Trail of Bits, leaders in confidential computing security, share insights on potential security pitfalls related to AWS Nitro Enclaves. They emphasize the importance of identifying and mitigating security risks, implementing best practices, and avoiding common pitfalls in virtual socket handling. Their in-depth analysis covers topics such as virtual socket security, randomness, side-channel attack mitigations, memory management, time source considerations, and attestation best practices. Controversial information includes the potential for attacks on enclaves from the parent Amazon EC2 instance, as well as the need to consider CPU memory side channels. Unique content includes guidance on improving enclave randomness and ensuring secure time sources for improved security.
https://blog.trailofbits.com/2024/09/24/notes-on-aws-nitro-enclaves-attack-surface/