Software Guard Extensions or “SGX” is a hardware enforced security system that encrypts data stored to protected regions of memory. The data stored in such memory is decrypted by resources in the processor just prior to being processed. SGX provides protection against both software and hardware attacks. More specifically, SGX provides confidentiality, integrity and replay protection to data resident in architecturally protected memory locations (“enclave data”) while the data remains resident in platform memory. The on-chip boundary forms a natural security boundary, where data and code is stored in plaintext and assumed secure. While SGX defines the architecture to secure computation of an application on the CPU and its associated data while resident in the platform memory, for many use cases the application requires user interaction to receive input, process the received input, and generate output. Hence, in order to provide end-to-end security, the input and output sessions must be protected along with the computation.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications and variations thereof will be apparent to those skilled in the art.