Chapter 8 - Trusted execution environment with Intel SGX

Abstract

Trusted execution environments (TEE) are emerging as a new form of computing on today's hardware. TEEs ensure that code outside of the TEE, including the operating system and hypervisor, cannot compromise the execution integrity and confidentiality of programs run inside the TEE. Based on hardware-rooted trust, TEEs additionally allow to prove the integrity of such execution even to remote third parties (remote attestation). By using TEEs that protect not only against software attackers but also hardware attackers, even the cloud provider is moved out of the trust domain. By leveraging such hardware-based TEEs, there is an alternate approach on building secure multiparty computation toolkits. One such TEE is from Intel Software Guard Extension (SGX) technology available in current hardware. This chapter describes the abstractions and properties offered by TEEs, explains the realization of the TEE abstraction in Intel SGX, explores the deployment of SGX in the Cloud to realize secure multiparty applications, and finishes with an Outlook on challenges and opportunities ahead.