Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

University researchers work diligently to keep the internet community safe

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

January 5, 2017

Intel's Software Guard Extensions (SGX) started rolling in Skylake processors in October 2015, but they have a few limitations-- insecure I/O like keyboards or USB drives could provide a vector by which sensitive user data could be greatly compromised.

Two research scientists from Austria's Graz University of Technology assert that they solved that security issue with a simple add-on script that creates protected I/O paths on top of the SGX implementation.

Instead of the handful of I/O technologies directly protected by SGX, most of which have to do with DRM rather than user security, the technology proposed in Samuel Weiser and Mario Werner's whitepaper, SGXIO, is a generic trusted I/O that can be applied to things like keyboards, USB devices, etc.

And we're not even talking just esoteric technology that might calm people running cloud apps on multi-tenant infrastructure.

The Weiser/Werner proposal would create an SGX-supported trusted path all the way to a remote user's browser to protect an online banking session for example, while providing at the same time attestation mechanisms to enable the bank as well as the user to verify that trusted paths are established and functional.

The shortcoming SGXIO is trying to fix is that SGX's threat model considers everything outside itself a security threat. Which by design is a good thing, by the way.

The usual approach for trusted paths is to always utilize encrypted interfaces, by the way. The white paper mentions the Protected Audio Video Path (PAVP), but that's a DRM-specific example, and most I/O devices don't encrypt anything. That's just the way things work.

So SGXIO is a direct solution to add a generic trusted path to the SGX environment and with that trusted path reaching to the end user environment, it's an attempt to protect an application from bad things such as keyloggers that a potential hackaer could have installed on a victim's PC.

The whitepaper illustrates this process like this-- a typical implementation wouldn't be seamless. The SGXIO paper provides a rather large instruction set as to the application design, enclave programming (fortunately something Intel provides resources for), driver design, and hypervisor choices.

For example, application developers have to work with a key exchange mechanism (Diffie-Hellman is supported, and SGXIO offers its own lightweight key protocol). For hypervisors, the paper suggests the seL4 microkernel.

Originally developed by Australia's NICTA and now handled by the CSIRO Data61 project, seL4 is a mathematically verified software kernel that was published as open source software about 2 1/2 years ago.

It's estimated that SGXIO will get its first public airing at the CODASPY'17 Conference in March being held in Scottsdale, Arizona.

Source: The Graz University of Technology in Austria.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer