SGX Reading List
SGX technology
Victor Costan and Srinivas Devadas, 2016.
SGX Secure Enclaves in Practice Security and Crypto Review
JP Aumasson, Luis Merino, Blackhat 2016
Innovative Technology for CPU Based Attestation and Sealing
I. Anati, S. Gueron, S. P. Johnson, and V. R. Scarlata, HASP 2013.
Innovative Instructions and Software Model for Isolated Execution
F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar, HASP 2013.
Intel® Software Guard Extensions (Intel® SGX) Software Support for Dynamic Memory Allocation inside an Enclave, Bin Cedric Xing, Mark Shanahan, Rebekah Leslie-Hurd, HASP'16
Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave, Frank McKeen, Ilya Alexandrovich, Ittai Anati, Dror Caspi, Simon Johnson, Rebekah Leslie-Hurd, Carlos Rozas, HASP'16
Attacks and defenses (for both H/W and S/W)
Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems
Yuanzhong Xu, Weidong Cui, Marcus Peinado, S&P'15
Moat: Verifying confidentiality of enclave programs
R. Sinha, S. Rajamani, S. Seshia, and K. Vaswani, ACM CCS 2015
Inferring fine-grained control flow inside SGX enclaves with branch shadowing
S Lee, MW Shih, P Gera, T Kim, H Kim, ArXiv 2016
Sanctum: Minimal hardware extensions for strong software isolation
V Costan, I Lebedev, S Devadas USENIX Security 2016
Preventing Your Faults from Telling Your Secrets: Defenses against Pigeonhole Attacks
Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, Prateek Saxena, ASIACCS 2016
A Design and Verification Methodology for Secure Isolated Regions
Rohit Sinha, Manuel Costa, Akash Lal, Nuno P. Lopes, Sriram Rajamani, Sanjit A. Seshia, Kapil Vaswani, PLDI 2016
AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves
Weichbrodt, Nico, Anil Kurmus, Peter Pietzuch, and Rüdiger Kapitza, ESORICS'16
SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs
Jaebaek Seo, Byoungyoung Lee, Sungmin Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, Taesoo Kim, NDSS 2017
T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs
M.-W. Shih, S. Lee, T. Kim, and M. Peinado, NDSS 2017
Useful tools for research
Intel Software Guard Extensions (Intel SGX) SDK
SGX virtualization:
https://github.com/01org/xen-sgx/wiki
https://github.com/01org/kvm-sgx/wiki
https://01.org/intelsoftware-guard-extensions/sgx-virtualization
OpenSGX: An Open Platform for SGX Research [code]
Prerit Jain, Soham Desai, Seongmin Kim, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin, Taesoo Kim, Brent Byunghoon Kang, Dongsu Han, NDSS 2016
Other useful software:
Openssl SGX port by the Tor-SGX people
Libevent SGX port by the Tor-SGX people
Rust SGX SDK
https://github.com/baidu/rust-sgx-sdk
Applications of SGX
Cloud computing/OS
Shielding Applications from an Untrusted Cloud with Haven
A. Baumann, M. Peinado, and G. Hunt, USENIX OSDI 2014
M2R: Enabling Stronger Privacy in MapReduce Computation
Tien Tuan Anh Dinh, Prateek Saxena, Ee-Chien Chang, Beng Chin Ooi, and Chunwang Zhang, USENIX Security 2015
VC3: Trustworthy data analytics in the cloud using SGX
F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich, IEEE Security and Privacy (SP) 2015
Ryoan:A Distributed Sandbox for Untrusted Computation on Secret Data
T. Hunt, Z. Zhu, Y. Xu, S. Peter, and E. Witchel, USENIX OSDI 2016.
Fast, Scalable and Secure Onloading of Edge Functions using AirBox
Ketan Bhardwaj, Ming-Wei Shih, Pragya Agarwal, Ada Gavrilovska, Taesoo Kim, and Karsten Schwan. IEEE/ACM Symposium on Edge Computing 2016
SCONE: Secure Linux Containers with Intel SGX
Arnautov S, Trach B, Gregor F, Knauth T, Martin A, Priebe C, Lind J, Muthukumaran D, O'Keeffe D, Stillwell ML, Goltzsche D, Eyers D, Kapitza R, Pietzuch P, Fetzer C
OSDI 2016
Panoply: Low-TCB Linux Applications With SGX Enclaves
Shweta Shinde, Dat Le Tien, Shruti Tople, Prateek Saxena, NDSS 17
Networking/P2P/IoT
A First Step Towards Leveraging Commodity Trusted Execution Environments for Network Applications Seongmin Kim, Youjung Shin, Jaehyung Ha, Taesoo Kim, Dongsu Han, ACM HotNets 2015
Town Crier: An Authenticated Data Feed for Smart Contracts
Fan Zhang, Ethan Cecchetti, Kyle Croman, Elaine Shi, and Ari Juels, CCS 2016
Teechan: Payment Channels Using Trusted Execution Environments
Joshua Lind, Ittay Eyal, Peter Pietzuch, and Emin Gun Sirer, 2016
Enhancing Security and Privacy of Tor's Ecosystem by using Trusted Execution Environments
Seongmin Kim, Juhyeng Han, Jaehyeong Ha, Taesoo Kim, Dongsu Han
USENIX NSDI 2017
(compiled by Dongsu Han)