research-article

Shielding Applications from an Untrusted Cloud with Haven

Authors:

Andrew Baumann,

Marcus Peinado,

Galen HuntAuthors Info & Claims

ACM Transactions on Computer Systems (TOCS), Volume 33, Issue 3

Article No.: 8, Pages 1 - 26

https://doi.org/10.1145/2799647

Published: 31 August 2015 Publication History

Abstract

Today’s cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider’s staff and its globally distributed software/hardware platform not to expose any of their private data.

We introduce the notion of shielded execution, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (i.e., the cloud operator’s OS, VM, and firmware). Our prototype, Haven, is the first system to achieve shielded execution of unmodified legacy applications, including SQL Server and Apache, on a commodity OS (Windows) and commodity hardware. Haven leverages the hardware protection of Intel SGX to defend against privileged code and physical attacks such as memory probes, and also addresses the dual challenges of executing unmodified legacy binaries and protecting them from a malicious host. This work motivated recent changes in the SGX specification.

References

[1]

Amazon Web Services. 2013. AWS CloudHSM Getting Started Guide. Retrieved July 23, 2015, from http://aws.amazon.com/cloudhsm/.

[2]

Ittai Anati, Shay Gueron, Simon P. Johnson, and Vincent R. Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy.

[3]

Thomas E. Anderson, Brian N. Bershad, Edward D. Lazowska, and Henry M. Levy. 1992. Scheduler activations: Effective kernel support for the user-level management of threads. ACM Transactions on Computer Systems 10, 53--79.

Digital Library

[4]

Arvind Arasu, Spyros Blanas, Ken Eguro, Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy, and Ramaratnam Venkatesan. 2013. Orthogonal security with Cipherbase. In Proceedings of the 6th Conference on Innovative Data Systems Research.

[5]

ARM Limited. 2009. Building a Secure System Using TrustZone Technology. Ref. PRD29-GENC-009492C. ARM Limited.

[6]

Andrew Baumann, Dongyoon Lee, Pedro Fonseca, Lisa Glendenning, Jacob R. Lorch, Barry Bond, Reuben Olinsky, and Galen C. Hunt. 2013. Composing OS extensions safely and efficiently with Bascule. In Proceedings of the 8th ACM European Conference on Computer Systems (EuroSys’13). 239--252.

Digital Library

[7]

Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding applications from an untrusted cloud with Haven. In Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation. 267--283.

Digital Library

[8]

Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar. 2003. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium. 105--120.

Digital Library

[9]

Ernie Brickell, Gary Graunke, Michael Neve, and Jean-Pierre Seifert. 2006. Software Mitigations to Hedge AES against Cache-Based Software Side Channel Vulnerabilities. Report 2006/052. Cryptology ePrint Archive.

[10]

David Champagne and Ruby B. Lee. 2010. Scalable architectural support for trusted software. In Proceedings of the 16th IEEE International Symposium on High-Performance Computer Architecture. 1--12.

[11]

Stephen Checkoway and Hovav Shacham. 2013. Iago attacks: Why the system call API is a bad untrusted RPC interface. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems. 12.

Digital Library

[12]

Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R. K. Ports. 2008. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems. 2--13.

Digital Library

[13]

Siddhartha Chhabra, Brian Rogers, Yan Solihin, and Milos Prvulovic. 2011. SecureME: A hardware-software approach to full system security. In Proceedings of the International Conference on Supercomputing. 108--119.

Digital Library

[14]

Cloud Security Alliance. 2013. Government Access to Information Survey. Retrieved July 23, 2015, from https://cloudsecurityalliance.org/research/surveys/#_nsa_prism.

[15]

John Criswell, Nathan Dautenhahn, and Vikram Adve. 2014. Virtual ghost: Protecting applications from hostile operating systems. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’14). 81--96.

Digital Library

[16]

John R. Douceur, Jeremy Elson, Jon Howell, and Jacob R. Lorch. 2008. Leveraging legacy code to deploy desktop applications on the Web. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation. 339--354.

Digital Library

[17]

Kevin Fu, Frans Kaashoek, and David Mazières. 2000. Fast and secure distributed read-only file system. In Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation. 181--196.

Digital Library

[18]

Blaise Gassend, Edward Suh, Dwaine Clarke, Marten van Dijk, and Srinivas Devadas. 2003. Caches and hash trees for efficient memory integrity verification. In Proceedings of the 9th IEEE International Symposium on High-Performance Computer Architecture. 295--306.

Digital Library

[19]

Barton Gellman and Laura Poitras. 2013. U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program. Washington Post, June 6, 2013.

[20]

Barton Gellman and Ashkan Soltani. 2013. NSA infiltrates links to yahoo, google data centers worldwide, snowden documents say. Washington Post, October 30, 2013.

[21]

Craig Gentry. 2009. A Fully Homomorphic Encryption Scheme. Ph.D. Dissertation. Stanford University, Stanford, CA.

Digital Library

[22]

Craig Gentry, Shai Halevi, and Nigel P. Smart. 2012. Homomorphic evaluation of the AES circuit. In Advances in Cryptology—CRYPTO 2012. Lecture Notes in Computer Science, Vol. 7417. Springer, 850--867,

[23]

Steven M. Hand. 1999. Self-paging in the nemesis operating system. In Proceedings of the 3rd USENIX Symposium on Operating Systems Design and Implementation. 73--86. http://dl.acm.org/citation.cfm?id=296806.296812

Digital Library

[24]

Chris Hawblitzel, Jon Howell, Jacob R. Lorch, Arjun Narayan, Bryan Parno, Danfeng Zhang, and Brian Zill. 2014. Ironclad apps: End-to-end security via automated full-system verification. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation.

Digital Library

[25]

Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Vinay Phegade, and Juan Del Cuvillo. 2013. Using innovative instructions to create trustworthy software solutions. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. Article No. 11.

Digital Library

[26]

Owen S. Hofmann, Sangman Kim, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel. 2013. InkTag: Secure applications on an untrusted operating system. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems. 265--278.

Digital Library

[27]

Fangyong Hou, Nong Xiao, Fang Liu, Hongjun He, and Dawu Gu. 2009. Performance and consistency improvements of hash tree based disk storage protection. In Proceedings of the 2009 IEEE International Conference on Networking, Architecture, and Storage. 51--56.

Digital Library

[28]

Jon Howell, Bryan Parno, and John R. Douceur. 2013. How to run POSIX apps in a minimal picoprocess. In Proceedings of the 2013 USENIX Annual Technical Conference. 321--332.

Digital Library

[29]

Intel Corp. 2013. Software Guard Extensions Programming Reference. Ref. #329298-001. Intel Corp. https://software.intel.com/sites/default/files/329298-001.pdf.

[30]

Intel Corp. 2014a. Intel 64 and IA-32 Architectures Software Developer’s Manual. Ref. #253665-050US. Intel Corp.

[31]

Intel Corp. 2014b. Software Guard Extensions Programming Reference, Rev. 2. Ref. #329298-002. Intel Corp. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf.

[32]

Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal verification of an OS kernel. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles. 207--220.

Digital Library

[33]

Ruby B. Lee, Peter C. S. Kwan, John P. McGregor, Jeffrey Dwoskin, and Zhenghong Wang. 2005. Architecture for protecting critical secrets in microprocessors. In Proceedings of the 32nd International Symposium on Computer Architecture. 2--13.

Digital Library

[34]

Roy Levin, Ellis S. Cohen, William M. Corwin, Fred J. Pollack, and William A. Wulf. 1975. Policy/mechanism separation in HYDRA. In Proceedings of the 5th ACM Symposium on Operating Systems Principles. 132--140.

Digital Library

[35]

Yanlin Li, Jonathan M. McCune, James Newsome, Adrian Perrig, Brandon Baker, and Will Drewry. 2014. MiniBox: A two-way sandbox for x86 native code. In Proceedings of the 2014 USENIX Annual Technical Conference.

Digital Library

[36]

David Lie, Chandramohan Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell, and Mark Horowitz. 2000. Architectural support for copy and tamper resistant software. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems. 168--177.

Digital Library

[37]

David Lie, Chandramohan A. Thekkath, and Mark Horowitz. 2003. Implementing an untrusted operating system on trusted hardware. In Proceedings of the 19th ACM Symposium on Operating Systems Principles. 178--192.

Digital Library

[38]

Jacob R. Lorch, Andrew Baumann, Lisa Glendenning, Dutch Meyer, and Andrew Warfield. 2015. Tardigrade: Leveraging lightweight virtual machines to easily and efficiently construct fault-tolerant services. In Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation. https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/lorch.

Digital Library

[39]

Umesh Maheshwari, Radek Vingralek, and William Shapiro. 2000. How to build a trusted database system on untrusted storage. In Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation. 135--150.

Digital Library

[40]

Brian D. Marsh, Michael L. Scott, Thomas J. LeBlanc, and Evangelos P. Markatos. 1991. First-class user-level threads. In Proceedings of the 13th ACM Symposium on Operating Systems Principles. 110--121.

Digital Library

[41]

Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. 2010. TrustVisor: Efficient TCB reduction and attestation. In Proceedings of the IEEE Symposium on Security and Privacy. 143--158.

Digital Library

[42]

Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In 3rd ACM SOGOPS/EuroSys European Conference on Computer Systems (EuroSys’08). 315--328.

Digital Library

[43]

David McGrew and John Viega. 2004. The Galois/Counter Mode of Operation (GCM). Retrieved July 24, 2015, from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf.

[44]

Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. Article No. 10.

Digital Library

[45]

Ralph Merkle. 1987. A digital signature based on a conventional encryption function. In Advances in Cryptology—CRYPTO ’87. Lecture Notes in Computer Science, Vol. 293. Springer, 369--378.

Digital Library

[46]

Claire Cain Miller. 2014. Revelations of N.S.A. spying cost U.S. tech companies. New York Times, March 21, 2014.

[47]

Emmanuel Owusu, Jorge Guajardo, Jonathan McCune, Jim Newsome, Adrian Perrig, and Amit Vasudevan. 2013. OASIS: On achieving a sanctuary for integrity and secrecy on untrusted platforms. In Proceedings of the 20th ACM Conference on Computer and Communications Security. 13--24.

Digital Library

[48]

Bryan Parno, Jacob R. Lorch, John R. Douceur, James Mickens, and Jonathan M. McCune. 2011. Memoir: Practical state continuity for protected modules. In Proceedings of the IEEE Symposium on Security and Privacy. 379--394.

Digital Library

[49]

Dan Plastina. 2015. Azure Key Vault—Making the Cloud Safer. Retrieved July 24, 2015, from http://blogs.technet.com/b/kv/archive/2015/01/08/azure-key-vault-making-the-cloud-safer.aspx.

[50]

Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan. 2011. CryptDB: Protecting confidentiality with encrypted query processing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 85--100.

Digital Library

[51]

Gerald J. Popek and Robert P. Goldberg. 1974. Formal requirements for virtualizable third generation architectures. Communications of the ACM 17, 7, 412--421.

Digital Library

[52]

Donald E. Porter, Silas Boyd-Wickizer, Jon Howell, Reuben Olinksy, and Galen C. Hunt. 2011. Rethinking the library OS from the top down. In Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems. 291--304.

Digital Library

[53]

PrivateCore. 2014. Trustworthy Computing for OpenStack with vCage. Retrieved July 24, 2015, from http://privatecore.com/vcage/.

[54]

Himanshu Raj, David Robinson, Talha Bin Tariq, Paul England, Stefan Saroiu, and Alec Wolman. 2011. Credo: Trusted Computing for Guest VMs with a Commodity Hypervisor. Technical Report MSR-TR-2011-130. Microsoft Research.

[55]

Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. 2004. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th USENIX Security Symposium.

Digital Library

[56]

Nuno Santos, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2014. Using ARM trustzone to build a trusted language runtime for mobile applications. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems. 67--80.

Digital Library

[57]

Emin Gün Sirer, Willem de Bruijn, Patrick Reynolds, Alan Shieh, Kevin Walsh, Dan Williams, and Fred B. Schneider. 2011. Logical attestation: An authorization architecture for trustworthy computing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 249--264.

Digital Library

[58]

Sean W. Smith and Steve Weingart. 1999. Building a high-performance, programmable secure coprocessor. Computer Networks 31, 9, 831--860. http://dl.acm.org/citation.cfm?id=324119.324128

Digital Library

[59]

Richard Ta-Min, Lionel Litty, and David Lie. 2006. Splitting interfaces: Making trust between applications and operating systems configurable. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation. 279--292. http://dl.acm.org/citation.cfm?id=1267308.1267328

Digital Library

[60]

Sai Deep Tetali, Mohsen Lesani, Rupak Majumdar, and Todd Millstein. 2013. MrCrypt: Static analysis for secure cloud computations. In Proceedings of the 2013 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications. 271--286.

Digital Library

[61]

Transaction Processing Performance Council. 2010. TPC Benchmark E Standard Specification. Rev. 1.12.0. Transaction Processing Performance Council.

[62]

Trusted Computing Group. 2011. TPM Main Specification Level 2. Version 1.2, Revision 116. Trusted Computing Group.

[63]

Chia-Che Tsai, Kumar Saurabh Arora, Nehal Bandi, Bhushan Jain, William Jannen, Jitin John, Harry A. Kalodner, Vrushali Kulkarni, Daniela Oliveira, and Donald E. Porter. 2014. Cooperation and security isolation of library OSes for multi-process applications. In Proceedings of the 9th European Conference on Computer Systems (EuroSys’14). Article No. 9.

Digital Library

[64]

Amit Vasudevan, Emmanuel Owusu, Zongwei Zhou, James Newsome, and Jonathan M. McCune. 2012. Trustworthy execution on mobile devices: What security properties can my mobile platform give me? In Proceedings of the 5th International Conference on Trust and Trustworthy Computing. 159--178.

Digital Library

[65]

Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA.

Digital Library

[66]

Jisoo Yang and Kang G. Shin. 2008. Using hypervisor to provide data secrecy for user applications on a per-page basis. In Proceedings of the 4th International Conference on Virtual Execution Environments. 71--80.

Digital Library

[67]

Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. 2009. Native client: A sandbox for portable, untrusted x86 native code. In Proceedings of the 30th IEEE Symposium on Security and Privacy. 79--93.

Digital Library

[68]

Aaram Yun, Chunhui Shi, and Yongdae Kim. 2009. On protecting integrity and confidentiality of cryptographic file system for outsourced storage. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security. 67--76.

Digital Library

[69]

Fengzhe Zhang, Jin Chen, Haibo Chen, and Binyu Zang. 2011. CloudVisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 203--216.

Digital Library

[70]

Xiao Zhang, Sandhya Dwarkadas, and Kai Shen. 2009. Towards practical page coloring-based multicore cache management. In 4th ACM European Conference on Computer Systems (EuroSys’09). 89--102.

Digital Library

Cited By

Wang JHuang TWu SLiu Z(2024)Twinkle: A family of Low-latency Schemes for Authenticated Encryption and Pointer AuthenticationIACR Communications in Cryptology10.62056/a3n59qgxqOnline publication date: 8-Jul-2024
https://doi.org/10.62056/a3n59qgxq
Fukuyama MTanaka MOgino RKawashima H(2024)eSilo: Making Silo Secure with SGXInternational Journal of Networking and Computing10.15803/ijnc.14.2_20614:2(206-224)Online publication date: 2024
https://doi.org/10.15803/ijnc.14.2_206
Mo FTarkhani ZHaddadi H(2024)Machine Learning with Confidential Computing: A Systematization of KnowledgeACM Computing Surveys10.1145/367000756:11(1-40)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3670007
Show More Cited By

Index Terms

Shielding Applications from an Untrusted Cloud with Haven
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software creation and management
    1. Designing software
  2. Software organization and properties
    1. Contextual software domains
      1. Operating systems

Recommendations

Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX
ASPLOS '20: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems

Intel Software Guard Extensions (SGX) enables user-level code to create private memory regions called enclaves, whose code and data are protected by the CPU from software and hardware attacks outside the enclaves. Recent work introduces library ...
Shielding applications from an untrusted cloud with Haven
OSDI'14: Proceedings of the 11th USENIX conference on Operating Systems Design and Implementation

Today's cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider's staff and its globally-distributed software/hardware platform not to expose any of their private data.

We introduce the notion of shielded ...
COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX
ASPLOS '20: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems

Intel SGX is a hardware-based trusted execution environment (TEE), which enables an application to compute on confidential data in a secure enclave. SGX assumes a powerful threat model, in which only the CPU itself is trusted; anything else is untrusted,...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Computer Systems

ACM Transactions on Computer Systems Volume 33, Issue 3

September 2015

140 pages

ISSN:0734-2071

EISSN:1557-7333

DOI:10.1145/2818727

Editor:
Todd C. Mowry
Carnegie Mellon University, Pittsburgh, PA

Issue’s Table of Contents

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 August 2015

Accepted: 01 June 2015

Received: 01 April 2015

Published in TOCS Volume 33, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

277
Total Citations
View Citations
2,267
Total Downloads

Downloads (Last 12 months)149
Downloads (Last 6 weeks)6

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang JHuang TWu SLiu Z(2024)Twinkle: A family of Low-latency Schemes for Authenticated Encryption and Pointer AuthenticationIACR Communications in Cryptology10.62056/a3n59qgxqOnline publication date: 8-Jul-2024
https://doi.org/10.62056/a3n59qgxq
Fukuyama MTanaka MOgino RKawashima H(2024)eSilo: Making Silo Secure with SGXInternational Journal of Networking and Computing10.15803/ijnc.14.2_20614:2(206-224)Online publication date: 2024
https://doi.org/10.15803/ijnc.14.2_206
Mo FTarkhani ZHaddadi H(2024)Machine Learning with Confidential Computing: A Systematization of KnowledgeACM Computing Surveys10.1145/367000756:11(1-40)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3670007
Cheng POzga WValdez EAhmed SGu ZJamjoom HFranke HBottomley J(2024)Intel TDX Demystified: A Top-Down ApproachACM Computing Surveys10.1145/365259756:9(1-33)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3652597
Wang ZZhan JDing XZhang FHu NQuek TGao DZhou JCardenas A(2024)ESem: To Harden Process Synchronization for ServersProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3657025(1554-1567)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3657025
Xu YPangia JYe CSolihin YShen X(2024)Data Enclave: A Data-Centric Trusted Execution Environment2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA57654.2024.00026(218-232)Online publication date: 2-Mar-2024
https://doi.org/10.1109/HPCA57654.2024.00026
Rocha IFelber PMartorel XPasin MSchiavoni VUnsal O(2024)Combining Asynchronous Task Parallelism and Intel SGX for Secure Deep Learning : (Practical Experience Report)2024 19th European Dependable Computing Conference (EDCC)10.1109/EDCC61798.2024.00029(97-102)Online publication date: 8-Apr-2024
https://doi.org/10.1109/EDCC61798.2024.00029
Maitra SAtalay TStavrou AWang H(2024)Towards Shielding 5G Control Plane Functions2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00039(302-315)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00039
Pratama Hartono ABrito AFetzer C(2024)CRISP: Confidentiality, Rollback, and Integrity Storage Protection for Confidential Cloud-Native Computing2024 IEEE 17th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD62652.2024.00026(141-152)Online publication date: 7-Jul-2024
https://doi.org/10.1109/CLOUD62652.2024.00026
Feng DQin YFeng WLi WShang KMa H(2024)Survey of research on confidential computingIET Communications10.1049/cmu2.12759Online publication date: 23-Apr-2024
https://doi.org/10.1049/cmu2.12759
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents