SlideShare une entreprise Scribd logo

Intel software guard extension

DESMOND YUEN
DESMOND YUEN

Intel® Software Guard Extensions (Intel® SGX) is Intel’s Trusted Execution Environment for client and data center. It provides the foundation for many secure use cases.

Logiciels
1  sur  21
Télécharger pour lire hors ligne
FOR EXTERNAL USE – 12th September , 2017
LegalDisclaimersandNotices No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest forecast, schedule, specifications and roadmaps. The products described in this document may contain defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com. Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. © 2017 Intel Corporation 2
3 Modern computing requires a capability to store secrets and execute securely – a “Trusted Execution Environment” (TEE). This need is increasing with new and more advanced threats in computing. 1 2 3 SGX is the result of many years of research and builds on a foundation of knowledge of bringing multiple security technologies to market and includes solutions to a number of very interesting challenges… Intel® Software Guard Extensions (Intel® SGX) is Intel’s TEE for client and data center. It provides the foundation for many secure use cases. Trusted Execution for all developers Executivesummary
4 Intel®SoftwareGuardExtension(SGX)Analogy Intel® SGX is analogous to a safe in your hotel room • You can put a few things in it – wallet, watch, sensitive documents, keys, etc., … not your entire house. • If the hotel experiences a catastrophic event, like a fire, your high value items are secure. • Similar to one’s high value items, our digital life needs to be secure. • SGX existence safeguards identity, data, and browsing, making your life easier and better. • SGX utilizes a small amount of CPU memory to protect sensitive application information.
Intel®SGXIntel SGXprovidesatrustedcomputingenclave(island)wheredataandapplicationsareprotectedindependentlyoftheoperatingsystemorhardware configurationitself.  Protects against SW attacks even if OS/drivers/ BIOS/VMM/SMM are compromised  Smallest possible Trusted Compute Block (TCB)  Secrets (data/keys/et al) remain protected even when attacker has full control of platform  Other technologies allow some privileged SW in their boundary  Prevents attacks like memory bus snooping, memory tampering, and “cold boot” attacks against memory contents in RAM  Protection for hard-to-protect or unprotected spaces  Provides hardware-based attestation capabilities to measure and verify valid code and data signatures  Increases transparency and accountability 5 Cloud Tenant & Data Provider Untrusted - CSP Environment Trusted – Intel® SGX enclave Protected Application Protected Input Data Secrets Ex. SSN, City, Credit Card Number Encrypted Data Encrypted Results
SGX enabled solutions can provide protection for workloads running on devices Services& Practices Solutions FPGA PC Client DataCenter Vehicles Storage New Devices Comms AI & Machine Learning Ecosystem3 Developers 4 SiliconFoundation1 5 IoT 2 SGX @ Root of Trust SGX Protects App Data & Content SGX APIs & SDKs Attestation Identity, Data, Compute Enablingtrustedcomputing@thesiliconrootoftrust 6
7 Academic papers More than 125 (83 in 2017) academic papers written on use cases (and potential vulnerabilities) for SGX Intel Confidential New use cases are being termed as “art of possibilities”
®
9 Execution Isolation at the Application boundary1 2 3 Recovery from HW Issues Attestation and Sealing at the Application boundary KeyChallenges
10 Execution Isolation at the Application boundary1 2 3 Recovery from HW Issues Attestation and Sealing at the Application boundary KeyChallenges
ReducingtheAttackSurface Hyper-focusedtrustboundary Application gains ability to defend its own secrets  Memory protection model changed for NEW protected region of memory (PRM)  New instructions added to create smallest attack surface Familiar IA Development and Debug  SDK & Integrated Dev Environment enhancements Scalable  Main core performance  All HW threads can used inside an enclave  Protected memory can be securely paged 11 Attack surface for legacy platforms Attack surface with Intel® SGX Hardware VMM OS App App App 1
Platform 12 SGXHigh-levelHardware/SoftwarePicture EPC M EPC SGX Module SGX User Runtime Enclave New Kernel Level Instructions ECREATE EADD EEXTEND EINIT EBLOCK SGX User Runtime Enclave Hdw Data Structure Hardware Runtime Application OS Data structure Application Environment Privileged Environment New Exposed Hardware New Application Level Instructions EEXIT EGETKEY EREPORT EENTER ERESUME Page tables ETRACK EWB ELD EPA EREMOVE 1
13 SGXAccessControl Traditional IA Page Table Checks Enclave Access? Address in EPC? Address in EPC? Check EPCM Checks Pass ? Signal Fault No Yes No Yes No Allow Memory Access Replace Address With Abort Page Yes No Yes Linear Address Physical Address Non-Enclave Access Enclave Access 1
Jco3lks937weu0cwejpoi9987v80we IncreasingPhysicalAttackProtection 1. Security perimeter is the CPU package boundary 2. Data and code unencrypted inside CPU package 3. Data and code outside CPU package is encrypted and integrity checked 4. External memory reads and bus snoops see only encrypted data 14 System Memory Snoop Snoop Cores CacheAMEX: 3234- 134584-26864 INTEL CONFIDENTIAL
15 Execution Isolation at the Application boundary1 2 3 Recovery from HW Issues Attestation and Sealing at the Application boundary KeyChallenges
16 CriticalFeatures:AttestationandSealing Remote Platform Client Application Enclave Authenticated Channel Intel    • App executes on local platform • HW based Attestation provides remote platform assurance that “this is the right app executing in the right platform” =>Remote platform can provision local platform with secrets • App can seal secrets to platform for future use 2
17 Execution Isolation at the Application boundary1 2 3 TCB Recovery Attestation and Sealing to the Application boundary KeyChallenges
TCBRecovery TCB recovery is the process of being able to cryptographically demonstrate that the TCB has been updated to fix a potential security issue  First we issue all the HW component with a “Security Version Number”  This is used to derive a “TCB specific” key from the HW key in the part.  When a new update is issued all keys are derived from a new TCB specific key.  Note: this mechanism is cannot be modified as part of a TCB update itself. 3 Unverifiable Code Base HW Key TCB KeyPRF TCB SVN
19 DataMigration But what about all the data sealed to an previous TCB key?  A backwards loop is used to provide forward secrecy, but allows “previous” TCB specific keys to be retrieved  This allows the CPU to continue to “go back” by performing additional PRF’s Unverifiable Code Base Initial Key TCB KeyPRF Derivation String (usually a constant) Temp Loop (MAX-SVN) times
20 Execution Isolation at the Application boundary1 2 3 Recovery from HW Issues Attestation and Sealing at the Application boundary KeyChallengessoftware.intel.com/SGX The site has the latest info on: SDK & Developer Resources White Papers Support Forum
21

Recommandé

SGX Trusted Execution Environment
SGX Trusted Execution EnvironmentSGX Trusted Execution Environment
SGX Trusted Execution EnvironmentKernel TLV
 
IOS/IOS-XE 運用管理機能アップデート
IOS/IOS-XE 運用管理機能アップデートIOS/IOS-XE 運用管理機能アップデート
IOS/IOS-XE 運用管理機能アップデートシスコシステムズ合同会社
 
Apache OpenWhiskで実現するプライベートFaaS環境 #tjdev
Apache OpenWhiskで実現するプライベートFaaS環境 #tjdevApache OpenWhiskで実現するプライベートFaaS環境 #tjdev
Apache OpenWhiskで実現するプライベートFaaS環境 #tjdevYahoo!デベロッパーネットワーク
 
Telemetry事始め
Telemetry事始めTelemetry事始め
Telemetry事始めnpsg
 
さくらのセキュアモバイルコネクトの仕組み
さくらのセキュアモバイルコネクトの仕組みさくらのセキュアモバイルコネクトの仕組み
さくらのセキュアモバイルコネクトの仕組みとうほぐモバイルミーティング
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshChristian Posta
 
Oracle Database統合のベスト・プラクティス
Oracle Database統合のベスト・プラクティスOracle Database統合のベスト・プラクティス
Oracle Database統合のベスト・プラクティスオラクルエンジニア通信
 
OpenStackを利用したNFVの商用化 - OpenStack最新情報セミナー 2017年7月
OpenStackを利用したNFVの商用化 - OpenStack最新情報セミナー 2017年7月OpenStackを利用したNFVの商用化 - OpenStack最新情報セミナー 2017年7月
OpenStackを利用したNFVの商用化 - OpenStack最新情報セミナー 2017年7月VirtualTech Japan Inc.
 

Recommandé

SGX Trusted Execution Environment
SGX Trusted Execution EnvironmentSGX Trusted Execution Environment
SGX Trusted Execution EnvironmentKernel TLV
 
IOS/IOS-XE 運用管理機能アップデート
IOS/IOS-XE 運用管理機能アップデートIOS/IOS-XE 運用管理機能アップデート
IOS/IOS-XE 運用管理機能アップデートシスコシステムズ合同会社
 
Apache OpenWhiskで実現するプライベートFaaS環境 #tjdev
Apache OpenWhiskで実現するプライベートFaaS環境 #tjdevApache OpenWhiskで実現するプライベートFaaS環境 #tjdev
Apache OpenWhiskで実現するプライベートFaaS環境 #tjdevYahoo!デベロッパーネットワーク
 
Telemetry事始め
Telemetry事始めTelemetry事始め
Telemetry事始めnpsg
 
さくらのセキュアモバイルコネクトの仕組み
さくらのセキュアモバイルコネクトの仕組みさくらのセキュアモバイルコネクトの仕組み
さくらのセキュアモバイルコネクトの仕組みとうほぐモバイルミーティング
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshChristian Posta
 
Oracle Database統合のベスト・プラクティス
Oracle Database統合のベスト・プラクティスOracle Database統合のベスト・プラクティス
Oracle Database統合のベスト・プラクティスオラクルエンジニア通信
 
OpenStackを利用したNFVの商用化 - OpenStack最新情報セミナー 2017年7月
OpenStackを利用したNFVの商用化 - OpenStack最新情報セミナー 2017年7月OpenStackを利用したNFVの商用化 - OpenStack最新情報セミナー 2017年7月
OpenStackを利用したNFVの商用化 - OpenStack最新情報セミナー 2017年7月VirtualTech Japan Inc.
 
GitLabをバックアップしてみた
GitLabをバックアップしてみたGitLabをバックアップしてみた
GitLabをバックアップしてみたVirtualTech Japan Inc./Begi.net Inc.
 
OSSコミッタの生活とその必要性
OSSコミッタの生活とその必要性OSSコミッタの生活とその必要性
OSSコミッタの生活とその必要性Hirofumi Ichihara
 
ガチで聞く!ヤフーのOpenStackプライベート・クラウドの実態とは
ガチで聞く!ヤフーのOpenStackプライベート・クラウドの実態とはガチで聞く!ヤフーのOpenStackプライベート・クラウドの実態とは
ガチで聞く!ヤフーのOpenStackプライベート・クラウドの実態とはBrocade
 
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris KelloggSecuring your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris KelloggStreamNative
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Ahmed Mohamed Mahmoud
 
Integrated Cache on Netscaler
Integrated Cache on NetscalerIntegrated Cache on Netscaler
Integrated Cache on NetscalerMark Hillick
 
AIoT and edge computing solutions
AIoT and edge computing solutionsAIoT and edge computing solutions
AIoT and edge computing solutions湯米吳 Tommy Wu
 
Performance Testing REST APIs
Performance Testing REST APIsPerformance Testing REST APIs
Performance Testing REST APIsJason Weden
 
Integrating Service Mesh with Kubernetes-based connected vehicle platform
Integrating Service Mesh with Kubernetes-based connected vehicle platformIntegrating Service Mesh with Kubernetes-based connected vehicle platform
Integrating Service Mesh with Kubernetes-based connected vehicle platformJun Kai Yong
 
最近のOpenStackを振り返ってみよう
最近のOpenStackを振り返ってみよう最近のOpenStackを振り返ってみよう
最近のOpenStackを振り返ってみようTakashi Kajinami
 
微服務架構|01|入門微服務|到底什麼是微服務?
微服務架構|01|入門微服務|到底什麼是微服務?微服務架構|01|入門微服務|到底什麼是微服務?
微服務架構|01|入門微服務|到底什麼是微服務?Kuo Lung Chu
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...DevOps.com
 
KubeCon 2021 NA Recap - Scheduler拡張事例最前線 / Kubernetes Meetup Tokyo #47 / #k8sjp
KubeCon 2021 NA Recap - Scheduler拡張事例最前線 / Kubernetes Meetup Tokyo #47 / #k8sjpKubeCon 2021 NA Recap - Scheduler拡張事例最前線 / Kubernetes Meetup Tokyo #47 / #k8sjp
KubeCon 2021 NA Recap - Scheduler拡張事例最前線 / Kubernetes Meetup Tokyo #47 / #k8sjpPreferred Networks
 
初めての Spanner 移行
初めての Spanner 移行初めての Spanner 移行
初めての Spanner 移行Igarashi Toru
 
Ovs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offloadOvs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offloadKevin Traynor
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
 
Embedded For You - Online sample magazine
Embedded For You - Online sample magazineEmbedded For You - Online sample magazine
Embedded For You - Online sample magazineAcademy Of Embedded Technology
 
閉域網接続の技術入門
閉域網接続の技術入門閉域網接続の技術入門
閉域網接続の技術入門Masayuki Kobayashi
 
「ネットワーク超入門 IPsec VPN編」
「ネットワーク超入門 IPsec VPN編」「ネットワーク超入門 IPsec VPN編」
「ネットワーク超入門 IPsec VPN編」富士通クラウドテクノロジーズ株式会社
 
Goss入門
Goss入門Goss入門
Goss入門ShuyaMotouchi1
 
Intel_IoT_gateway.pdf
Intel_IoT_gateway.pdfIntel_IoT_gateway.pdf
Intel_IoT_gateway.pdfFitzgeraldSungkyungP
 
Preparing the Data Center for the Internet of Things
Preparing the Data Center for the Internet of ThingsPreparing the Data Center for the Internet of Things
Preparing the Data Center for the Internet of ThingsIntel IoT
 

Contenu connexe

Tendances

OSSコミッタの生活とその必要性
OSSコミッタの生活とその必要性OSSコミッタの生活とその必要性
OSSコミッタの生活とその必要性Hirofumi Ichihara
 
ガチで聞く!ヤフーのOpenStackプライベート・クラウドの実態とは
ガチで聞く!ヤフーのOpenStackプライベート・クラウドの実態とはガチで聞く!ヤフーのOpenStackプライベート・クラウドの実態とは
ガチで聞く!ヤフーのOpenStackプライベート・クラウドの実態とはBrocade
 
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris KelloggSecuring your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris KelloggStreamNative
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Ahmed Mohamed Mahmoud
 
Integrated Cache on Netscaler
Integrated Cache on NetscalerIntegrated Cache on Netscaler
Integrated Cache on NetscalerMark Hillick
 
AIoT and edge computing solutions
AIoT and edge computing solutionsAIoT and edge computing solutions
AIoT and edge computing solutions湯米吳 Tommy Wu
 
Performance Testing REST APIs
Performance Testing REST APIsPerformance Testing REST APIs
Performance Testing REST APIsJason Weden
 
Integrating Service Mesh with Kubernetes-based connected vehicle platform
Integrating Service Mesh with Kubernetes-based connected vehicle platformIntegrating Service Mesh with Kubernetes-based connected vehicle platform
Integrating Service Mesh with Kubernetes-based connected vehicle platformJun Kai Yong
 
最近のOpenStackを振り返ってみよう
最近のOpenStackを振り返ってみよう最近のOpenStackを振り返ってみよう
最近のOpenStackを振り返ってみようTakashi Kajinami
 
微服務架構|01|入門微服務|到底什麼是微服務?
微服務架構|01|入門微服務|到底什麼是微服務?微服務架構|01|入門微服務|到底什麼是微服務?
微服務架構|01|入門微服務|到底什麼是微服務?Kuo Lung Chu
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...DevOps.com
 
KubeCon 2021 NA Recap - Scheduler拡張事例最前線 / Kubernetes Meetup Tokyo #47 / #k8sjp
KubeCon 2021 NA Recap - Scheduler拡張事例最前線 / Kubernetes Meetup Tokyo #47 / #k8sjpKubeCon 2021 NA Recap - Scheduler拡張事例最前線 / Kubernetes Meetup Tokyo #47 / #k8sjp
KubeCon 2021 NA Recap - Scheduler拡張事例最前線 / Kubernetes Meetup Tokyo #47 / #k8sjpPreferred Networks
 
初めての Spanner 移行
初めての Spanner 移行初めての Spanner 移行
初めての Spanner 移行Igarashi Toru
 
Ovs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offloadOvs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offloadKevin Traynor
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
 
閉域網接続の技術入門
閉域網接続の技術入門閉域網接続の技術入門
閉域網接続の技術入門Masayuki Kobayashi
 

Tendances (20)

GitLabをバックアップしてみた
GitLabをバックアップしてみたGitLabをバックアップしてみた
GitLabをバックアップしてみた
 
OSSコミッタの生活とその必要性
OSSコミッタの生活とその必要性OSSコミッタの生活とその必要性
OSSコミッタの生活とその必要性
 
ガチで聞く!ヤフーのOpenStackプライベート・クラウドの実態とは
ガチで聞く!ヤフーのOpenStackプライベート・クラウドの実態とはガチで聞く!ヤフーのOpenStackプライベート・クラウドの実態とは
ガチで聞く!ヤフーのOpenStackプライベート・クラウドの実態とは
 
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris KelloggSecuring your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris Kellogg
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
 
Integrated Cache on Netscaler
Integrated Cache on NetscalerIntegrated Cache on Netscaler
Integrated Cache on Netscaler
 
AIoT and edge computing solutions
AIoT and edge computing solutionsAIoT and edge computing solutions
AIoT and edge computing solutions
 
Performance Testing REST APIs
Performance Testing REST APIsPerformance Testing REST APIs
Performance Testing REST APIs
 
Integrating Service Mesh with Kubernetes-based connected vehicle platform
Integrating Service Mesh with Kubernetes-based connected vehicle platformIntegrating Service Mesh with Kubernetes-based connected vehicle platform
Integrating Service Mesh with Kubernetes-based connected vehicle platform
 
最近のOpenStackを振り返ってみよう
最近のOpenStackを振り返ってみよう最近のOpenStackを振り返ってみよう
最近のOpenStackを振り返ってみよう
 
微服務架構|01|入門微服務|到底什麼是微服務?
微服務架構|01|入門微服務|到底什麼是微服務?微服務架構|01|入門微服務|到底什麼是微服務?
微服務架構|01|入門微服務|到底什麼是微服務?
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
 
KubeCon 2021 NA Recap - Scheduler拡張事例最前線 / Kubernetes Meetup Tokyo #47 / #k8sjp
KubeCon 2021 NA Recap - Scheduler拡張事例最前線 / Kubernetes Meetup Tokyo #47 / #k8sjpKubeCon 2021 NA Recap - Scheduler拡張事例最前線 / Kubernetes Meetup Tokyo #47 / #k8sjp
KubeCon 2021 NA Recap - Scheduler拡張事例最前線 / Kubernetes Meetup Tokyo #47 / #k8sjp
 
初めての Spanner 移行
初めての Spanner 移行初めての Spanner 移行
初めての Spanner 移行
 
Ovs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offloadOvs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offload
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
 
Embedded For You - Online sample magazine
Embedded For You - Online sample magazineEmbedded For You - Online sample magazine
Embedded For You - Online sample magazine
 
閉域網接続の技術入門
閉域網接続の技術入門閉域網接続の技術入門
閉域網接続の技術入門
 
「ネットワーク超入門 IPsec VPN編」
「ネットワーク超入門 IPsec VPN編」「ネットワーク超入門 IPsec VPN編」
「ネットワーク超入門 IPsec VPN編」
 
Goss入門
Goss入門Goss入門
Goss入門
 

Similaire à Intel software guard extension

Preparing the Data Center for the Internet of Things
Preparing the Data Center for the Internet of ThingsPreparing the Data Center for the Internet of Things
Preparing the Data Center for the Internet of ThingsIntel IoT
 
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...HPC DAY
 
Cloud Security Secure Your Infrastructure
Cloud Security Secure Your InfrastructureCloud Security Secure Your Infrastructure
Cloud Security Secure Your Infrastructurexband
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructureIntel IT Center
 
Re-Imagining the Data Center with Intel
Re-Imagining the Data Center with IntelRe-Imagining the Data Center with Intel
Re-Imagining the Data Center with IntelIntel IT Center
 
Tackling Retail Technology Management Challenges at the Edge
Tackling Retail Technology Management Challenges at the EdgeTackling Retail Technology Management Challenges at the Edge
Tackling Retail Technology Management Challenges at the EdgeRebekah Rodriguez
 
Hetergeneous Compute with Standards Based OFI/MPI/OpenMP Programming
Hetergeneous Compute with Standards Based OFI/MPI/OpenMP ProgrammingHetergeneous Compute with Standards Based OFI/MPI/OpenMP Programming
Hetergeneous Compute with Standards Based OFI/MPI/OpenMP ProgrammingIntel® Software
 
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureDPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureJim St. Leger
 
Open security controller security orchestration for openstack
Open security controller security orchestration for openstackOpen security controller security orchestration for openstack
Open security controller security orchestration for openstackPriyanka Aash
 
Comguard expanding-portfolio
Comguard expanding-portfolioComguard expanding-portfolio
Comguard expanding-portfolioxband
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
“Acceleration of Deep Learning Using OpenVINO: 3D Seismic Case Study,” a Pres...
“Acceleration of Deep Learning Using OpenVINO: 3D Seismic Case Study,” a Pres...“Acceleration of Deep Learning Using OpenVINO: 3D Seismic Case Study,” a Pres...
“Acceleration of Deep Learning Using OpenVINO: 3D Seismic Case Study,” a Pres...Edge AI and Vision Alliance
 
Introduction to container networking in K8s - SDN/NFV London meetup
Introduction to container networking in K8s - SDN/NFV London meetupIntroduction to container networking in K8s - SDN/NFV London meetup
Introduction to container networking in K8s - SDN/NFV London meetupHaidee McMahon
 
Intel’s Big Data and Hadoop Security Initiatives - StampedeCon 2014
Intel’s Big Data and Hadoop Security Initiatives - StampedeCon 2014Intel’s Big Data and Hadoop Security Initiatives - StampedeCon 2014
Intel’s Big Data and Hadoop Security Initiatives - StampedeCon 2014StampedeCon
 
Accelerate Ceph performance via SPDK related techniques
Accelerate Ceph performance via SPDK related techniques Accelerate Ceph performance via SPDK related techniques
Accelerate Ceph performance via SPDK related techniques Ceph Community
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of SystemsJamal Jamali
 
How Intel Security Ensures Identity Protection - Infographic
How Intel Security Ensures Identity Protection - InfographicHow Intel Security Ensures Identity Protection - Infographic
How Intel Security Ensures Identity Protection - InfographicIntel IT Center
 

Similaire à Intel software guard extension (20)

Intel_IoT_gateway.pdf
Intel_IoT_gateway.pdfIntel_IoT_gateway.pdf
Intel_IoT_gateway.pdf
 
Preparing the Data Center for the Internet of Things
Preparing the Data Center for the Internet of ThingsPreparing the Data Center for the Internet of Things
Preparing the Data Center for the Internet of Things
 
The Intel Xeon Scalable Processor and IoT
The Intel Xeon Scalable Processor and IoTThe Intel Xeon Scalable Processor and IoT
The Intel Xeon Scalable Processor and IoT
 
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...
 
Cloud Security Secure Your Infrastructure
Cloud Security Secure Your InfrastructureCloud Security Secure Your Infrastructure
Cloud Security Secure Your Infrastructure
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructure
 
Re-Imagining the Data Center with Intel
Re-Imagining the Data Center with IntelRe-Imagining the Data Center with Intel
Re-Imagining the Data Center with Intel
 
Tackling Retail Technology Management Challenges at the Edge
Tackling Retail Technology Management Challenges at the EdgeTackling Retail Technology Management Challenges at the Edge
Tackling Retail Technology Management Challenges at the Edge
 
Hetergeneous Compute with Standards Based OFI/MPI/OpenMP Programming
Hetergeneous Compute with Standards Based OFI/MPI/OpenMP ProgrammingHetergeneous Compute with Standards Based OFI/MPI/OpenMP Programming
Hetergeneous Compute with Standards Based OFI/MPI/OpenMP Programming
 
Clear Linux OS - Introduction
Clear Linux OS - IntroductionClear Linux OS - Introduction
Clear Linux OS - Introduction
 
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureDPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
 
Open security controller security orchestration for openstack
Open security controller security orchestration for openstackOpen security controller security orchestration for openstack
Open security controller security orchestration for openstack
 
Comguard expanding-portfolio
Comguard expanding-portfolioComguard expanding-portfolio
Comguard expanding-portfolio
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
“Acceleration of Deep Learning Using OpenVINO: 3D Seismic Case Study,” a Pres...
“Acceleration of Deep Learning Using OpenVINO: 3D Seismic Case Study,” a Pres...“Acceleration of Deep Learning Using OpenVINO: 3D Seismic Case Study,” a Pres...
“Acceleration of Deep Learning Using OpenVINO: 3D Seismic Case Study,” a Pres...
 
Introduction to container networking in K8s - SDN/NFV London meetup
Introduction to container networking in K8s - SDN/NFV London meetupIntroduction to container networking in K8s - SDN/NFV London meetup
Introduction to container networking in K8s - SDN/NFV London meetup
 
Intel’s Big Data and Hadoop Security Initiatives - StampedeCon 2014
Intel’s Big Data and Hadoop Security Initiatives - StampedeCon 2014Intel’s Big Data and Hadoop Security Initiatives - StampedeCon 2014
Intel’s Big Data and Hadoop Security Initiatives - StampedeCon 2014
 
Accelerate Ceph performance via SPDK related techniques
Accelerate Ceph performance via SPDK related techniques Accelerate Ceph performance via SPDK related techniques
Accelerate Ceph performance via SPDK related techniques
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of Systems
 
How Intel Security Ensures Identity Protection - Infographic
How Intel Security Ensures Identity Protection - InfographicHow Intel Security Ensures Identity Protection - Infographic
How Intel Security Ensures Identity Protection - Infographic
 

Plus de DESMOND YUEN

2022-AI-Index-Report_Master.pdf
2022-AI-Index-Report_Master.pdf2022-AI-Index-Report_Master.pdf
2022-AI-Index-Report_Master.pdfDESMOND YUEN
 
Small Is the New Big
Small Is the New BigSmall Is the New Big
Small Is the New BigDESMOND YUEN
 
Intel® Blockscale™ ASIC Product Brief
Intel® Blockscale™ ASIC Product BriefIntel® Blockscale™ ASIC Product Brief
Intel® Blockscale™ ASIC Product BriefDESMOND YUEN
 
Cryptography Processing with 3rd Gen Intel Xeon Scalable Processors
Cryptography Processing with 3rd Gen Intel Xeon Scalable ProcessorsCryptography Processing with 3rd Gen Intel Xeon Scalable Processors
Cryptography Processing with 3rd Gen Intel Xeon Scalable ProcessorsDESMOND YUEN
 
Intel 2021 Product Security Report
Intel 2021 Product Security ReportIntel 2021 Product Security Report
Intel 2021 Product Security ReportDESMOND YUEN
 
How can regulation keep up as transformation races ahead? 2022 Global regulat...
How can regulation keep up as transformation races ahead? 2022 Global regulat...How can regulation keep up as transformation races ahead? 2022 Global regulat...
How can regulation keep up as transformation races ahead? 2022 Global regulat...DESMOND YUEN
 
NASA Spinoffs Help Fight Coronavirus, Clean Pollution, Grow Food, More
NASA Spinoffs Help Fight Coronavirus, Clean Pollution, Grow Food, MoreNASA Spinoffs Help Fight Coronavirus, Clean Pollution, Grow Food, More
NASA Spinoffs Help Fight Coronavirus, Clean Pollution, Grow Food, MoreDESMOND YUEN
 
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...DESMOND YUEN
 
PUTTING PEOPLE FIRST: ITS IS SMART COMMUNITIES AND CITIES
PUTTING PEOPLE FIRST: ITS IS SMART COMMUNITIES AND CITIESPUTTING PEOPLE FIRST: ITS IS SMART COMMUNITIES AND CITIES
PUTTING PEOPLE FIRST: ITS IS SMART COMMUNITIES AND CITIESDESMOND YUEN
 
BUILDING AN OPEN RAN ECOSYSTEM FOR EUROPE
BUILDING AN OPEN RAN ECOSYSTEM FOR EUROPEBUILDING AN OPEN RAN ECOSYSTEM FOR EUROPE
BUILDING AN OPEN RAN ECOSYSTEM FOR EUROPEDESMOND YUEN
 
An Introduction to Semiconductors and Intel
An Introduction to Semiconductors and IntelAn Introduction to Semiconductors and Intel
An Introduction to Semiconductors and IntelDESMOND YUEN
 
Changing demographics and economic growth bloom
Changing demographics and economic growth bloomChanging demographics and economic growth bloom
Changing demographics and economic growth bloomDESMOND YUEN
 
Intel’s Impacts on the US Economy
Intel’s Impacts on the US EconomyIntel’s Impacts on the US Economy
Intel’s Impacts on the US EconomyDESMOND YUEN
 
2021 private networks infographics
2021 private networks infographics2021 private networks infographics
2021 private networks infographicsDESMOND YUEN
 
Transforming the Modern City with the Intel-based 5G Smart City Road Side Uni...
Transforming the Modern City with the Intel-based 5G Smart City Road Side Uni...Transforming the Modern City with the Intel-based 5G Smart City Road Side Uni...
Transforming the Modern City with the Intel-based 5G Smart City Road Side Uni...DESMOND YUEN
 
Accelerate Your AI Today
Accelerate Your AI TodayAccelerate Your AI Today
Accelerate Your AI TodayDESMOND YUEN
 
Increasing Throughput per Node for Content Delivery Networks
Increasing Throughput per Node for Content Delivery NetworksIncreasing Throughput per Node for Content Delivery Networks
Increasing Throughput per Node for Content Delivery NetworksDESMOND YUEN
 
3rd Generation Intel® Xeon® Scalable Processor - Achieving 1 Tbps IPsec with ...
3rd Generation Intel® Xeon® Scalable Processor - Achieving 1 Tbps IPsec with ...3rd Generation Intel® Xeon® Scalable Processor - Achieving 1 Tbps IPsec with ...
3rd Generation Intel® Xeon® Scalable Processor - Achieving 1 Tbps IPsec with ...DESMOND YUEN
 
"Life and Learning After One-Hundred Years: Trust Is The Coin Of The Realm."
"Life and Learning After One-Hundred Years: Trust Is The Coin Of The Realm.""Life and Learning After One-Hundred Years: Trust Is The Coin Of The Realm."
"Life and Learning After One-Hundred Years: Trust Is The Coin Of The Realm."DESMOND YUEN
 
Telefónica views on the design, architecture, and technology of 4G/5G Open RA...
Telefónica views on the design, architecture, and technology of 4G/5G Open RA...Telefónica views on the design, architecture, and technology of 4G/5G Open RA...
Telefónica views on the design, architecture, and technology of 4G/5G Open RA...DESMOND YUEN
 

Plus de DESMOND YUEN (20)

2022-AI-Index-Report_Master.pdf
2022-AI-Index-Report_Master.pdf2022-AI-Index-Report_Master.pdf
2022-AI-Index-Report_Master.pdf
 
Small Is the New Big
Small Is the New BigSmall Is the New Big
Small Is the New Big
 
Intel® Blockscale™ ASIC Product Brief
Intel® Blockscale™ ASIC Product BriefIntel® Blockscale™ ASIC Product Brief
Intel® Blockscale™ ASIC Product Brief
 
Cryptography Processing with 3rd Gen Intel Xeon Scalable Processors
Cryptography Processing with 3rd Gen Intel Xeon Scalable ProcessorsCryptography Processing with 3rd Gen Intel Xeon Scalable Processors
Cryptography Processing with 3rd Gen Intel Xeon Scalable Processors
 
Intel 2021 Product Security Report
Intel 2021 Product Security ReportIntel 2021 Product Security Report
Intel 2021 Product Security Report
 
How can regulation keep up as transformation races ahead? 2022 Global regulat...
How can regulation keep up as transformation races ahead? 2022 Global regulat...How can regulation keep up as transformation races ahead? 2022 Global regulat...
How can regulation keep up as transformation races ahead? 2022 Global regulat...
 
NASA Spinoffs Help Fight Coronavirus, Clean Pollution, Grow Food, More
NASA Spinoffs Help Fight Coronavirus, Clean Pollution, Grow Food, MoreNASA Spinoffs Help Fight Coronavirus, Clean Pollution, Grow Food, More
NASA Spinoffs Help Fight Coronavirus, Clean Pollution, Grow Food, More
 
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
 
PUTTING PEOPLE FIRST: ITS IS SMART COMMUNITIES AND CITIES
PUTTING PEOPLE FIRST: ITS IS SMART COMMUNITIES AND CITIESPUTTING PEOPLE FIRST: ITS IS SMART COMMUNITIES AND CITIES
PUTTING PEOPLE FIRST: ITS IS SMART COMMUNITIES AND CITIES
 
BUILDING AN OPEN RAN ECOSYSTEM FOR EUROPE
BUILDING AN OPEN RAN ECOSYSTEM FOR EUROPEBUILDING AN OPEN RAN ECOSYSTEM FOR EUROPE
BUILDING AN OPEN RAN ECOSYSTEM FOR EUROPE
 
An Introduction to Semiconductors and Intel
An Introduction to Semiconductors and IntelAn Introduction to Semiconductors and Intel
An Introduction to Semiconductors and Intel
 
Changing demographics and economic growth bloom
Changing demographics and economic growth bloomChanging demographics and economic growth bloom
Changing demographics and economic growth bloom
 
Intel’s Impacts on the US Economy
Intel’s Impacts on the US EconomyIntel’s Impacts on the US Economy
Intel’s Impacts on the US Economy
 
2021 private networks infographics
2021 private networks infographics2021 private networks infographics
2021 private networks infographics
 
Transforming the Modern City with the Intel-based 5G Smart City Road Side Uni...
Transforming the Modern City with the Intel-based 5G Smart City Road Side Uni...Transforming the Modern City with the Intel-based 5G Smart City Road Side Uni...
Transforming the Modern City with the Intel-based 5G Smart City Road Side Uni...
 
Accelerate Your AI Today
Accelerate Your AI TodayAccelerate Your AI Today
Accelerate Your AI Today
 
Increasing Throughput per Node for Content Delivery Networks
Increasing Throughput per Node for Content Delivery NetworksIncreasing Throughput per Node for Content Delivery Networks
Increasing Throughput per Node for Content Delivery Networks
 
3rd Generation Intel® Xeon® Scalable Processor - Achieving 1 Tbps IPsec with ...
3rd Generation Intel® Xeon® Scalable Processor - Achieving 1 Tbps IPsec with ...3rd Generation Intel® Xeon® Scalable Processor - Achieving 1 Tbps IPsec with ...
3rd Generation Intel® Xeon® Scalable Processor - Achieving 1 Tbps IPsec with ...
 
"Life and Learning After One-Hundred Years: Trust Is The Coin Of The Realm."
"Life and Learning After One-Hundred Years: Trust Is The Coin Of The Realm.""Life and Learning After One-Hundred Years: Trust Is The Coin Of The Realm."
"Life and Learning After One-Hundred Years: Trust Is The Coin Of The Realm."
 
Telefónica views on the design, architecture, and technology of 4G/5G Open RA...
Telefónica views on the design, architecture, and technology of 4G/5G Open RA...Telefónica views on the design, architecture, and technology of 4G/5G Open RA...
Telefónica views on the design, architecture, and technology of 4G/5G Open RA...
 

Dernier

React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 

Dernier (20)

React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 

Intel software guard extension

  • 1. FOR EXTERNAL USE – 12th September , 2017
  • 2. LegalDisclaimersandNotices No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest forecast, schedule, specifications and roadmaps. The products described in this document may contain defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com. Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. © 2017 Intel Corporation 2
  • 3. 3 Modern computing requires a capability to store secrets and execute securely – a “Trusted Execution Environment” (TEE). This need is increasing with new and more advanced threats in computing. 1 2 3 SGX is the result of many years of research and builds on a foundation of knowledge of bringing multiple security technologies to market and includes solutions to a number of very interesting challenges… Intel® Software Guard Extensions (Intel® SGX) is Intel’s TEE for client and data center. It provides the foundation for many secure use cases. Trusted Execution for all developers Executivesummary
  • 4. 4 Intel®SoftwareGuardExtension(SGX)Analogy Intel® SGX is analogous to a safe in your hotel room • You can put a few things in it – wallet, watch, sensitive documents, keys, etc., … not your entire house. • If the hotel experiences a catastrophic event, like a fire, your high value items are secure. • Similar to one’s high value items, our digital life needs to be secure. • SGX existence safeguards identity, data, and browsing, making your life easier and better. • SGX utilizes a small amount of CPU memory to protect sensitive application information.
  • 5. Intel®SGXIntel SGXprovidesatrustedcomputingenclave(island)wheredataandapplicationsareprotectedindependentlyoftheoperatingsystemorhardware configurationitself.  Protects against SW attacks even if OS/drivers/ BIOS/VMM/SMM are compromised  Smallest possible Trusted Compute Block (TCB)  Secrets (data/keys/et al) remain protected even when attacker has full control of platform  Other technologies allow some privileged SW in their boundary  Prevents attacks like memory bus snooping, memory tampering, and “cold boot” attacks against memory contents in RAM  Protection for hard-to-protect or unprotected spaces  Provides hardware-based attestation capabilities to measure and verify valid code and data signatures  Increases transparency and accountability 5 Cloud Tenant & Data Provider Untrusted - CSP Environment Trusted – Intel® SGX enclave Protected Application Protected Input Data Secrets Ex. SSN, City, Credit Card Number Encrypted Data Encrypted Results
  • 6. SGX enabled solutions can provide protection for workloads running on devices Services& Practices Solutions FPGA PC Client DataCenter Vehicles Storage New Devices Comms AI & Machine Learning Ecosystem3 Developers 4 SiliconFoundation1 5 IoT 2 SGX @ Root of Trust SGX Protects App Data & Content SGX APIs & SDKs Attestation Identity, Data, Compute Enablingtrustedcomputing@thesiliconrootoftrust 6
  • 7. 7 Academic papers More than 125 (83 in 2017) academic papers written on use cases (and potential vulnerabilities) for SGX Intel Confidential New use cases are being termed as “art of possibilities”
  • 8. ®
  • 9. 9 Execution Isolation at the Application boundary1 2 3 Recovery from HW Issues Attestation and Sealing at the Application boundary KeyChallenges
  • 10. 10 Execution Isolation at the Application boundary1 2 3 Recovery from HW Issues Attestation and Sealing at the Application boundary KeyChallenges
  • 11. ReducingtheAttackSurface Hyper-focusedtrustboundary Application gains ability to defend its own secrets  Memory protection model changed for NEW protected region of memory (PRM)  New instructions added to create smallest attack surface Familiar IA Development and Debug  SDK & Integrated Dev Environment enhancements Scalable  Main core performance  All HW threads can used inside an enclave  Protected memory can be securely paged 11 Attack surface for legacy platforms Attack surface with Intel® SGX Hardware VMM OS App App App 1
  • 12. Platform 12 SGXHigh-levelHardware/SoftwarePicture EPC M EPC SGX Module SGX User Runtime Enclave New Kernel Level Instructions ECREATE EADD EEXTEND EINIT EBLOCK SGX User Runtime Enclave Hdw Data Structure Hardware Runtime Application OS Data structure Application Environment Privileged Environment New Exposed Hardware New Application Level Instructions EEXIT EGETKEY EREPORT EENTER ERESUME Page tables ETRACK EWB ELD EPA EREMOVE 1
  • 13. 13 SGXAccessControl Traditional IA Page Table Checks Enclave Access? Address in EPC? Address in EPC? Check EPCM Checks Pass ? Signal Fault No Yes No Yes No Allow Memory Access Replace Address With Abort Page Yes No Yes Linear Address Physical Address Non-Enclave Access Enclave Access 1
  • 14. Jco3lks937weu0cwejpoi9987v80we IncreasingPhysicalAttackProtection 1. Security perimeter is the CPU package boundary 2. Data and code unencrypted inside CPU package 3. Data and code outside CPU package is encrypted and integrity checked 4. External memory reads and bus snoops see only encrypted data 14 System Memory Snoop Snoop Cores CacheAMEX: 3234- 134584-26864 INTEL CONFIDENTIAL
  • 15. 15 Execution Isolation at the Application boundary1 2 3 Recovery from HW Issues Attestation and Sealing at the Application boundary KeyChallenges
  • 16. 16 CriticalFeatures:AttestationandSealing Remote Platform Client Application Enclave Authenticated Channel Intel    • App executes on local platform • HW based Attestation provides remote platform assurance that “this is the right app executing in the right platform” =>Remote platform can provision local platform with secrets • App can seal secrets to platform for future use 2
  • 17. 17 Execution Isolation at the Application boundary1 2 3 TCB Recovery Attestation and Sealing to the Application boundary KeyChallenges
  • 18. TCBRecovery TCB recovery is the process of being able to cryptographically demonstrate that the TCB has been updated to fix a potential security issue  First we issue all the HW component with a “Security Version Number”  This is used to derive a “TCB specific” key from the HW key in the part.  When a new update is issued all keys are derived from a new TCB specific key.  Note: this mechanism is cannot be modified as part of a TCB update itself. 3 Unverifiable Code Base HW Key TCB KeyPRF TCB SVN
  • 19. 19 DataMigration But what about all the data sealed to an previous TCB key?  A backwards loop is used to provide forward secrecy, but allows “previous” TCB specific keys to be retrieved  This allows the CPU to continue to “go back” by performing additional PRF’s Unverifiable Code Base Initial Key TCB KeyPRF Derivation String (usually a constant) Temp Loop (MAX-SVN) times
  • 20. 20 Execution Isolation at the Application boundary1 2 3 Recovery from HW Issues Attestation and Sealing at the Application boundary KeyChallengessoftware.intel.com/SGX The site has the latest info on: SDK & Developer Resources White Papers Support Forum
  • 21. 21