ICE: A Passive, High-Speed, State-Continuity Scheme for Intel SGX

Presentation pdf 351KB

Protected-module architectures (PMAs) provide strong security guarantees executing software modules in complete isolation. The untrusted OS can be used to store the (confidentiality and integrity protected) states of modules but additional security measures need to be taken to prevent attackers to present stale states as being fresh. We present a fast, passive solution that does not depend on secure non-volatile storage for every state update.

Author(s):

Raoul Strackx    
KU Leuven
Belgium

Bart Jacobs    
KU Leuven
Belgium

Frank Piessens    
KU Leuven
Belgium