alt Hacker NewsI think SGX (et al) can still be useful as part of a layered defense. We know how to defeat security mitigations like NX and ASLR, but that doesn't mean they're useless.
The problem is that SGX is marketed as the solution.
I think SGX (et al) can still be useful as part of a layered defense. We know how to defeat security mitigations like NX and ASLR, but that doesn't mean they're useless.
The problem is that SGX is marketed as the solution.
NX and ASLR make it harder for other people to exploit your code on your computer. SGX tries to make it easier for other people to run code on your computer without you seeing the code or what it's doing. They're not in the same category.