Secure Execution Environments

Can you trust the operating system?

Can you trust your operating system if you do not control (or trust) how it booted?

  • Secure bootstrapping:

    • TPM attestation.

    • UEFI secure boot.

  • Remote attestation:

    • TPM attestation.

How can you protect your computation if you don't trust the operating system?

  • Intel SGX (Secure Guard eXtensions).

    • Allow user applications to protect code and data from others within enclaves.

    • Enclaves are not observable by code running with different privileges.

      • OS kernels, hypervisors, etc.

Protection from untrusted code: sandboxes

Executing applications have a set of privileges and a view over a set of resources.

Sandboxes allow the execution of applications with limited privileges or limited resources.

  • e.g. forbid remote communications;

  • e.g. hide the majority of the file system;

  • e.g. allow volatile system changes.

PreviousTEE (Trusted Execution Environment)NextOperating system

Last updated