SCONE vs Intel SGX SDK
In this section, we present the advantages of SCONE compared with Intel SGX SDK. The table below shows why SCONE should be used for Confidential Computing instead of Intel SGX SDK.
| Features | Intel SGX SDK | SCONE Platform |
|---|---|---|
| SLA: Startup times | Slow | Efficient startup/attestation |
| SLA: Scheduling | - | SLA-based scheduling |
| SLA: Efficiency | Many enclave exits | Reduced enclave exits |
| Security: CVEs | CVE handling by application | CVEs addressed by platform |
| Security: policy | No policy support | Advanced-policy support |
| Security: platform | - | Integrated OS and Application Sec. |
| Security: Side-channel | No protection | Side-channel protection |
| Monitoring: SLA | - | SLA-based monitoring |
| Monitoring: SGX | - | SGX-resources & scheduling |
| Encryption at rest / in transit | Source code changes required | No source code changes |
| Encryption at use | Source code changes required | No source code changes |
| Attestation | Explicit code required | Automatic by SCONE |
| Key Provisioning | Explicit code required | Automatic by SCONE |
| CI/CD Integration | - | Modern IDE |
| Languages | C/C++ | Most modern languages (C/C++, Python, Rust, Java, Nodejs, R, ...) |
| Portability | Intel SGX-specific | (eventually other CPUs) |
| TCO | Higher | Lower |