Filters








174 Hits in 4.4 sec

In Hardware We Trust

Lejla Batina, Patrick Jauernig, Nele Mentens, Ahmad-Reza Sadeghi, Emmanuel Stapf
2019 Proceedings of the 56th Annual Design Automation Conference 2019 on - DAC '19  
You are permitted to download and use the publication for personal purposes. Please note that you are not allowed to share this article on other platforms, but can link to it.  ...  time after the work was first published, provided that clear reference is made to the source of the first publication of the work.  ...  TrustZone can, in contrast to SGX and Sanctum, establish secure channels between peripherals and sensitive apps.  ... 
doi:10.1145/3316781.3323480 dblp:conf/dac/BatinaJMSS19 fatcat:kuppngfcgrh4vngiln2ho5dwtq

Fast, Scalable and Secure Onloading of Edge Functions Using AirBox

Ketan Bhardwaj, Ming-Wei Shih, Pragya Agarwal, Ada Gavrilovska, Taesoo Kim, Karsten Schwan
2016 2016 IEEE/ACM Symposium on Edge Computing (SEC)  
to address security concerns of EFs that leverages emerging hardware support for OS agnostic trusted execution environments such as Intel SGX enclaves; and (iii) propose and evaluate AirBox, a platform  ...  for fast, scalable and secure onloading of edge functions.  ...  Acknowledgement We would like to thank our shepherd, Padmanabhan Pillai, for his insights during the preparation of the final version of this paper.  ... 
doi:10.1109/sec.2016.15 dblp:conf/edge/BhardwajSAGKS16 fatcat:u6zddd2xy5brxauwjsthwxmp5y

CoverDrop: Blowing the Whistle Through A News App

Mansoor Ahmed-Rengers, Diana A. Vasile, Daniel Hugenroth, Alastair R. Beresford, Ross Anderson
2022 Proceedings on Privacy Enhancing Technologies  
We support secure messaging within a news app, so that all its other users provide cover traffic, which we channel through a threshold mix instantiated in a Trusted Execution Environment within the news  ...  CoverDrop is a two-way, secure system to do this.  ...  Acknowledgements We would like to thank our workshop participants and reviewers for their invaluable feedback on this work. Mansoor Ahmed-Rengers was supported by TO-DAQ and OpenOrigins Limited.  ... 
doi:10.2478/popets-2022-0035 fatcat:druniv6taza27d7pocog3exbyq

Enclave-Aware Compartmentalization and Secure Sharing with Sirius [article]

Zahra Tarkhani, Anil Madhavapeddy
2020 arXiv   pre-print
e.g. threads, processes, address spaces, files, sockets, pipes) in both the secure and normal worlds.  ...  This lack of information causes an ever-increasing set of attacks on TEE-enabled applications that exploit various insecure interactions with the host OSs, applications, or other enclaves.  ...  tzMon security framework for a mobile game application TZ Reference monitor SGX_SQLite SQLite database inside an enclave SGX Databases sgx-lkl-MySQL In-enclave MySQL SGX Databases SGX-OpenSSL SGX SSL  ... 
arXiv:2009.01869v3 fatcat:bgqsmluzdjdkxliiun6ttijqty

Secure and Private Function Evaluation with Intel SGX

Susanne Felsen, Ágnes Kiss, Thomas Schneider, Christian Weinert
2019 Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop - CCSW'19  
We address the unresolved issue of countless software side-channel vulnerabilities in a unique way, namely by evaluating Boolean circuits -as used by cryptographic SFE protocols -inside an Intel SGX enclave  ...  For realizing PFE, we securely evaluate universal circuits (UCs) that can be programmed via input bits to emulate any function up to a given size.  ...  Both parties need to individually perform RA in order to establish a secure channel with the same enclave.  ... 
doi:10.1145/3338466.3358919 dblp:conf/ccs/FelsenK0W19 fatcat:ijad5buk2zavpbcbmvo2kdicy4

Confidential Machine Learning Computation in Untrusted Environments: A Systems Security Perspective

Kha Dinh Duy, Taehyun Noh, Siwon Huh, Hojoon Lee
2021 IEEE Access  
In the domain of systems security, many endeavors have been made to ensure ML model and data confidentiality.  ...  Hence, researchers have leveraged the Trusted Execution Environments (TEEs) to build confidential ML computation systems.  ...  The work points out that 41% of the studied ML apps do not protect the ML model, and 66% of ML apps that attempted to secure their ML model adapted insufficient protection.  ... 
doi:10.1109/access.2021.3136889 fatcat:scrytvepkjafxblcqg3gjk5vqu

Confidential Machine Learning Computation in Untrusted Environments: A Systems Security Perspective [article]

Kha Dinh Duy, Taehyun Noh, Siwon Huh, Hojoon Lee
2021 arXiv   pre-print
In the domain of systems security, many endeavors have been made to ensure ML model and data confidentiality.  ...  Hence, researchers have leveraged the Trusted Execution Environments (TEEs) to build confidential ML computation systems.  ...  The work points out that 41% of the studied ML apps do not protect the ML model, and 66% of ML apps that attempted to secure their ML model adapted insufficient protection.  ... 
arXiv:2111.03308v2 fatcat:kmklsqvzureilldvr4ui4azrwi

SoK: Hardware-supported Trusted Execution Environments [article]

Moritz Schneider, Ramya Jayaram Masti, Shweta Shinde, Srdjan Capkun, Ronald Perez
2022 arXiv   pre-print
IO, and secure storage.  ...  Therefore, in this work, we analyze the design of existing TEEs and systematize the mechanisms that TEEs implement to achieve their security goals, namely, verifiable launch, run-time isolation, trusted  ...  mobile phone enclaves.  ... 
arXiv:2205.12742v1 fatcat:fhcygywyabepzfu4yywbax3rn4

Building secure distributed applications the DECENT way [article]

Haofan Zheng, Owen Arden
2022 arXiv   pre-print
However, trust relationships established by one component in a distributed application may impact the security of other components, making it difficult to reason about the security of the application as  ...  Decent applications authenticate and authorize distributed enclave components using a protocol based on self-attestation certificates, a reusable credential based on RA and verifiable by a third party.  ...  Thus, In SGX RA only group, we used a similar approach to the sample code provided by the Intel SGX SDK to establish a secure channel using AES-GCM encryption between the DHT and the application nodes.  ... 
arXiv:2004.02020v3 fatcat:bnsnztq2v5a6vfsyypinp3n62i

Enjoy the Untrusted Cloud: A Secure, Scalable and Efficient SQL-like Query Framework for Outsourcing Data [article]

Yaxing Chen, Qinghua Zheng, Dan Liu, Zheng Yan, Wenhai Sun, Ning Zhang, Wenjing Lou, Y. Thomas Hou
2019 arXiv   pre-print
While the security of the cloud remains a concern, a common practice is to encrypt data before outsourcing them for utilization.  ...  An alternative method that utilizes hardware-assisted trusted execution environment, i.e., Intel SGX, has emerged recently.  ...  During this process, he/she also establishes a secure communication channel with E App by negotiating a symmetric secret key sk comm .  ... 
arXiv:1912.08454v1 fatcat:rpneibrekja75ju533quvr72om

CRC: Fully General Model of Confidential Remote Computing [article]

Kubilay Ahmet Küçük, Andrew Martin
2021 arXiv   pre-print
CRC proposes a compact solution for next-generation applications to be built on strong hardware-based security primitives, control of secure software products' trusted computing base, and a way to make  ...  The questions of how these systems can be built in a trustworthy manner and how their security properties can be understood are given fresh impetus by recent hardware developments, allowing a fuller, more  ...  In contrast to its characteristics in SGX enclaves, content in a Trustzone secure world remains persistent.  ... 
arXiv:2104.03868v1 fatcat:j72spncwrfhedjtgmtnqdtszl4

Offline Model Guard: Secure and Private ML on Mobile Devices

Sebastian P. Bayerl, Tommaso Frassetto, Patrick Jauernig, Korbinian Riedhammer, Ahmad-Reza Sadeghi, Thomas Schneider, Emmanuel Stapf, Christian Weinert
2020 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE)  
Specifically, we build Offline Model Guard (OMG) to enable privacy-preserving machine learning on the predominant mobile computing platform ARM - even in offline scenarios.  ...  Cryptographic techniques offer secure solutions for this, but have an unacceptable overhead and moreover require frequent network interaction.  ...  In particular, it allows to run security-critical code in user-space enclaves or so-called SANCTUARY Apps (SAs).  ... 
doi:10.23919/date48585.2020.9116560 dblp:conf/date/BayerlFJRS0SW20 fatcat:wvjhalug6zfgtjdt6ujy2sf7om

A Distributed Privacy Preservation Approach for Big Data in Public Health Emergencies Using Smart Contract and SGX

Jun Li, Jieren Cheng, Naixue Xiong, Lougao Zhan, Yuan Zhang
2020 Computers Materials & Continua  
In an effort to overcome this challenge, this article aims to present a distributed privacy preservation approach based on smart contracts and Intel Software Guard Extensions (SGX).  ...  Finally, we design decentralized system architecture, prove the security properties, and analysis to verify the feasibility of the system.  ...  Once the attestation is successful, the secure channel will be made between the enclave.  ... 
doi:10.32604/cmc.2020.011272 fatcat:hwkeziwdvrcbxao4iqilgpkw4i

DelegaTEE: Brokered Delegation Using Trusted Execution Environments

Sinisa Matetic, Moritz Schneider, Andrew Miller, Ari Juels, Srdjan Capkun
2018 USENIX Security Symposium  
to the Proceedings of the 27th USENIX Security Symposium is sponsored by USENIX.  ...  Like TrustZone, an older TEE that permits execution of code in a "secure world" and is used widely in mobile devices, SGX permits isolated execution of the code in what is referred to as secure enclaves  ...  The SGX architecture enables the app developer to create multiple enclaves for security-critical code, protecting it from malicious applications [43] , a compromised OS, virtual machine manager [11]  ... 
dblp:conf/uss/MateticSMJC18 fatcat:kxgh7es42vaofbhb6rgnadu4mm

Virtualization Technologies and Cloud Security: advantages, issues, and perspectives [article]

Roberto Di Pietro, Flavio Lombardi
2018 arXiv   pre-print
The objective of this paper is to shed light on current virtualization technology and its evolution from the point of view of security, having as an objective its applications to the Cloud setting.  ...  Virtualization technologies allow multiple tenants to share physical resources with a degree of security and isolation that cannot be guaranteed by mere containerization.  ...  They demonstrate software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves, and abusing SGX protection features to conceal itself.  ... 
arXiv:1807.11016v2 fatcat:i724ystx2zcqtgm2aq7bkkkedm
« Previous Showing results 1 — 15 out of 174 results