Best Telegram Programming Groups For Coders &Developers   It Wasn’t Me - Secure Your Account   Mr.Robot All Seasons 1,2,3 Full | Free Torrent Download   Mr.Robot All Seasons 1,2,3,4 Full | Watch Online [FREE]   5 Tips Will Keep You Safe During Christmas Holiday’s Online Shopping   You Can Get All Adobe Apps For $30 a Month Right Now   How To Wipe An iPhone Clean (ERASE) Before Selling?   Programming Languages To Learn To Be An Expert Hacker!   Cybercriminals exchange tips on underground forums about avoiding arrests   A comprehensive look into emerging Signal encrypted messaging application   A Detailed Comparison of WhatsApp, Telegram & Signal   How Telegram End-to-end Encryption Works To Provide Security ?   Flubot Malware is Spreading Quickly Through Android Devices   WhatsApp End-to-End Encryption and its Privacy Importance - Alternatives,Signal & Telegram   What is Credit Card Skimming And How To Protect Yourself From it ?   Where to hire react programmer and 3 essential skills to look for   Top 8 Basic Google Search Dorks [Live Examples]   [Penetration Testing] Top 70 Most Interview Questions   Why VPN Is Necessary ? [Detailed Guide]   Top 10 Dangerous Viruses Of All Times   List Of Common HTTP Error Status Codes   “Hello World!” Program In Different Programming Languages   100 Basic Computer Related G.K. Questions   Email Security - Tips And Tricks   Fonts Hub Collection (Free Design Resources)   Top 8 Softwares Free Download - No Credit Card Needed [2022 Update]   Shortcomings That Leads An Entrepreneur Towards Failure   5 Basic Steps To Protect Your Personal Data Online   What is Intel SGX and What are the Benefits ?   15 Things You Need to Know About Maintaining The Logs   How to think like a programmer - lessons in problem solving   How To Get Voice Like Anonymous Voice   Life Story of Microsoft Founder Bill Gates - Documentary   Own Private Search Engine in Linux Will Save Our Privacy   Best Etcher alternatives to Create Bootable USB   Music For Programming - Coding Music / Hacking Music   School Management Software v3.1 Premium + Crack   JavaFX Chat Client/Server + Source Code   Top 25 Keyword Research Tools [Search Engine Optimization]   A Quick SEO Checklist - 2023 Update   Online Domain Authority (DA) Rank Checker Websites   33 Things In SEO For Which Google Will Give Your Student Blog High Positions   How to Close the Site from indexing using robots.txt   10 SEO Tools all Small Businesses Need in 2023   Earth Rise Application + Code   Animation along a path + Code   Zen Pong Game in Java Language + Code   Simple Flying Bird Game + Code Files   Game Snake Simple + Code Files   The Space 'Sun & Earth' | HTML,CSS,JavaScript   File System in Web (Explorer in Windows and Finder in OSX)   Admin Dashboard Template built using Bootstrap + Code   Website Template For Admin Dashboard + Code   Youtube Playlist Downloader Script   How To Create A Stopwatch In Python   Python TicTacToe with Tk and minimax AI   Deskreen turns any device with a web browser into a secondary screen for your computer   Download Algorithms Book | Dummies Store   OSI Model And TCP/IP Model   How to Fix SSH Failed Permission Denied (publickey,gssapi-keyex,gssapi-with-mic)   What Is Load Balancing? Definition and How It Works   How to Setup FTP Server on Your Raspberry Pi   Download Windows 10 Lite Edition x64 | Direct Link   How To Recover Permanently Deleted Files In Windows 10 ?   How to make Fake Error Message Script in Windows   20 Essential Windows keyboard Shortcuts that will make you forget your mouse   How To Fix The DLL Missing Error In Windows 7 ?   Create Hotspot on Windows 10 in 6 steps   Download Microsoft Office Professional Plus 2016   Download DriverPack Solution Offline | Full   How To Create Simple And Password Protected ZIP File in Linux   2 Ways To Save Terminal Output of a Command in Linux   6 Best Tools to Monitor Disk IO Performance in Linux   Top 15 Best Websites (Blogs) to Learn Linux Online   How to Delete files older than 30 Days in Linux   What is the difference between apt and apt-get command   Fail2Ban Installation & Setup: Ubuntu, CentOS, Fedora & Debian   How to List Running Processes in Linux   How to Use the who Command in Linux with Examples   FOREMOST - Recover Permanently Deleted Files Easily in Kali Linux   Funny Linux Commands to Try   Command line interface guidelines, to help you write better command-line programs ...   How to Install Google Chrome Web Browser on Ubuntu 20.04   Learn Adobe Photoshop | 33 Episode Course   Window Privilege Escalation: Automated Script   Linux Privilege Escalation: Automated Script   How To Retrieve & Decrypt Stored Passwords in Firefox & Chrome Remotely   ACLight: An Advanced Privileged Account Discovery Tool   How to change Lock Screen Background on Kali Linux XFCE   Best 20 Kali Linux Tools For Hacking And Penetration Testing   How to Run Windows Application and Games on Kali Linux   How to run C and C++ programs in Kali Linux   Control Kali Linux PC From any Mobile or Tablet   How to Enable root User Account in Kali Linux   How to Configure Static IP address in Kali Linux   Bash vs ZSH in Kali Linux   [Solved] E: Unable to locate package in Kali Linux   Hosting a Local Website with Domain Name on Kali Linux over WiFi   Install Docker in Kali Linux and Run Other OS   How to Install Kali Linux | A Total Guide to Install Kali Linux   NetHunter Rootless - Official Kali NetHunter for non rooted phones   How to set up own VPN server in 10 minutes on Kali Linux using OpenVPN   Configuring The ProxyChains   Install Python3 in Kali Linux   TempoMail - Command Line Temporary Email in Linux   NIPE - Fully Anonymize Total Kali Linux System   How to Install Google Chrome & Chromium on Kali Linux [Official Method]   15 Best Laptops For Kali Linux & Cyber Security - Check This Before Buy   Volatolity - Digial Forensic Testing of RAM on Kali Linux   Limit the Internet Speed of LAN Users [Evil Limiter]   Find Virtual Machine IP Through Kali Linux - 3 Methods   Privilege Escalation with PowerShell Empire and SETOOLKIT [Kali Linux]   How to use kill, pkill and killall Commands to Kill any Linux Process   20 Useful Tar Commands For Extraction and Compression   Create a Fake AP with DNSMASQ and HOSTAPD [Kali Linux]   How to Fully Anonymize Your Linux System with Tor using Nipe   Hack Windows/Linux using ARCANUS Framework – 100% FUD   Simple and Target Mac Flooding - Kali Linux   Get Free Kali Linux on AWS with Public IP - Real Time Penetration Testing   What’s the difference Between Tails and Tor browser?   Does Tor Hide you From Your ISP? Should I surf internet using Tor ?   Wireshark for Pentester: Decrypting RDP Traffic   Exploit Wi-Fi Vulnerabilities with Routersploit on Termux and Linux   Man in The Middle Attack & How To Prevent it   Masscan - 1000 Times Faster Than NMAP   Wireshark - Shark in Wires | Network Protocol Analyzer in Kali Linux   Wifite - Easy Automated Wireless Attack   WiFi-Pumpkin 3 - Dangerous Access Point   Evil Twin Attack with DNSMASQ - Wireless WPA2-PSK Cracking   Sniffing with Rogue Access Point [DNSMASQ and TCPFLOW]   Hack Wi-Fi Settings of Windows Machine Remotely [After Meterpreter]   Wi-Fi deauthentication attack against 802.11 protocol   Bypass Hidden SSID in a Wireless Network [Full Proof Method]   Crack WPA/WPA2-PSK using Aircrack-ng and Hashcat   Crack WPA2-PSK Wi-Fi with automated python script - FLUXION PART 1   Set Default Version of Python : [SOLVED] update-alternatives: error: no alternatives for p   Python Scripting: Information Gathering and Automating Ethical Hacking   15 Essential Meterpreter Commands Everyone Should Know   Find Vulnerable Webcams with Shodan [Metasploit Framework]   TCP & SYN Scanning with Metasploit Framework without NMAP   Meterpreter Useful Top 60 Commands List   The Web Application Hacker's Handbook 2   Hacking GPS Book   MadCam - Termux Hack Front camera by Sending link   How to Download Files In Termux   IPdrone Termux - Find Location of Person it IP in Termux   ReconDog Termux - Best Reconnaissance Tool For Termux   Termux SSH: Use Termux in Windows Using SSH Server   How to Install and Use Fsociety-Tool In Termux   Termux-YTD : Download Youtube Videos with Termux   Use CMatrix Package Like a Pro   L3MON - Access Android Devices Remotely   Hack Android using Metasploit over LAN/WAN   Ghost Framework - Control Android Devices Remotely   Top 10 Vulnerable Android Applications [Penetration Testing]   Find Hidden Subdomains on Any Website with Subfinder   Blind Sql Injection with Regular Expressions Attack   Useful Google Dorks For Bug Bounty Hunters   HTML5 Security CheatSheet - What your browser does when you look away...   30,000 Sites Is In RISK, The Plus Addons For Elementor WordPress Plugin Hacked   WPScan - Find Vulnerabilities in WordPress Websites on Kali Linux   Wapiti - Automated Vulnerability Scanner   Generate 100% FUD Backdoor with TheFatRat - Windows 10 Exploitation   TheFatRat hacking tool to create undetectable backdoors   How to Make a Keylogger in Python + Code   How to create a keylogger in PowerShell ?   Backdoor Program using Python (Remote Access Explain)   Man in the Middle Attack with Websploit Framework   Hack Windows 10 Remotely over WAN with Metasploit [No Port Forwarding]   15 Powerful Gadgets For Ethical Hackers | Hardware Tools for Hackers   Find Vulnerabilities using NMAP Scripts (NSE)   Free Vulnerability Database And Resources   Firefox Browser Vulnerable to (MITM) Man-in-the-Middle Attack   Find Vulnerabilities in Military Networks By Participating Hack The Army Bug Bounty Progr. 

x32x01

ADMINISTRATOR
Introduction
Intel Security Guard Extensions (SGX) became available with the Skylake processor family. Intel SGX aims to provide an additional security layer that prevents malicious software execution even with admin privileges.

Employing the SGX model in your infrastructure, be it on-premises, public, private, or hybrid cloud, creates a trusted environment for processing sensitive data. PhoenixNAP Bare Metal Cloud offers a range of servers with SGX support.

This article will explain what Intel SGX is, how it works, and its benefits. We'll also show you how to choose a CPU that supports SGX when deploying a BMC server.

heading-image-intel-sgx.png

Requirements for Using Intel SGX​

There are a few requirements for using SGX applications in your infrastructure:
  1. Your machine needs to have an Intel CPU that supports Intel SGX.
  2. The BIOS must have an option to enable SGX.
  3. The Intel SGX option must be set to Enabled or Software Controlled in BIOS, depending on the system. PhoenixNAP BMC servers have this option already enabled.
  4. You must Install the Intel SGX Platform Software package.

What is Intel SGX (Software Guard Extensions) ?​

Intel created Software Guard Extensions to improve data protection and enhance application code security. This CPU-based defense system allows applications to run in private memory space. Therefore, the exposure to inside and outside attacks at runtime is minimal.

Intel SGX allows developers to use CPU instructions to increase access control to:
  • Prevent data modification and deletion.
  • Prevent data disclosure.
  • Enhance code security.
This instruction set of SGX-capable CPUs lets you encrypt portions of memory to guard valuable and sensitive data.

intel-sgx-cpu-memory.png

Such an environment provides a safe space for secrets when other parts of the infrastructure are compromised. This includes BIOS, firmware, root access, virtual machine manager, etc. When an application is protected with Intel SGX, its operation and integrity are unaffected in case of an attack.
The most sensitive data remains inaccessible to any process or user no matter the permission level. The reason is that an application runs inside a trusted memory segment that other processes cannot access.

What is SGX Enclave?

Enclaves are isolated areas of memory with sensitive application data protected by the CPU. The code and data in these memory regions are reachable only within the enclave. Using the Intel SGX SDK, developers create an instruction set to reserve a part of physical memory for this safe environment.
When you run an application inside an enclave, the CPU instantly encrypts it and stores the key. Since the key is inside the CPU, an attacker cannot obtain it by inspecting the system memory.

How Secure are Enclaves?

Enclaves are extremely safe environments for working with data. Access control is imposed inside these trusted memory parts, and not even physical access is sufficient to get hold of the protected data.

sgx-enclave-protection.png

What makes enclaves secure is the automatic hardware encryption. The SGX technology uses the CPU to encrypt the information and store the key inside it. Hence, an external party cannot acquire the key and compromise the data. This means that not even the cloud provider can gain access.
Moreover, once the application exits or instructs the destruction of an enclave, all the information is lost with it.

How Does Intel SGX Work​

When developing an Intel SGX application, the programmer can choose what to enclave. Every SGX application has two parts:
  • Untrusted part
  • Trusted part
The untrusted part is responsible for the enclave creation and system-wide communication. From here, an application calls only the specific trusted functions to access the data.
The trusted part stores the enclave created for processing sensitive data. The code and data are shown in clear text exclusively inside the enclave. The data that a trusted function returns stays in this secure memory area. The CPU rejects all external requests, and the enclave remains protected.
The application then resumes working in the untrusted part where it no longer has the insight into the sensitive data.

sgx-application-enclave-process.png

The application part that receives the secured data is in the untrusted section. An application can store the data outside the enclave once the CPU encrypts it. The encryption key stays in the enclave that contains the decrypting code and necessary algorithm. Therefore, the decryption is only possible on the same system where the data was sealed.

When to Use Intel SGX?

Intel SGX is an excellent tool for any context where confidential computing is a must. As this technology is native to the SGX-enabled CPUs, anyone who needs an additional security layer can use it.

Any industry can take advantage of the SGX capabilities, not only IT:
  • Finance and Insurance
  • Healthcare and social care
  • Military
  • Commerce
Since the data is protected while in use, Intel SGX is suitable for sharing information across multiple organizations. This model improves the control over which data to share, who can see it, for how long, and for what purpose.

Intel SGX Supported CPU​

Starting with the Xeon scalable processors released from the 3rd quarter 2015 onward, all server processors support Intel SGX. Some of them are:
  • Intel® Xeon® E-2288G
  • Intel® Xeon® Gold 6326
  • Intel® Xeon® Platinum 8352Y
Additionally, most desktop and mobile devices with 6th generation Intel Core CPUs support SGX.
To check which Intel CPUs use SGX, refer to the Intel product search page. In the Choose a Filter drop-down menu, scroll down and select Intel® Software Guard Extensions (Intel® SGX).

intel-cpu-search-sgx.png

Note: The system BIOS also needs to support Intel Software Guard Extensions.

How to Enable Intel SGX in BIOS?​

If a CPU and system BIOS support Intel SGX, then you can enable it. Use the corresponding key to enter the BIOS, depending on the manufacturer.
These are the possible SGX settings in BIOS:
  • Disabled. The default setting for the Intel SGX option. In this mode, applications cannot enable SGX.
  • Enabled. Applications can use Intel SGX. Makes sure the PRMRR configuration is correct for your system.
  • Software Controlled. Allows an application to instruct BIOS to enable SGX automatically.
In some UEFI BIOS interfaces, the SGX is located under Advanced -> CPU configuration.

intel-sgx-bios-option-1024x540.png

Some legacy BIOS interfaces have the Intel SGX option in the Configuration menu.

legacy-bios-sgx-option.png

Should I Disable SGX?​

The Intel SGX option is usually disabled by default. You can leave the settings at the default values. However, if you are using SGX applications, you must not disable this option in BIOS.
On the other hand, when the SGX option is enabled in BIOS, and you do not use SGX Applications or do not intend to, the feature may be disabled.

Intel SGX Benefits​

There are many benefits to using Intel Software Guard Extensions. The obvious one is the increased security of sensitive and mission-critical data.
With Intel SGX, the information that needs to be verified can reside on the machine instead of sending it to a remote server. This includes biometric and other authentication data. Intel SGX protects from advanced threats that compromise BIOS, system components, and user profiles with root permissions.
Furthermore, data sealing provides the necessary protection of intellectual property even outside enclaves. The key for decoding the confidential data is in the trusted memory so that external access is blocked.

This model allows seamless horizontal scaling. As business demands rise, new machines can join the pool without disruption. Before becoming a part of the trusted server cluster, the nodes are verified to have the proper security level.
 
Top