Hardening Intel SGX Applications: Balancing Concerns

© 2017 ACM. Today's technologies such as Intel SGX enable developers to protect applications from more privileged security layers. Applications can be developed with significantly smaller TCBs than before. Two main techniques have emerged to harden applications for these newsecurity architectures. One focuses on partitioning applications in pieces-of-Applicationlogic thereby isolating security-sensitive parts in their own enclaves. The other moves full unmodified applications to a single enclave tied together with a library OS. In this paper we argue that both techniques should be treated as separate security mechanisms each providing their own balance in terms of security, performance and usability.status: publishe