Innovative Technology for CPU Based Attestation and Sealing

Ittai Anati, Shay Gueron, Simon Johnson, Vincent Scarlata

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Intel is developing the Intel® Software Guard Extensions (Intel® SGX) technology, an extension to Intel® Architecture for generating protected software containers. The container is referred to as an enclave. Inside the enclave, software’s code, data, and stack are protected by hardware enforced access control policies that prevent attacks against the enclave’s content. In an era where software and services are deployed over the Internet, it is critical to be able to securely provision enclaves remotely, over the wire or air, to know with confidence that the secrets are protected and to be able to save secrets in non-volatile memory for future use. This paper describes the technology components that allow provisioning of secrets to an enclave. These components include a method to generate a hardware based attestation of the software running inside an enclave and a means for enclave software to seal secrets and export them outside of the enclave (for example store them in non-volatile memory) such that only the same enclave software would be able un-seal them back to their original form.
Original languageEnglish
Title of host publicationHASP '13
Subtitle of host publicationProceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
StatePublished - 2013


Dive into the research topics of 'Innovative Technology for CPU Based Attestation and Sealing'. Together they form a unique fingerprint.

Cite this