{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T22:35:51Z","timestamp":1777761351045,"version":"3.51.4"},"reference-count":88,"publisher":"Emerald","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,7,13]]},"abstract":"This manuscript is the second in a two part survey and analysis of the state of the art in secure processor systems, with a specific focus on remote software attestation and software isolation. The first part established the taxonomy and prerequisite concepts relevant to an examination of the state of the art in trusted remote computation: attested software isolation containers (enclaves). This second part extends Part I\u2019s description of Intel\u2019s Software Guard Extensions (SGX), an available and documented enclave-capable system, with a rigorous security analysis of SGX as a system for trusted remote computation. This part documents the authors\u2019 concerns over the shortcomings of SGX as a secure system and introduces the MIT Sanctum processor developed by the authors: a system designed to offer stronger security guarantees, lend itself better to analysis and formal verification, and offer a more straightforward and complete threat model than the Intel system, all with an equivalent programming model.<\/jats:p>\n This two part work advocates a principled, transparent, and well-scrutinized approach to system design, and argues that practical guarantees of privacy and integrity for remote computation are achievable at a reasonable design cost and performance overhead.<\/jats:p>","DOI":"10.1561\/1000000052","type":"journal-article","created":{"date-parts":[[2017,7,13]],"date-time":"2017-07-13T06:29:30Z","timestamp":1499927370000},"page":"249-361","source":"Crossref","is-referenced-by-count":16,"title":["Secure Processors Part II: Intel SGX Security Analysis and MIT Sanctum Architecture"],"prefix":"10.1108","volume":"11","author":[{"given":"Victor","family":"Costan","sequence":"first","affiliation":[{"name":"Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory,"}]},{"given":"Ilia","family":"Lebedev","sequence":"additional","affiliation":[{"name":"Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory,"}]},{"given":"Srinivas","family":"Devadas","sequence":"additional","affiliation":[{"name":"Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory,"}]}],"member":"140","published-online":{"date-parts":[[2017,7,13]]},"reference":[{"key":"2026032901222292800_ref001","unstructured":"Linux kernel\n : CVE security vulnerabilities, versions and detailed reports. http:\/\/www.cvedetails.com\/product\/47\/Linux-Linux-Kernel.html?vendor_id=33, 2014a. [Online; accessed 27-April-2015]."},{"key":"2026032901222292800_ref002","unstructured":"XEN\n : CVE security vulnerabilities, versions and detailed reports. http:\/\/www.cvedetails.com\/product\/23463\/XEN-XEN.html?vendor_id=6276, 2014b. [Online; accessed 27-April-2015]."},{"key":"2026032901222292800_ref003","unstructured":"Xen project software overview\n . http:\/\/wiki.xen.org\/wiki\/Xen_Project_Software_Overview, 2015. [Online; accessed 27-April-2015]."},{"key":"2026032901222292800_ref004","article-title":"Innovative technology for CPU based attestation and sealing","author":"Anati"},{"key":"2026032901222292800_ref005","unstructured":"Sebastian\n Anthony\n \n . Who actually develops Linux? the answer might surprise you. http:\/\/www.extremetech.com\/computing\/175919-who-actually-develops-linux, 2014. [Online; accessed 27-April-2015]."},{"key":"2026032901222292800_ref006","doi-asserted-by":"crossref","unstructured":"Gorka\n Irazoqui Apecechea\n , MehmetSinan Inci, ThomasEisenbarth, and BerkSunar. Fine grain cross-VM attacks on Xen and VMware are possible! Cryptology ePrint Archive, Report 2014\/248, 2014. http:\/\/eprint.iacr.org\/.","DOI":"10.1109\/BDCloud.2014.102"},{"key":"2026032901222292800_ref007","volume-title":"Cache timing attacks","author":"Banescu","year":"2011"},{"key":"2026032901222292800_ref008","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1007\/11894063_16","volume-title":"Cryptographic Hardware and Embedded Systems-CHES 2006","author":"Bonneau","year":"2006"},{"key":"2026032901222292800_ref009","volume-title":"Hardening inter-device secure communication using physically unclonable functions","author":"Brickell","year":"2014"},{"key":"2026032901222292800_ref010","volume-title":"Enhanced privacy ID from bilinear pairing","author":"Brickell","year":"2009"},{"key":"2026032901222292800_ref011","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1007\/978-3-642-23822-2_20","volume-title":"Computer Security-ESORICS 2011","author":"Brumley","year":"2011"},{"issue":"5","key":"2026032901222292800_ref012","doi-asserted-by":"crossref","first-page":"701","DOI":"10.1016\/j.comnet.2005.01.010","article-title":"Remote timing attacks are practical","volume":"48","author":"Brumley","year":"2005","journal-title":"Computer Networks"},{"key":"2026032901222292800_ref013","first-page":"106","article-title":"Universal classes of hash functions","author":"Lawrence Carter"},{"key":"2026032901222292800_ref014","first-page":"5","article-title":"Linux kernel vulnerabilities: State-of-the-art defenses and open problems","author":"Chen"},{"key":"2026032901222292800_ref015","first-page":"1","article-title":"Security challenges and opportunities in adaptive and reconfigurable hardware","author":"Costan"},{"key":"2026032901222292800_ref016","volume-title":"Intel SGX explained","author":"Costan","year":"2016"},{"key":"2026032901222292800_ref017","doi-asserted-by":"crossref","DOI":"10.1561\/9781680833010","article-title":"Secure processors part I: Background, taxonomy for secure enclaves and Intel SGX architecture","volume-title":"FnTEDA","author":"Costan","year":"2017"},{"key":"2026032901222292800_ref018","article-title":"SGX: the good, the bad and the downright ugly","volume-title":"Virus Bulletin","author":"Davenport","year":"2014"},{"issue":"6","key":"2026032901222292800_ref019","doi-asserted-by":"crossref","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","article-title":"New directions in cryptography","volume":"22","author":"Diffie","year":"1976","journal-title":"Information Theory, IEEE Transactions on"},{"issue":"4","key":"2026032901222292800_ref020","first-page":"35","article-title":"Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks","volume":"8","author":"Domnitser","year":"2012","journal-title":"ACM Transactions on Architecture and Code Optimization (TACO)"},{"key":"2026032901222292800_ref021","article-title":"Using CPU system management mode to circumvent operating system security functions","volume-title":"CanSecWest\/core06","author":"Duflot","year":"2006"},{"key":"2026032901222292800_ref022","article-title":"Cloaking malware with the trusted platform module","author":"Dunn"},{"key":"2026032901222292800_ref023","article-title":"SMM rootkit: a new breed of OS independent malware","volume-title":"Security and Communication Networks","author":"Embleton","year":"2010"},{"key":"2026032901222292800_ref024","first-page":"190","article-title":"Iso-X: A flexible architecture for hardware-managed isolated execution","author":"Evtyushkin"},{"key":"2026032901222292800_ref025","first-page":"3","article-title":"A secure processor architecture for encrypted computation on untrusted programs","author":"Fletcher"},{"key":"2026032901222292800_ref026","first-page":"148","article-title":"Silicon physical random functions","author":"Gassend"},{"key":"2026032901222292800_ref027","first-page":"182","article-title":"Towards a theory of software protection and simulation by oblivious RAMs","author":"Goldreich"},{"key":"2026032901222292800_ref028","volume-title":"Secure provisioning of secret keys during integrated circuit manufacturing","author":"Gotze","year":"2014"},{"key":"2026032901222292800_ref029","volume-title":"Fuse attestation to secure the provisioning of secret keys during integrated circuit manufacturing","author":"Gotze","year":"2014"},{"key":"2026032901222292800_ref030","volume-title":"Dynamics ofa Trusted Platform: A building block approach","author":"Grawrock","year":"2009"},{"key":"2026032901222292800_ref031","first-page":"382","article-title":"Quick verification of RSA signatures","author":"Gueron"},{"key":"2026032901222292800_ref032","volume-title":"A memory encryption engine suitable for general purpose processors","author":"Gueron","year":"2016"},{"key":"2026032901222292800_ref033","doi-asserted-by":"crossref","article-title":"Using innovative instructions to create trustworthy software solutions","author":"Hoekstra","DOI":"10.1145\/2487726.2488370"},{"key":"2026032901222292800_ref034","volume-title":"Seriously, get off my cloud! cross-VM RSA key recovery in a public cloud","author":"Sinan Inci","year":"2015"},{"key":"2026032901222292800_ref035","volume-title":"Software Guard Extensions Programming Reference","year":"2013"},{"key":"2026032901222292800_ref036","volume-title":"Software Guard Extensions Programming Reference","year":"2014"},{"key":"2026032901222292800_ref037","volume-title":"Intel\u00ae Software Guard Extensions (Intel\u00ae SGX)","year":"2015"},{"key":"2026032901222292800_ref038","volume-title":"Intel@ 64 and IA-32 Architectures Software Developer\u2019s Manual","year":"2015"},{"key":"2026032901222292800_ref039","unstructured":"Simon\n Johnson\n , VinnieScarlata, CarlosRozas, ErnieBrickell, and FrankMckeen. Intel\u00ae software guard extensions: EPID provisioning and attestation services. https:\/\/software.intel.com\/en-us\/blogs\/2016\/03\/09\/intel-sgx-epid-provisioning-and-attestation-services, Mar2016. [Online; accessed 21-Mar-2016]."},{"key":"2026032901222292800_ref040","volume-title":"Technique for supporting multiple secure enclaves","author":"Johnson","year":"2010"},{"issue":"4","key":"2026032901222292800_ref041","doi-asserted-by":"crossref","first-page":"338","DOI":"10.1145\/138873.138876","article-title":"Page placement algorithms for large real-indexed caches","volume":"10","author":"Kessler","year":"1992","journal-title":"ACM Transactions on Computer Systems (TOCS)"},{"key":"2026032901222292800_ref042","first-page":"361","article-title":"Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors","author":"Kim"},{"key":"2026032901222292800_ref043","first-page":"207","article-title":"seL4: Formal verification of an OS kernel","author":"Klein"},{"key":"2026032901222292800_ref044","first-page":"104","volume-title":"Advances in Cryptology-CRYPTO\u201996","author":"Kocher","year":"1996"},{"key":"2026032901222292800_ref045","first-page":"25","article-title":"Deconstructing new cache designs for thwarting software cache-based side channel attacks","author":"Kong"},{"key":"2026032901222292800_ref046","volume-title":"Generic debug eXternal connection (GDXC) for high integration integrated circuits","author":"Kurts","year":"2011"},{"key":"2026032901222292800_ref047","article-title":"Inferring fine-grained control flow inside SGX enclaves with branch shadowing","volume":"abs\/1611.06952","author":"Lee","year":"2016","journal-title":"CoRR"},{"key":"2026032901222292800_ref048","first-page":"199","article-title":"A 45nm 1.3 GHz 16.7 double-precision GFLOPS\/w RISC-V processor with vector accelerators","author":"Lee"},{"key":"2026032901222292800_ref049","first-page":"367","article-title":"Gaining insights into multicore cache partitioning: Bridging the gap between simulation and real systems","author":"Lin"},{"key":"2026032901222292800_ref050","first-page":"203","article-title":"Random fill cache architecture","author":"Liu"},{"key":"2026032901222292800_ref051","first-page":"143","article-title":"Lastlevel cache side-channel attacks are practical","author":"Liu"},{"key":"2026032901222292800_ref052","doi-asserted-by":"crossref","DOI":"10.1109\/HPCA.2016.7446082","article-title":"CATalyst: Defeating last-level cache side channel attacks in cloud computing","volume-title":"HPCA","author":"Liu","year":"2016"},{"key":"2026032901222292800_ref053","first-page":"332","article-title":"Low-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs","volume-title":"Cryptographic Hardware and Embedded Systems (CHES)","author":"Maes","year":"2009"},{"key":"2026032901222292800_ref054","doi-asserted-by":"crossref","article-title":"Reverse engineering Intel last-level cache complex addressing using performance counters","author":"Maurice","DOI":"10.1007\/978-3-319-26362-5_3"},{"key":"2026032901222292800_ref055","volume-title":"Method and apparatus to provide secure application execution","author":"McKeen","year":"2009"},{"key":"2026032901222292800_ref056","first-page":"10","article-title":"Innovative instructions and software model for isolated execution","volume":"13","author":"McKeen","year":"2013","journal-title":"HASP"},{"key":"2026032901222292800_ref057","unstructured":"MIT\n . Reference implementation of a Sanctum security monitor. https:\/\/github.com\/pwnall\/sanctum, 2017. [Online; accessed 1-Jan-2017]."},{"key":"2026032901222292800_ref058","volume-title":"The spy in the sandbox - practical cache attacks in JavaScript","author":"Oren","year":"2015"},{"key":"2026032901222292800_ref059","article-title":"Reverse engineering intel DRAM addressing and exploitation","volume":"abs\/1511.08756","author":"Pessl","year":"2015","journal-title":"CoRR"},{"key":"2026032901222292800_ref060","first-page":"442","article-title":"Making worst case execution time analysis for hard real-time tasks on state of the art processors feasible","author":"Petters"},{"key":"2026032901222292800_ref061","first-page":"199","article-title":"Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds","author":"Ristenpart"},{"key":"2026032901222292800_ref062","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4302-6572-6","volume-title":"Platform Embedded Security Technology Revealed","author":"Ruan","year":"2014"},{"key":"2026032901222292800_ref063","volume-title":"Thoughts on Intel\u2019s upcoming software guard extensions (part 2)","author":"Rutkowska","year":"2013"},{"key":"2026032901222292800_ref064","article-title":"Preventing and detecting Xen hypervisor subversions","volume-title":"Blackhat Briefings USA","author":"Rutkowska","year":"2008"},{"key":"2026032901222292800_ref065","first-page":"187","article-title":"The ZCache: Decoupling ways and associativity","author":"Sanchez"},{"key":"2026032901222292800_ref066","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1145\/2024723.2000073","article-title":"Vantage: scalable and efficient fine-grain cache partitioning","volume":"39","author":"Sanchez","year":"2011","journal-title":"ACM SIGARCH Computer Architecture News"},{"key":"2026032901222292800_ref067","unstructured":"Mark\n Seaborn\n and ThomasDullien. Exploiting the DRAM rowhammer bug to gain kernel privileges. http:\/\/googleprojectzero.blogspot.com\/2015\/03\/exploiting-dram-rowhammer-bug-to-gain.html, Mar2015. [Online; accessed 9-March-2015]."},{"key":"2026032901222292800_ref068","volume-title":"Protecting information processing system secrets from debug attacks","author":"Shanbhogue","year":"2015"},{"key":"2026032901222292800_ref069","first-page":"299","article-title":"Path ORAM: An extremely simple oblivious ram protocol","author":"Stefanov"},{"key":"2026032901222292800_ref070","first-page":"9","article-title":"Physical unclonable functions for device authentication and secret key generation","author":"Edward Suh"},{"key":"2026032901222292800_ref071","first-page":"160","article-title":"AEGIS: architecture for tamper-evident and tamper-resistant processing","author":"Edward Suh"},{"key":"2026032901222292800_ref072","article-title":"Design and Implementation of the aegis Single-Chip Secure Processor Using Physical Random Functions","author":"Edward Suh"},{"issue":"2SI","key":"2026032901222292800_ref073","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1145\/325096.325161","article-title":"The TLB slice - a low-cost high-speed address translation mechanism","volume":"18","author":"Taylor","year":"1990","journal-title":"SIGARCH Computer Architecture News"},{"key":"2026032901222292800_ref074","article-title":"Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX","volume":"abs\/1705.07289","author":"Wang","year":"2017","journal-title":"CoRR"},{"key":"2026032901222292800_ref075","first-page":"494","article-title":"New cache designs for thwarting software cache-based side channel attacks","author":"Wang"},{"key":"2026032901222292800_ref076","volume-title":"The RISC-V instruction set manual, volume I: User-level ISA, version 2.0","author":"Waterman","year":"2014"},{"key":"2026032901222292800_ref077","volume-title":"The RISC-V instruction set manual volume II: Privileged architecture version 1.7","author":"Waterman","year":"2015"},{"issue":"66","key":"2026032901222292800_ref078","article-title":"A real SMM rootkit: Reversing and hooking BIOS SMI handlers","volume":"13","author":"Wecherowski","year":"2009","journal-title":"Phrack Magazine"},{"issue":"3","key":"2026032901222292800_ref079","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1016\/0022-0000(81)90033-7","article-title":"New hash functions and their use in authentication and set equality","volume":"22","author":"Wegman","year":"1981","journal-title":"Journal of Computer and System Sciences"},{"key":"2026032901222292800_ref080","article-title":"Attacking SMM memory via Intel CPU cache poisoning","volume-title":"Invisible Things Lab","author":"Wojtczuk","year":"2009"},{"key":"2026032901222292800_ref081","article-title":"Attacking Intel trusted execution technology","volume-title":"Black Hat DC","author":"Wojtczuk","year":"2009"},{"key":"2026032901222292800_ref082","volume-title":"Attacking intel txt via sinit code execution hijacking","author":"Wojtczuk","year":"2011"},{"key":"2026032901222292800_ref083","article-title":"Another way to circumvent Intel\u00ae trusted execution technology","volume-title":"Invisible Things Lab","author":"Wojtczuk","year":"2009"},{"key":"2026032901222292800_ref084","doi-asserted-by":"crossref","article-title":"Controlled-channel attacks: Deterministic side channels for untrusted operating systems","author":"Xu","DOI":"10.1109\/SP.2015.45"},{"key":"2026032901222292800_ref085","first-page":"448","article-title":"Flush+Reload: a high resolution, low noise, L3 cache side-channel attack","volume":"2013","author":"Yarom","year":"2013","journal-title":"IACR Cryptology ePrint Archive"},{"key":"2026032901222292800_ref086","volume-title":"Mapping the Intel last-level cache","author":"Yarom","year":"2015"},{"key":"2026032901222292800_ref087","first-page":"79","article-title":"Native client: A sandbox for portable, untrusted x86 native code","author":"Yee"},{"key":"2026032901222292800_ref088","first-page":"264","article-title":"A fully integrated multi-CPU, GPU and memory controller 32nm processor","author":"Yuffe"}],"container-title":["Foundations and Trends\u00ae in Electronic Design Automation"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/fteda\/article-pdf\/11\/3\/249\/10913164\/1000000052en.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/fteda\/article-pdf\/11\/3\/249\/10913164\/1000000052en.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T14:13:38Z","timestamp":1777472018000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/fteda\/article\/11\/3\/249\/1321569\/Secure-Processors-Part-II-Intel-SGX-Security"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,7,13]]},"references-count":88,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2017,7,13]]}},"URL":"https:\/\/doi.org\/10.1561\/1000000052","relation":{},"ISSN":["1551-3939","1551-3947"],"issn-type":[{"value":"1551-3939","type":"print"},{"value":"1551-3947","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,7,13]]}}}