study multifarious attack methods to SGX framework and some recent security improvements made on SGX. Finally, we summarize the advantages and disadvantages of SGX with some future research opportunities. We hope this review could help the existing and future research works on SGX and its application for both developers and users.
Similar content being viewed by others
References
Lou Y, Wang W. The research of trusted technology under cloud environment. In: Proceedings of International Conference on Information Science and Cloud Computing Companion. 2013, 231–235
Liu C Y, Feng M, Dai X J, Li D Y. A new algorithm of backward cloud. Acta Simulata Systematica Sinica, 2004, 16(11): 2417–2420
Hayes B. Cloud computing. Communications of the ACM, 2008, 51(7): 9–11
Futral W, Greene J. Intel Trusted Execution Technology for Server Platforms: A Guide to More Secure Datacenters. Apress, 2013
Ning Z, Zhang F, Shi W. Position paper: challenges towards securing hardware-assisted execution environments. In: Proceedings of the Hardware and Architectural Support for Security and Privacy. 2017
Pei Z, Ruan D, Liu J, Xu Y. A linguistic aggregation operator with three kinds of weights for nuclear safeguards evaluation. Knowledge-Based Systems, 2012, 28: 19–26
Meng D, Pei Z. Extracting linguistic rules from data sets using fuzzy logic and genetic algorithms. Neurocomputing, 2012, 78(1): 48–54
Baumann A, Peinado M, Hunt G. Shielding applications from an untrusted cloud with haven. ACM Transactions on Computer Systems (TOCS), 2015, 33(3): 8
Tsai C C, Porter D E, Vij M. Graphene-SGX: a practical library OS for unmodified applications on SGX. In: Proceedings of USENIX Annual Technical Conference. 2017, 645–658
Arnautov S, Trach B, Gregor F, Knauth T, Martin A, Priebe C, Lind J, Muthukumaran D, O’keeffe D, Stillwell M. SCONE: secure linux containers with Intel SGX. In: Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI). 2016, 689–703
Götzfried J, Eckert M, Schinzel S, Müller T. Cache attacks on Intel SGX. In: Proceedings of the 10th European Workshop on Systems Security. 2017
McKeen F, Alexandrovich I, Anati I, Caspi D, Johnson S, Leslie H R, Rozas C. Intel® software guard extensions (intel® sgx) support for dynamic memory management inside an enclave. In: Proceedings of the Hardware and Architectural Support for Security and Privacy. 2016
Xing B C, Shanahan M, Leslie H R. Intel® software guard extensions (Intel® SGX) software support for dynamic memory allocation inside an enclave. In: Proceedings of the Hardware and Architectural Support for Security and Privacy. 2016
Schuster F, Costa M, Fournet C, Gkantsidis C, Peinado M, Mainar R G, Russinovich M. VC3: trustworthy data analytics in the cloud using SGX. In: Proceedings of IEEE Symposium on Security and Privacy. 2015, 38–54
Shepherd C, Arfaoui G, Gurulian I, Lee R, Markantonakis K, Akram R, Sauveron D, Conchon E. Secure and trusted execution: past, present and future — a critical review in the context of the internet of things and cyberphysical systems. In: Proceedings of IEEE Trustcom/BigDataSE/ISPA. 2016, 168–177
Wang J, Hong Z, Zhang Y, Jin Y. Enabling security-enhanced attestation with Intel SGX for remote terminal and IoT. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2018, 37(1): 88–96
Hoekstra M, Lai R, Pappachan P, Phegade V, Del Cuvillo J. Using innovative instructions to create trustworthy software solutions. HASP® ISCA, 2013, 11
Ngabonziza B, Martin D, Bailey A, Cho H, Martin S. Trustzone explained: architectural features and use cases. In: Proceedings of the 2nd IEEE International Conference on Collaboration and Internet Computing. 2016, 445–451
Platform G. Global platform made simple guide: trusted execution environment (tee) guide. Derniere Visite, 2013
Kobayashi T, Sasaki T, Jada A, Asoni D E, Perrig A. SAFES: sand-boxed architecture for frequent environment self-measurement. In: Proceedings of the 3rd Workshop on System Software for Trusted Execution. 2018, 37–41
Du Z H, Ying Z, Ma Z, Mai Y, Wang P, Liu J, Fang J. Secure encrypted virtualization is unsecure. 2017, arXiv preprint arXiv:1712.05090
Mofrad S, Zhang F, Lu S, Shi W. A comparison study of intel SGX and AMD memory encryption technology In: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy. 2018
Kim S, Han J, Ha J, Kim T, Han D. SGX-Tor: a secure and practical tor anonymity network with SGX enclaves. IEEE/ACM Transactions on Networking, 2018, 26(5): 2174–2187
Fisch B, Vinayagamurthy D, Boneh D, Gorbunov S. Iron: functional encryption using Intel SGX. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 2017, 765–782
Tychalas D, Tsoutsos N G, Maniatakos M. Sgxcrypter: IP protection for portable executables using Intel’s SGX technology. In: Proceedings of the 22nd Asia and South Pacific Design Automation Conference. 2017, 354–359
Atamli-Reineh A, Martin A. Securing application with software partitioning: a case study using SGX. In: Proceedings of International Conference on Security and Privacy in Communication Systems. 2015, 605–621
Lind J, Priebe C, Muthukumaran D, O’Keeffe D, Aublin P L, Kelbert F, Reiher T, Goltzsche D, Eyers D, Kapitza R. Glamdring: automatic application partitioning for Intel SGX. In: Proceedings of USENIX Annual Technical Conference. 2017, 285–298
Bauman E, Lin Z. A case for protecting computer games with SGX. In: Proceedings of the 1st Workshop on System Software for Trusted Execution. 2016, 1–6
Beekman J G, Manferdelli J L, Wagner D. Attestation transparency: building secure internet services for legacy clients. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. 2016, 687–698
Manferdelli J, Roeder T, Schneider F. The cloudproxy tao for trusted computing. Technical Rep. UCB/EECS-2013-135, 2013
Behl J, Distler T, Kapitza R. Hybrids on steroids: SGX-based high performance BFT. In: Proceedings of European Conference on Computer Systems. 2017, 222–237
Fuhry B, Bahmani R, Brasser F, Hahn F, Kerschbaum F, Sadeghi A R. HardIDX: practical and secure index with SGX. In: Proceedings of IFIP Annual Conference on Data and Applications Security and Privacy. 2017, 386–408
Priebe C, Vaswani K, Costa M. EnclaveDB: a secure database using SGX. In: Proceedings of IEEE Symposium on Security and Privacy. 2018, 264–278
Peters T, Lai R, Varadarajan S, Pappachan P, Kotz D. BASTION-SGX: bluetooth and architectural support for trusted I/O on SGX. In: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy. 2018, 1–9
Yoo S, Kim H, Kim J. Secure compute-VM: secure big data processing with SGX and compute accelerators. In: Proceedings of the 3rd Workshop on System Software for Trusted Execution. 2018, 34–36
Swami Y. Intel SGX remote attestation is not sufficient. IACR, Cryptology ePrint Archive, 2017
Sfyrakis I, Gross T. UniGuard: protecting unikernels using Intel SGX. In: Proceedings of IEEE International Conference on Cloud Engineering. 2018, 99–105
Gu J, Hua Z, Xia Y, Chen H, Zang B, Guan H, Li J. Secure live migration of SGX enclaves on untrusted cloud. In: Proceedings of the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 2017, 225–236
Chen F, Wang C, Dai W, Jiang X, Mohammed N, Al Aziz M M, Sadat M N, Sahinalp C, Lauter K, Wang S. PRESAGE: privacy-preserving genetic testing via software guard extension. BMC Medical Genomics, 2017, 10(2): 48
Kelbert F, Gregor F, Pires R, Köpsell S, Pasin M, Havet A, Schiavoni V, Felber P, Fetzer C, Pietzuch P. SecureCloud: secure big data processing in untrusted clouds. In: Proceedings of the Conference on Design, Automation & Test in Europe. 2017, 282–285
Silva L V, Barbosa P, Marinho R, Brito A. Security and privacy aware data aggregation on cloud computing. Journal of Internet Services and Applications, 2018, 9(1): 6
Coughlin M, Keller E, Wustrow E. Trusted click: overcoming security issues of NFV in the cloud. In: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. 2017, 31–36
Chakrabarti S, Leslie-Hurd R, Vij M, McKeen F, Rozas C, Caspi D, Alexandrovich I, Anati I. Intel® software guard extensions (Intel® SGX) architecture for oversubscription of secure memory in a virtualized environment. In: Proceedings of the Hardware and Architectural Support for Security and Privacy. 2017
Alansari S, Paci F, Sassone V. A distributed access control system for cloud federations. In: Proceedings of the 37th IEEE International Conference on Distributed Computing Systems. 2017, 2131–2136
Nguyen H, Ganapathy V. EnGarde: mutually-trusted inspection of SGX enclaves. In: Proceedings of the 37th IEEE International Conference on Distributed Computing Systems. 2017, 2458–2465
Bahmani R, Barbosa M, Brasser F, Portela B, Sadeghi A R, Scerri G, Warinschi B. Secure multiparty computation from SGX. In: Proceedings of International Conference on Financial Cryptography and Data Security. 2017, 477–497
Brekalo H, Strackx R, Piessens F Mitigating password database breaches with Intel SGX. In: Proceedings of the 1st Workshop on System Software for Trusted Execution. 2016
Bhardwaj K, Shih M W, Agarwal P, Gavrilovska A, Kim T, Schwan K. Fast, scalable and secure onloading of edge functions using airbox. In: Proceedings of IEEE/ACM Symposium on Edge Computing. 2016, 14–27
Dang H, Purwanto E, Chang E C. Proofs of data residency: checking whether your cloud files have been relocated. In: Proceedings of the ACM on Asia Conference on Computer and Communications Security. 2017, 408–422
Lie D, Maniatis P. Glimmers: resolving the privacy/trust quagmire. In: Proceedings of the 16th Workshop on Hot Topics in Operating Systems. 2017, 94–99
Martin A, Britoy A, Fetzer C. Elastic and secure energy forecasting in cloud environments. 2017, arXiv preprint arXiv:1705.06453
Duan H, Yuan X, Wang C. Lightbox: SGX-assisted secure network functions at near-native speed. 2017, arXiv preprint arXiv:1706.06261
Han J, Kim S, Ha J, Han D. SGX-Box: enabling visibility on encrypted traffic using a secure middlebox module. In: Proceedings of the 1st Asia-Pacific Workshop on Networking. 2017, 99–105
Barbosa M, Portela B, Scerri G, Warinschi B. Foundations of hardware-based attested computation and application to SGX. In: Proceedings of IEEE European Symposium on Security and Privacy. 2016, 245–260
Coull S E, Dyer K P. Traffic analysis of encrypted messaging services: apple imessage and beyond. ACM SIGCOMM Computer Communication Review, 2014, 44(5): 5–11
Van B J, Weichbrodt N, Kapitza R, Piessens F, Strackx R. Telling your secrets without page faults: stealthy page table-based attacks on enclaved execution. In: Proceedings of the 26th USENIX Security Symposium. 2017, 1041–1056
Wang W, Chen G, Pan X, Zhang Y, Wang X, Bindschaedler V, Tang H, Gunter C A. Leaky cauldron on the dark land: understanding memory side-channel hazards in SGX. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 2017, 2421–2434
Chen S, Zhang X, Reiter M K, Zhang Y. Detecting privileged side-channel attacks in shielded execution with Deja Vu. In: Proceedings of the ACM on Asia Conference on Computer and Communications Security. 2017, 7–18
Schwarz M, Weiser S, Gruss D, Maurice C, Mangard S. Malware guard extension: using SGX to conceal cache attacks. In: Proceedings of International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 2017, 3–24
Moghimi A, Irazoqui G, Eisenbarth T. CacheZoom: how SGX amplifies the power of cache attacks. In: Proceedings of International Conference on Cryptographic Hardware and Embedded Systems. 2017, 69–90
Xu Y, Cui W, Peinado M. Controlled-channel attacks: deterministic side channels for untrusted operating systems. In: Proceedings of IEEE Symposium on Security and Privacy. 2015, 640–656
Shinde S, Chua Z L, Narayanan V Saxena P. Preventing page faults from telling your secrets. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. 2016, 317–328
Costan V, Devadas S. Intel SGX explained. IACR, Cryptology ePrint Archive, 2016, 2016(086): 1–118
Lee S, Shih M W, Gera P, Kim T, Kim H, Peinado M. Inferring finegrained control flow inside SGX enclaves with branch shadowing. In: Proceedings of the 26th USENIX Security Symposium. 2017, 16–18
Chen G, Chen S, Yuan X, Zhang Y, Lai T H. SgxPectre attacks: leaking enclave secrets via speculative execution. 2018, arXiv preprint arXiv:1802.09085
Van B J, Minkin M, Weisse O, Genkin D, Kasikci B, Piessens F, Silberstein M, Wenisch T F, Yarom Y, Strackx R. Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: Proceedings of the 27th USENIX Security Symposium. 2018
Weisse O, Van B J, Minkin M, Genkin D, Kasikci B, Piessens F, Silberstein M, Strackx R, Wenisch T F, Yarom Y. Foreshadow-NG: breaking the virtual memory abstraction with transient out-of-order execution. Technical Report, 2018
Weichbrodt N, Kurmus A, Pietzuch P, Kapitza R. AsyncShock: exploiting synchronisation bugs in Intel SGX enclaves. In: Proceedings of European Symposium on Research in Computer Security. 2016, 440–457
Lee J, Jang J, Jang Y, Kwak N, Choi Y, Choi C, Kim T, Peinado M, Kang B B. Hacking in darkness: return-oriented programming against secure enclaves. In: Proceedings of USENIX Security Symposium. 2017, 523–539
Biondo A, Conti M, Davi L, Frassetto T, Sadeghi A R. The guard’s dilemma: efficient code-reuse attacks against Intel SGX. In: Proceedings of the 27th USENIX Security Symposium. 2018, 1213–1227
Seo J, Lee B, Kim S M, Shih M W, Shin I, Han D, Kim T. SGX-shield: enabling address space layout randomization for SGX programs. In: Proceedings of Network and Distributed System Security Symposium (NDSS). 2017
Sinha R, Rajamani S, Seshia S, Vaswani K. Moat: verifying confidentiality of enclave programs. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 2015, 1169–1184
Buhren R, Hetzelt F, Pirnay N. On the detectability of control flow using memory access patterns. In: Proceedings of the 3rd Workshop on System Software for Trusted Execution. 2018, 48–53
Chandra S, Karande V, Lin Z, Khan L, Kantarcioglu M, Thuraisingham B. Securing data analytics on sgx with randomization. In: Proceedings of European Symposium on Research in Computer Security. 2017, 352–369
Strackx R, Piessens F. Ariadne: a minimal approach to state continuity. In: Proceedings of the 25th USENIX Security Symposium. 2016, 875–892
Costan V, Lebedev I A, Devadas S. Sanctum: minimal hardware extensions for strong software isolation. In: Proceedings of the USENIX Security Symposium. 2016, 857–874
Sasy S, Gorbunov S, Fletcher C W. ZeroTrace: oblivious memory primitives from Intel SGX. In: Proceedings of Symposium on Network and Distributed System Security. 2017
Völp M, Lackorzynski A, Decouchant J, Rahli V, Rocha F, Esteves V P. Avoiding leakage and synchronization attacks through enclave-side preemption control. In: Proceedings of the 1st Workshop on System Software for Trusted Execution. 2016, 1–6
Weiser S, Werner M. SGXIO: generic trusted I/O path for Intel SGX. In: Proceedings of the 7th ACM on Conference on Data and Application Security and Privacy. 2017, 261–268
Strackx R, Piessens F. Developing secure SGX enclaves: new challenges on the horizon. In: Proceedings of the 1st Workshop on System Software for Trusted Execution. 2016
Boneh D, Gueron S. Surnaming schemes, fast verification, and applications to SGX technology. In: Proceedings of Cryptographers’ Track at the RSA Conference. 2017, 149–164
Weisse O, Bertacco V, Austin T. Regaining lost cycles with HotCalls: a fast interface for SGX secure enclaves. ACM SIGARCH Computer Architecture News, 2017, 45(2): 81–93
Brandenburger M, Cachin C, Lorenz M, Kapitza R. Rollback and forking detection for trusted execution environments using lightweight collective memory. In: Proceedings of the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 2017, 157–168
Tian H, Zhang Q, Yan S, Rudnitsky A, Shacham L, Yariv R, Milshten N. Switchless calls made practical in Intel SGX. In: Proceedings of the 3rd Workshop on System Software for Trusted Execution. 2018, 22–27
Brenner S, Behlendorf M, Kapitza R. Trusted execution, and the impact of security on performance. In: Proceedings of the 3rd Workshop on System Software for Trusted Execution. 2018, 28–33
Tamrakar S, Liu J, Paverd A, Ekberg J E, Pinkas B, Asokan N. The circle game: scalable private membership test using trusted hardware. In: Proceedings of ACM on Asia Conference on Computer and Communications Security. 2017, 31–44
Saltzer J H, Schroeder M D. The protection of information in computer systems. Proceedings of the IEEE, 1975, 63(9): 1278–1308
Pirker M, Slamanig D. A framework for privacy-preserving mobile payment on security enhanced ARM TrustZone platforms. In: Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. 2012, 1155–1160
Smalley S, Craig R. Security enhanced (SE) Android: bring flexible MAC to Android. In: Proceedings of the 20th Annual Network and Distributed System Symposium. 2013, 20–38
Zheng C. Overview of security Enhanced Android’s security architecture. In: Proceedings of the 2nd International Conference on Teaching and Computational Science. 2014
Liu R, Srivastava M. PROTC: PROTeCting drone’s peripherals through ARM trustzone. In: Proceedings of the 3rd Workshop on Micro Aerial Vehicle Networks, Systems, and Applications. 2017, 1–6
Fitzek A, Achleitner F, Winter J, Hein D. The ANDIX research OS-ARM TrustZone meets industrial control systems security. In: Proceedings of the 13th IEEE International Conference on Industrial Informatics. 2015, 88–93
Ying K, Ahlawat A, Alsharifi B, Jiang Y, Thavai P, Du W. TruZ-Droid: integrating TrustZone with mobile operating system. In: Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services. 2018, 14–27
Winter J. Trusted computing building blocks for embedded linux-based ARM trustzone platforms. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing. 2008, 21–30
Jia L, Zhu M, Tu B. T-VMI: trusted virtual machine introspection in cloud environments. In: Proceedings of the 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing. 2017, 478–487
Cho H, Zhang P, Kim D, Park J, Lee C H, Zhao Z, Doupé A, Ahn G J. Prime+ count: novel cross-world covert channels on arm trustzone. In: Proceedings of the 34th Annual Computer Security Applications Conference. 2018, 441–452
Acknowledgements
This study was supported by Fund of Shaanxi Science and Technology Research and Development Plan Project (2015GY073). Shaanxi Key Research and Development Program (2019GY-057).
Author information
Authors and Affiliations
Corresponding author
Additional information
Wei Zheng is an associate professor in the School of Software and Microelectronics at University of Northwestern Polytechnical University, China. His current research interest focused on cloud computing, big data security, and software quality assurance. He has published more than 60 papers, including many of the top papers in the field of software engineering (such as TOSEM, FSE, ICSE, etc.).
Ying Wu received the BS degree from the school of Software and Microelectronics, Northwestern Polytechnical University, China. She is currently studying for a master’s degree in this faculty. Her research interests include information security and software engineering theory.
Xiaoxue Wu is currently a PhD candidate at Department of Automaiton, University of Northwestern Polytechnical, China. She received the MS degree in Software Engineering from University of Northwestern Polytechnical, China. Her main research interests are security testing and interactive machine learning. She has pubished over 10 articles in journals, conferences, and book chapters.
Chen Feng is a master degree candidate in the School of Automation at University of Northwestern Polytechnical University, China. Her current research is in software security testing, big data security and machine learning.
Yulei Sui is a faculty member at University of Technology Sydney (UTS), Australia. He is broadly interested in the research field of software engineering and programming languages, particularly interested in static and dynamic program analysis for software bug detection and compiler optimizations. He has been awarded an ICSE Distinguished Paper and a CGO Best Paper and an Australian Discovery Early Career Researcher Award (DECRA) 2017–2019.
Xiapu Luo is an assistant professor with the Department of Computing and an associate researcher with the Shenzhen Research Institute, The Hong Kong Polytechnic University, China. He received the PhD degree in Computer Science from The Hong Kong Polytechnic University, China, and was a post-doctoral research fellow with the Georgia Institute of Technology, USA. His current research focuses on smartphone security and privacy, network security and privacy, and Internet measurement.
Yajin Zhou received the PhD degree in computer science from North Carolina State University, USA. He is currently a ZJU 100 Young Professor with the Institute of Cyber Security Research and the College of Computer Science and Technology, Zhejiang University, China. His research mainly focuses on smartphone and system security.
Electronic Supplementary Material
Rights and permissions
About this article
Cite this article
Zheng, W., Wu, Y., Wu, X. et al. A survey of Intel SGX and its applications. Front. Comput. Sci. 15, 153808 (2021). https://doi.org/10.1007/s11704-019-9096-y
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11704-019-9096-y