IDfusion’s Secure Runtime Development Environment: Bringing Intel® SGX Security Features to Edge Devices

With the introduction of the Secure Runtime Development Environment (SRDE), IDfusion LLC brings the power of Intel® Software Guard Extensions (Intel® SGX) hardware security technology to help meet the challenges of edge device security. When combined with its Autonomous Introspection™ technology, The Other AI™, IDfusion provides a powerful spectrum of tools that brings a new dimension of additional security for Intelligent Network Endpoint Devices (INED’s). In reading this article, understand that no product or component can be absolutely secure.

About Intel ® SGX
Creating applications that take advantage of Intel’s SGX-based enclave security features requires that developers partition security-sensitive functionality into separate code that is compiled and linked against an Intel SGX Software Development Kit (SDK). This SDK provides support for the standalone execution environment that characterizes an enclave with security features. A Platform SoftWare (PSW) run time environment is then required to implement the functionality that loads, initializes and executes the enclave with security features. In addition, the PSW provides support for the Enhanced Privacy ID (EPID) provisioning process that joins and anonymously identifies a platform to a security group that enables support for some remote attestation.

About IDfusions Secure Runtime Development Environment
IDfusion’s SRDE provides an alternative PSW, specifically designed for minimum footprint embedded applications of Intel SGX. It enables a toolkit-based approach to all of the functionality that an embedded developer needs to provide platform security features via enclave technology with security features. Implemented in the form of a simple to use C-based object library, it provides developers the tools to implement Intel ® SGX-based solutions using GLIBC as well as the MUSL C library popular with embedded developers.

The IDfusion library extends the Intel SGX SDK with capabilities that enable seamless source code interoperability between non-Intel SGX and enclave-based software implementations. Applications can be conceived, debugged and tested using standard development tools and techniques and then converted into an enclave-based application with security features simply by recompiling. This greatly accelerates developer productivity and time-to-solution.

To these PSW and SDK solutions IDfusion adds a set of pre-built enclaves that provide rich functionality that can be immediately leveraged by platform developers and architects. This functionality includes enclave-to-enclave communications with IDsecure conduits featuring IDfusion’s Host Specific Enclave Authentication (HSEA). Purpose built to take advantage of Intel ® SGX-based remote attestation features, HSEA-based network communications enables platform developers to provide some degree of physical processor-based attestations as to which platforms are allowed to connect and communicate. This provides developers of automation and SCADA systems a compelling potential answer for organizations reluctant to open network access required for device deployments.

IDfusion LLC completes the package for advanced device security by building its Autonomous Introspection™ technology on top of this Intel SGX development and run time framework. Using Autonomous Introspection™, platform developers can create very precise definitions of behavior for either an entire platform or a container-based application stack. Ready-to-use IDsecure-based tools allow real-time monitoring of device security posture including characterizations of possible security critical behaviors.

As a licensed Intel SGX Independent Software Vendor, IDfusion LLC can provide enclave technology with security features in ready-to-be-signed or pre-signed configurations. Contact IDfusion LLC for further details on how Intel SGX and IDfusion’s SRDE can help differentiate your platforms.