SGX Talk - Ruslan Bukin
- Enclave Page Cache - memory for enclaves (part of DRAM)
- FreeBSD kernel driver
- Userspace SDK
- Use cases: cloud providers
- Extant side channel attacks against SGX
- What should the ideal SDK look like? Do we run FreeBSD binaries in the enclave?
ARMv8.1-v8.3 - Andy Turner, Mark Rutland
- Added support for Execute Never bits (PXN, UXN)
- Added support for PAN - prevents kernel accessing memory except through specific instructions
- UAO not needed on FreeBSD
Pointer authentication codes
- Could sign return address stack
- 128-bit key (8 hardware keys)
- 64-bit context
- PAC is 7 bits to 32 bits
AMD memory encryption
- VEE paper describes some limitations
libcrunch - Stephen Kell
- Cast checking
- Bounds checking
RISC-V security - Ruslan Bukin
- PMP - specify permissions for 16 memory regions in machine mode to restrict memory access
- Composable with virtual memory. Address translation checked then PMP consulted
- PMP is configured in firmware
CheriABI - Brooks Davis
- System call layer made CHERI-aware
- Possibly use sparse to annotate user pointers
DevSummit/201708/Architectural_security_features (last edited 2017-08-04T09:26:57+0000 by ArunThomas)
