Intel Software Guard Extensions Applications: A Survey

Data confidentiality is a central concern in modern computer systems and services, as sensitive data from users and companies are being increasingly delegated to such systems. Several hardware-based mechanisms have been recently proposed to enforce security guarantees of sensitive information. Hardware-based isolated execution environments are a class of such mechanisms, in which the operating system and other low-level components are removed from the trusted computing base. One of such mechanisms is the Intel Software Guard Extensions (Intel SGX), which creates the concept of enclave to encapsulate sensitive components of applications and their data. Despite being largely applied in several computing areas, SGX has limitations and performance issues that must be addressed for the development of secure solutions. This text brings a categorized literature review of the ongoing research on the Intel SGX architecture, discussing its applications and providing a classification of the solutions that take advantage of SGX mechanisms. We analyze and categorize 293 papers that rely on SGX to provide integrity, confidentiality, and privacy to users and data, regarding different contexts and goals. We also discuss research challenges and provide future directions in the field of enclaved execution, particularly when using SGX.