Leveraging Intel® SGX towards Data Loss Prevention
Data Loss Prevention software have a lot to gain from creatively and innovatively leveraging hardware technologies. Intel® SGX is one such technology in Intel's hardware enabled security product line.
What is Intel® SGX?
Intel® SGX provides a hardware assisted trusted execution environment, an enclave, within which select code and data can run in a secure way. It provides the smallest possible attack surface, the CPU boundary.
Widely Covered Usecase:
There has been much talk about leveraging Intel® SGX in secure remote computation wherein a remote entity, possibly in the cloud, establishes a trusted computing environment, in this case by leveraging Intel® SGX. It then establishes an identity for the trusted environment. Once that identity is attested, this remote entity becomes eligible to receive secrets from its owner. The provisioned secret is then ready for secure processing in the remote environment but within a trusted enclave.
Intel® SGX for Data Loss Prevention:
Because of currently prevalent cloud services, remote secure computation use case has gained significant focus, with Intel® itself possibly having designed several aspects of SGX with that in mind. This sole focus however, overlooks a wealth of creative ways in which the SGX CPU feature set extensions itself could be leveraged, DLP software being one such area.
It's core feature, to earmark select code and data for execution in a hardened environment were access control checks enforced at hardware level prevents those earmarked resources from being accessed by other layers of software, however privileged it be, makes for a perfect fit for DLP software.
Watch out for further discussion, proof of concept and more to demonstrate successful use of Intel® SGX towards DLP.
Founder of KryptoGuard™ technology initiative, product and services.