Funding for this research was provided by:
National Science Foundation (CNS-1618837)
Article History
Received: 15 February 2018
Accepted: 29 October 2018
First Online: 9 November 2018
Compliance with ethical standards
:
: We have informed the Intel Product Security Incident Response Team of our findings. They have acknowledged the receipt and confirmed a work-in-progress patch for IPP library. Here is the time line for the responsible disclosure process: (1) <b>08/02/2017:</b> We informed our findings to the Intel Product Security Incident Response Team (Intel PSIRT). (2) <b>08/04/2017:</b> Intel PSIRT acknowledged the receipt. (3) <b>11/07/2017:</b><tt>Safe2Encrypt_RIJ128</tt> was removed from the SGX SDK. (4) <b>11/17/2017:</b> Intel PSIRT confirmed a work-in-progress patch for IPP library (CVE-2017-5737). (5) <b>05/10/2018:</b> Intel PSIRT published an update for IPP library (CVE-2018-3691).