[Date Prev][Date Next] [Chronological] [Thread] [Top]

Security Enclaves



Greetings, 

I am a computer security researcher working on adding functionality to the hardware security enclaves recently released on CPUs (e.g. Intel SGX or ARM TrustZone).  I think that OpenLDAP would suit my purposes well, and I was thinking of attempting to secure SASL and TLS/SSL functionality.  My plan is to get OpenSSL to use the secure enclave, and adopt OpenLDAP to use the enclave as well for SASL and TLS.  I just need a little help on where to start looking.  I have seen sasl.c and saslauthz.c in servers/slapd, as well as tls2.c in libraries/libldap and libraries/libldap_r.  Anywhere else I should be looking?  Is the only difference between libraries/libldap and libraries/libldrap_r just the use of threads?

Finally, any other ideas about what else I can protect?  For those unfamiliar, security enclaves allow for virtual address ranges to be encrypted/decrypted on the processor itself.  So even an adversary with root privileges would not be able to read data/code/whatever within the secure address range.

Thanks in advance for any help.

- Derrick McKee
--
Derrick McKee
Ph.D. Student at Purdue University