Re: [PATCH 0/6] Intel Secure Guard Extensions

From: Dr. Greg Wettstein
Date: Wed May 04 2016 - 05:05:24 EST

Next message: Lars Ellenberg: "Re: [PATCH net-next v2] block/drbd: use nla_put_u64_64bit()"
Previous message: Michal Hocko: "Re: [PATCH 14/14] mm, oom, compaction: prevent from should_compact_retry looping for ever for costly orders"
In reply to: Pavel Machek: "Re: [PATCH 0/6] Intel Secure Guard Extensions"
Next in thread: Pavel Machek: "Re: [PATCH 0/6] Intel Secure Guard Extensions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 03, 2016 at 05:38:40PM +0200, Pavel Machek wrote:

> Hi!

Good morning, I hope everyone's day is starting out well.

> > I told my associates the first time I reviewed this technology that
> > SGX has the ability to be a bit of a Pandora's box and it seems to be
> > following that course.

> Can you elaborate on the Pandora's box? System administrator should
> be able to disable SGX on the system, and use system to do anything
> that could be done with the older CPUs, right?

Correct, there is certainly the on/off switch.

I viewed it as a Pandora's box secondary to the fact that it was the
first commodity based shrouded TEE that had the opportunity for
significant market penetration. As such and secondary to its
technical characteristics, it has the potential for both good and bad
and like TXT in the last decade it was/is bound to induce significant
debate secondary to software freedom and potential monopolistic
practices.

> > Intel is obviously cognizant of the risk surrounding illicit uses of
> > this technology since it clearly calls out that, by agreeing to have
> > their key signed, a developer agrees to not implement nefarious or
> > privacy invasive software. Given the known issues that Certificate

> Yeah, that's likely to work ... not :-(. "It is not spyware, it is
> just collecting some anonymous statistics."

The notion that an enclave can look out but could not be looked into
introduces privacy issues into the conversation, see my reflections on
Pandoras box... :-)

> > domination and control. They probably have enough on their hands with
> > attempting to convert humanity to FPGA's and away from devices which
> > are capable of maintaining a context of exection... :-)

> Heh. FPGAs are not designed to replace CPUs anytime soon... And
> probably never.

Never is a long time.

Intel has clearly drawn a very significant line in the sand with
respect to FPGA technology if you read Krzanich's reflections
regarding his re-organization of Intel. Whether or not they are
successful, they are going to declare a demarcation point with respect
to IOT devices which has the potential to impact the industry in
general and security in particular. On one side are going to be FPGA
based devices and on the other side devices with a context of
execution.

I doesn't require a long stretch of the imagination to see hordes of
IOT devices with specific behaviors burned into them which export
sensor or telemetry data upstream. Depending on how successful they
are with the Altera acquisition there are potentially positive
economic security factors which could be in play.

All of that is certainly not a conversation specific to SGX though.

> > In the TL;DR department I would highly recommend that anyone
> > interested in all of this read MIT's 170+ page review of the
> > technology before jumping to any conclusions.... :-)

> Would you have links for 1-5?

First off my apologies to the list as I loathe personal inaccuracy,
the MIT review paper is only 117 pages long. I was typing the last
e-mail at 0405 in the morning and was scrambling for the opportunity
to get 50 minutes of sleep so my proofreading was sloppy... :-)

The following should provide ample bedstand reading material for those
interested in SGX and TEE's:

1.) HASP/SGX paper:
https://software.intel.com/sites/default/files/article/413939/hasp-2013-innovative-technology-for-attestation-and-sealing.pdf

2.) IAGO threat model:
https://cseweb.ucsd.edu/~hovav/dist/iago.pdf

3.) Haven paper:
http://research.microsoft.com/pubs/223450/osdi2014-haven.pdf

4.) Controlled sidechannel attacks:
http://research.microsoft.com/pubs/246400/ctrlchannels-oakland-2015.pdf

https://software.intel.com/en-us/blogs/2015/05/19/look-both-ways-and-watch-out-for-side-channels

5.) MIT/SGX analysis:
https://eprint.iacr.org/2016/086.pdf

> Thanks,
> Pavel

No problem, enjoy the reading.... :-)

Have a good day.

Greg

As always,
Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC.
4206 N. 19th Ave. Specializing in information infra-structure
Fargo, ND 58102 development.
PH: 701-281-1686
FAX: 701-281-3949 EMAIL: greg@xxxxxxxxxxxx
------------------------------------------------------------------------------
"One problem with monolithic business structures is losing sight
of the fundamental importance of mathematics. Consider committees;
commonly forgotten is the relationship that given a projection of N
individuals to complete an assignment the most effective number of
people to assign to the committee is given by f(N) = N - (N-1)."
-- Dr. G.W. Wettstein
Guerrilla Tactics for Corporate Survival

Next message: Lars Ellenberg: "Re: [PATCH net-next v2] block/drbd: use nla_put_u64_64bit()"
Previous message: Michal Hocko: "Re: [PATCH 14/14] mm, oom, compaction: prevent from should_compact_retry looping for ever for costly orders"
In reply to: Pavel Machek: "Re: [PATCH 0/6] Intel Secure Guard Extensions"
Next in thread: Pavel Machek: "Re: [PATCH 0/6] Intel Secure Guard Extensions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]