By: Michael Atlas

Scheduled on: June 18 at 13:00

No security technology is secure against programmer misuse. This talk implements a “Damn Vulnerable” approach to identifying bad programming practices that could undermine the security of SGX Enclaves, Intel’s new TEE technology. A deliberately created “DVSE” demonstrates and shames such practices that the author actually encountered during security evaluation and penetration testing of enclaved software. The talk also discusses the techniques used to identify and exploit such practices, and BKMs to avoid them.