A feasibility study of KryptoGuard™ brand leveraging Intel® SGX using SQLite
In the last post I mentioned I will take a scenario to explain how KryptoGuard™ brand leverages Intel® SGX to better protect sensitive data. This post is dedicated towards just that.
As part of the feasibility study, I wanted to take a database application and provide it the security and benefit of running in the context of an Intel® SGX enclave. I chose a database software because, more often than not, that's were sensitive data find's its home. And within that, I chose SQLite for a proof of concept because, it makes for a perfect fit, as it is one of the light weight, low foot print open database that has withstood the test of time.
The very nature of doing anything security centric dictates opting for the smallest possible attack surface. Intel® SGX provides that at hardware level by reducing the attack surface to CPU boundary. It makes sense for us to follow suite by doing the same at software level as well. And for that SQLite makes for a good candidate.
To be able to store certain kinds of sensitive data, businesses are required to abide by relevant regulations. And encryption becomes a mandatory requirement in such cases. It so happens, Intel® SGX's in-built cryptography can be leveraged to enforce that requirement more easily. Leveraging it not only helps meet a need, it also helps make the process simpler. To that end I wanted to enlist Intel® SGX's FS API to demonstrate how easy it is to encrypt and secure a database and SQLite design was a seamless fit to demonstrate that as well.
Intel® SGX provides PSW and SDK software to exercise its hardware feature. SQLite design made it easier for me to use both of their software in a mutually complimentary way to show the added security enjoyed by an SQLite database while storing, loading and processing sensitive data, all within an enclave, out of reach from any other layers of software, including higher privilege software! To state for clarity, I refer to SQLite software running within an enclave, powered by Intel® SGX, as trusted SQLite and otherwise as classic SQLite.
It is important to note that the database created with trusted SQLite can only be reopened and processed by trusted SQLite. Thus it enjoys all the security provided by Intel® SGX. For example, that database cannot be opened in a hex editor to get to its content in obtuse ways because of it being encrypted (leveraging Intel® SGX in our case) along with other Intel® SGX features like sealing, as and when appropriate.
Also, if a classic SQLite database were to be reopened in the same environment, it is susceptible to memory scrapping attacks. Where as, a trusted SQLite database, which can only be loaded within the same trusted environment is not susceptible to similar attacks. This is because, sensitive database data are earmarked as Intel® SGX resources when loaded by trusted SQLite. Hardware level access control checks are applied to such resources upon its access in memory. So, when a memory scrapper software tries to access it, hardware level access checks by Intel® SGX forbids such software from gaining access to the sensitive data irrespective of the privilege at which the scrapper runs, as it is not a code running within the expected enclave to pass those checks.
As you might have inferred from the above, Intel® SGX not only protects data in-memory at hardware level, it also provides the added benefit of making data at rest protection simpler in this case! This should fairly explain why I chose SQLite to demonstrate the use of Intel® SGX in protecting sensitive data, which aligns with our KryptoGuard™ brand goals and the use cases we target.
In our previous post I talked about leveraging Intel® SGX towards data loss prevention. In this post I will talk about the relevance of Intel® SGX to our KryptoGuard™ Brand.
KryptoGuard™ brand is currently focused on providing services towards enhancing data security, leveraging the latest technologies. This also sets the stage towards delivering products focused on data loss prevention. To that end, we have already covered some of the use cases KryptoGuard™ brand targets.
We expect our potential clients/customers to handle sensitive data like payment card data, health information, personally identifiable information(PII), all of which are required to abide by varied regulations. In an earlier post we talked about how PCI-DSS is woefully inadequate in enforcing in-memory requirements for payment card data, which is a frequent target.
Sensitive and/or confidential data could use more sophisticated technologies to better protect them. Intel® SGX makes for a perfect candidate to capitalize on to accomplish just that. Not only can sensitive data be earmarked as resources for secure access within Intel® SGX's enclave, access control checks to enforce that restriction is performed at hardware level thus forbidding compromised software at any other layer, including higher privilege software from accessing those resources. This helps protect sensitive data from infractions which target that data while it is being processed, a stage where it is most vulnerable because of lack of maturity in current protection systems to better handle this stage.
To top it, Intel® SGX also provides relatively seamless and easy ways to encrypt sensitive data before it is stored on disk. Cryptography key maintenance which would otherwise be a hassle is alleviated by its in-built cryptography feature that could be leveraged towards protecting sensitive data at rest.
As you might have realized by now, all of this is very conducive for our KryptoGuard™ targeted use cases ! In a future post, possibly next, I will take a scenario to better explain how we were able to use Intel® SGX towards better protecting sensitive data as it is being generated and processed.
Leveraging Intel® SGX towards Data Loss Prevention
Data Loss Prevention software have a lot to gain from creatively and innovatively leveraging hardware technologies. Intel® SGX is one such technology in Intel's hardware enabled security product line.
What is Intel® SGX?
Intel® SGX provides a hardware assisted trusted execution environment, an enclave, within which select code and data can run in a secure way. It provides the smallest possible attack surface, the CPU boundary.
Widely Covered Usecase:
There has been much talk about leveraging Intel® SGX in secure remote computation wherein a remote entity, possibly in the cloud, establishes a trusted computing environment, in this case by leveraging Intel® SGX. It then establishes an identity for the trusted environment. Once that identity is attested, this remote entity becomes eligible to receive secrets from its owner. The provisioned secret is then ready for secure processing in the remote environment but within a trusted enclave.
Intel® SGX for Data Loss Prevention:
Because of currently prevalent cloud services, remote secure computation use case has gained significant focus, with Intel® itself possibly having designed several aspects of SGX with that in mind. This sole focus however, overlooks a wealth of creative ways in which the SGX CPU feature set extensions itself could be leveraged, DLP software being one such area.
It's core feature, to earmark select code and data for execution in a hardened environment were access control checks enforced at hardware level prevents those earmarked resources from being accessed by other layers of software, however privileged it be, makes for a perfect fit for DLP software.
Watch out for further discussion, proof of concept and more to demonstrate successful use of Intel® SGX towards DLP.
Founder of KryptoGuard™ technology initiative, product and services.