This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
dido:public:ra:xapend:xapend.a_glossary:s:sgx [2021/07/26 14:34] murphy |
dido:public:ra:xapend:xapend.a_glossary:s:sgx [2021/10/04 11:57] (current) 52.45.51.99 ↷ Links adapted because of a move operation |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ===== Software Guard Extensions (SGX) ===== | ===== Software Guard Extensions (SGX) ===== | ||
| - | [[dido:public:ra:xapend:xapend.a_glossary| Return to Glossary ]] | + | [[dido:public:ra:xapend:xapend.a_glossary:start| Return to Glossary ]] |
| **Software Guard Extensions (SGX)** is a sophisticated technology, but at its core, it is effectively a set of instructions for a [[dido:public:ra:xapend:xapend.a_glossary:c:cpu]] that is used by [[dido:public:ra:xapend:xapend.a_glossary:a:application|applications]] to isolate specific, trusted regions of code and data. It provides a secure enclave for developers to protect sensitive data or code from outside interference or inspection. | **Software Guard Extensions (SGX)** is a sophisticated technology, but at its core, it is effectively a set of instructions for a [[dido:public:ra:xapend:xapend.a_glossary:c:cpu]] that is used by [[dido:public:ra:xapend:xapend.a_glossary:a:application|applications]] to isolate specific, trusted regions of code and data. It provides a secure enclave for developers to protect sensitive data or code from outside interference or inspection. | ||
| - | Code that runs in a [[dido:public:ra:xapend:xapend.a_glossary:t:tee]] using SGX can produce a signed attestation from within a platform or application that is rooted in the processor and provides authentication that the code has been correctly initialized in a trusted environment. This feature has significant implications for the functionality of [[dido:public:ra:xapend:xapend.k_consensus:02_mechanism:poet]] consensus, but also creates an inherent barrier to entry and limitation to its uses. | + | Code that runs in a [[dido:public:ra:xapend:xapend.a_glossary:t:tee]] using SGX can produce a signed attestation from within a [[dido:public:ra:xapend:xapend.a_glossary:p:platform|platform]] or application that is rooted in the [[dido:public:ra:xapend:xapend.a_glossary:p:start|processor]] and provides [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] that the code has been correctly initialized in a trusted environment. This feature has significant implications for the functionality of [[dido:public:ra:xapend:xapend.k_consensus:02_mechanism:poet]] consensus, but also creates an inherent barrier to entry and limitation to its uses. |
| The memory where the protected code is stored in SGX is even safe from malicious users who control physical access to a platform and have the highest authentication to access its memory. As a [[dido:public:ra:xapend:xapend.a_glossary:a:applicationsecurity|security feature]], SGX was received with significant expectations due to the potential security afforded by this ability. | The memory where the protected code is stored in SGX is even safe from malicious users who control physical access to a platform and have the highest authentication to access its memory. As a [[dido:public:ra:xapend:xapend.a_glossary:a:applicationsecurity|security feature]], SGX was received with significant expectations due to the potential security afforded by this ability. | ||