Paper 2016/086

Intel SGX Explained

Victor Costan and Srinivas Devadas

Abstract

Intel's Software Guard Extensions (SGX) is a set of extensions to the Intel architecture that aims to provide integrity and privacy guarantees to security-sensitive computation performed on a computer where all the privileged software (kernel, hypervisor, etc) is potentially malicious. This paper analyzes Intel SGX, based on the 3 papers that introduced it, on the Intel Software Developer's Manual (which supersedes the SGX manuals), on an ISCA 2015 tutorial, and on two patents. We use the papers, reference manuals, and tutorial as primary data sources, and only draw on the patents to fill in missing information. This paper's contributions are a summary of the Intel-specific architectural and micro-architectural details needed to understand SGX, a detailed and structured presentation of the publicly available information on SGX, a series of intelligent guesses about some important but undocumented aspects of SGX, and an analysis of SGX's security properties.

Note: Fixed typos.

Metadata
Available format(s)
PDF
Publication info
Preprint.
Contact author(s)
victor @ costan us
History
2017-02-21: last of 4 revisions
2016-01-31: received
See all versions
Short URL
https://ia.cr/2016/086
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/086,
      author = {Victor Costan and Srinivas Devadas},
      title = {Intel {SGX} Explained},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/086},
      year = {2016},
      url = {https://eprint.iacr.org/2016/086}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.