Simon P. Johnson

Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave

We introduce Intel® Software Guard Extensions (Intel® SGX) SGX2 which extends the SGX instruction set to include dynamic memory management support for enclaves. Intel® SGX is a subset of the Intel Architecture Instruction Set [1]. SGX1 allows an application developer to build a trusted environment and execute inside that space. However SGX1 imposes limitations regarding memory commitment and reuse of enclave memory. The software developer is required to allocate all memory at enclave instantiation. This paper describes new instructions and programming models to extend support for dynamic memory management inside an enclave.

SHA-512/256

With the emergence of pervasive 64 bit computing we observe that it is more cost effective to compute a SHA-512 than it is to compute a SHA-256 over a given size of data. We propose a standard way to use SHA-512 and truncate its output to 256 bits. For 64 bit architectures, this would yield a more efficient 256 bit hashing algorithm, than the current SHA-256. We call this method SHA-512/256. We also provide a method for reducing the size of the SHA-512 constants table that an implementation will need to store.

Infrastructure for Trusted Environment: In Search of a Solution

Millions of PCs are currently sold equipped with a Trusted Platform Module, TPM, serving as a root of trust on the platform. Trusted Computing as an area of security has acquired significant visibility, and many new products and a growing number of research projects in areas ranging from virtualization to network security are based on Trusted Computing technologies and vision. In order to fully realize the vision of the Trusted Computing community, dedicated or compatible trust infrastructure for verification and attestation is required. Similar to other trust-enabling technologies, Trusted Computing needs an infrastructure that can verify the claim that a device is genuine and can be trusted to take part in a transaction, in which it is involved. Such an infrastructure will enable an environment where individuals can use the technology for protected transactions and potentially employ less risky authentication methods. This paper explores the role of infrastructure in Trusted Computing, starting with the discussion of the infrastructure’s importance and issues in trust establishment, followed by the description of the basics of Trusted Computing functionality requiring infrastructure support. We use examples of other trust enabling infrastructures, such as general-purpose PKI and infrastructure for Identity Federation to highlight common approaches. Finally, we touch upon economics of trust and intermediation, in order to define potential models for building enabling infrastructure for Trusted Computing.. While the paper doesn’t propose concrete solutions for the infrastructure problem in Trusted Computing, some possible avenues of building the necessary framework are outlined.