In modern Intel processors, there’s a hardware extension available named Software Guard Extension (SGX) to improve the security aspects. It provides a shielded execution environment called ‘enclaves’ to deal with sensitive data and code. This enclave security is designed in such a way that even operating systems aren’t allowed to deal with what’s inside directly.
The concept of SGX is still in its early days, and its adoption is increasing at a rapid pace, including public clouds. When the recent Meltdown and Spectre speculative execution bugs were revealed, the security of enclaves was bound to be questioned. In a newly published paper, a team of scientists from Ohio State University has disclosed SgxSpectre attack variant that’s able to subvert confidential information from SGX enclaves.

Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.