Glossary of terms

System software that enables running an application inside a secure enclave without the need to make any change to the application.

A version of the Anjuna Runtime that runs on Intel® processors supporting the Software Guard Extensions (SGX).

Data generated and digitally signed by an Intel® SGX-enabled CPU that can be used to prove that a specific program with a specific configuration and specific data are running in a specific secure enclave. The CPU produces a report (in Intel® terminology) that contains an enclave measurement, along with additional data such as the hardware version used to generate it, any microcode updates that were applied to the hardware, and any relevant software configuration. The attestation quote is this collection of data after it has been digitally signed by the CPU using a private key that is accessible only to the Intel® SGX hardware, and only within the secure enclave for which the attestation quote has been generated. Using the attestation quote, a client program can prove that a particular secure enclave is the one that generated the quote, and that the software and hardware in the enclave are unchanged from the time that the quote was generated.

A discrete computing environment created by an OS virtualization solution such as Docker within an operating system. A container provides an isolated, standardized environment, distinct from that of the operating system, for running applications.

A cryptographic hash or other value computed from some input data so that if any part of the input changes, the measure also changes.

A public and private key created by the anjuna-encrypt tool that enables you to encrypt files so that only the matching secure enclave can decrypt them.

A cryptographic hash computed by an Intel® SGX-enabled CPU that represents the initial state of a secure enclave.

A digital signature that the Anjuna Runtime uses to ensure that an executable is authorized to run inside a specified enclave.

Text expressions used in manifest templates to identify pathnames for use by the Anjuna SGX Runtime. See File-matching patterns for a full explanation of the syntax of file-matching patterns recognized by the Anjuna SGX Runtime.

see Intel® Software Guard Extensions

A set of CPU instructions available on certain Intel® microprocessors that provide support for creating hardware-protected secure enclaves.

A file that defines operating parameters for the Anjuna Runtime to use with a specific secure enclave.

A command-line tool distributed with the Anjuna Runtime that converts manifest template files to manifests.

A human-readable source file that defines settings for a secure enclave. The manifest compiler converts a manifest template into a manifest, which the Anjuna Runtime then uses to configure a secure enclave.

Anjuna server software that works with the Anjuna Runtime to manage keys for use within secure enclaves.

A public key used by Anjuna tools to encrypt sensitive data so that only processes running inside a specified secure enclave can read them.

A discrete region of memory set aside and protected by the CPU using strong, hardware-supported encryption to protect the integrity and security of its contents.