Implementação de criptografia de disco com ambiente de execução confiável Intel Software Guard Extensions (INTEL SGX)

Abstract

With the evolution of computer systems used by organizations and by users, the amount of confidential data to be stored and the number of threats on these data grow up too. In this scenario, Intel launched in late 2015, along with its line of 6th generation processors (Skylake), the Software Guard Extensions (Intel SGX) technology, which provides security mechanisms for code execution within a protected area in software, called enclave, allowing developers to integrate it with their systems. In the mechanisms provided, the technology has a resource for sealing the data that are in the enclave, allowing they to be stored in a secure way, using a unique encryption key, generated and maintained by the processor, with information from it and the enclave. However, ensuring data security across all computing systems is a complex process. The present work makes use of the data sealing feature, provided by the Intel SGX technology, for file encryption, creating a virtual file system where applications can store their data and have the security guarantees provided by the Intel SGX technology, so that, when the storage media is compromised, the data is safe. To validate the proposal, the Cryptomator software is integrated with an enclave for data sealing. The results demonstrate that the solution is feasible, in terms of performance and security, and can be expanded and refined for practical use.