Skip to content

SCONE vs Intel SGX SDK

In this section, we present the advantages of SCONE compared with Intel SGX SDK. The table below shows why SCONE should be used for Confidential Computing instead of Intel SGX SDK.

Features Intel SGX SDK SCONE Platform
SLA: Startup times Slow Efficient startup/attestation
SLA: Scheduling - SLA-based scheduling
SLA: Efficiency Many enclave exits Reduced enclave exits
Security: CVEs CVE handling by application CVEs addressed by platform
Security: policy No policy support Advanced-policy support
Security: platform - Integrated OS and Application Sec.
Security: Side-channel No protection Side-channel protection
Monitoring: SLA - SLA-based monitoring
Monitoring: SGX - SGX-resources & scheduling
Encryption at rest / in transit Source code changes required No source code changes
Encryption at use Source code changes required No source code changes
Attestation Explicit code required Automatic by SCONE
Key Provisioning Explicit code required Automatic by SCONE
CI/CD Integration - Modern IDE
Languages C/C++ Most modern languages (C/C++, Python, Rust, Java, Nodejs, R, ...)
Portability Intel SGX-specific (eventually other CPUs)
TCO Higher Lower