The Intel Software Guard Extensions (SGX) is a new technology introduced to make secure and trustworthy computing in a hostile environment practical. However, SGX is merely just a set of instructions. Its software support that includes the OS support, toolchain and libraries, is currently developed in a closed manner, limiting its impact only within the boundary of big companies such as Intel and Microsoft. Meanwhile, SGX does not automatically secure everything and it still faces various attacks such as controlled-side channel and enclave memory corruption.
This research investigates how to enable application developers to securely use the SGX instructions, with an open source software support including a toolchain, programming abstractions (e.g., library), and operating system support (e.g., kernel modules). In addition, this research systematically explores the systems and software defenses necessary to secure the SGX programs from the enclave itself and defeat the malicious use of SGX from the underlying OS.