Key points are not available for this paper at this time.
Intel's Software Guard Extensions allows general-purpose computing platforms to run software in a trustworthy manner and securely handle encrypted data. To satisfy the technology's security goals, the external system memory must be cryptographically protected. A new hardware unit added to the processor's memory controller - the Memory Encryption Engine (MEE) - was recently developed to protect the confidentiality, integrity, and freshness of this external memory traffic, against eavesdropping and tampering. The MEE is a successful feat of real-world cryptographic engineering: it's the first time such cryptographic memory protection has been added to a widely deployed general-purpose processor. This article explains the MEE threat model and security objectives, describe some of the difficulties encountered in building the MEE, and report concrete performance results.
Shay Gueron (Tue,) studied this question.