ENCRYPT Blog Series #8: Software Guard eXtension

Software Guard eXtension and it’s applications in the medical domain

by  Salvatore D’Antonio, Associate Professor at University of Naples, Parthenope

Intel Software Guard eXtension technology

Software Guard eXtension (SGX) is the Intel technological solution for the implementation of hardware-assisted confidential computing. SGX allows to create a Trusted Execution Environment (TEE), ie a processing environment where code and applications can be executed in a secure fashion based on a mechanism of “reverse sandbox”. This mechanism relies on the following assumption: the world outside the running application and code (Operating System, Hypervisor, BIOS/Firmware) is considered as untrusted and, thus, a potential source of threats. In order to protect sensitive code and data SGX technology uses a dedicated memory area, called Secure Enclave. Code and data are stored in this special memory area and therein secured using encryption and hashing. Any process running outside the secure enclave -even a privileged one- is not allowed to access and/or modify the protected code and data.

The encryption and decryption mechanisms used in the enclave are transparent to the users. This means that users are not requested to know the details of those mechanisms and are unaware of how they are implemented.

In order to benefit from SGX technology support, the application should be composed of a trusted and an untrusted part. The untrusted part is in charge of creating the enclave that is positioned into the encrypted and trusted memory referred to as Enclave Page Cache (EPC). After that the trusted function is called and the execution is moved into the enclave where the security-sensitive data are processed. As the data processing is over the trusted function returns and the control is given back to the caller.

Use of Intel SGX technology in the medical domain

In the “cooperative oncology” several specialists from various medical disciplines collaborate to evaluate patient’s conditions from different perspectives. Cancer management is a very complex task that involves different skills, expertise, and roles and requires the exchange of health data among different units, departments and, in some cases, hospitals. This poses a stringent requirement in terms of data privacy and protection.

Furthermore, when a cancer diagnosis is confirmed, some patients may need treatment such as radiotherapy. Scheduling and performing radiotherapy require continuous exchange of patient’s information between different professional roles as well as between different devices.

Ensuring confidentiality and integrity of clinical data, treatment planning data and contouring image metadata while these data and metadata are processed is crucial to prevent cybersecurity-indices safety issues.

Thanks to the security properties mentioned above, the Trusted Execution Environment provided by Intel SGX technology can be exploited to enable privacy-preserving computing and data processing while dealing with radiotherapy structures, dose, images in DICOM format.