Designing a Provenance Analysis for SGX Enclaves. (arXiv:2206.07418v1 [cs.CR])

Intel SGX enables memory isolation and static integrity verification of code
and data stored in user-space memory regions called enclaves. SGX effectively
shields the execution of enclaves from the underlying untrusted OS. Attackers
cannot tamper nor examine enclaves' content. However, these properties equally
challenge defenders as they are precluded from any provenance analysis to infer
intrusions inside SGX enclaves. In this work, we propose SgxMonitor, a novel
provenance analysis to monitor and identify anomalous executions of enclave
code. To this …

analysis sgx