research-article

Public Access

A Formal Foundation for Secure Remote Execution of Enclaves

Authors:

Pramod Subramanyan,

Srinivas Devadas,

Sanjit A. SeshiaAuthors Info & Claims

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

Pages 2435 - 2450

https://doi.org/10.1145/3133956.3134098

Published: 30 October 2017 Publication History

Abstract

Recent proposals for trusted hardware platforms, such as Intel SGX and the MIT Sanctum processor, offer compelling security features but lack formal guarantees. We introduce a verification methodology based on a trusted abstract platform (TAP), a formalization of idealized enclave platforms along with a parameterized adversary. We also formalize the notion of secure remote execution and present machine-checked proofs showing that the TAP satisfies the three key security properties that entail secure remote execution: integrity, confidentiality and secure measurement. We then present machine-checked proofs showing that SGX and Sanctum are refinements of the TAP under certain parameterizations of the adversary, demonstrating that these systems implement secure enclaves for the stated adversary models.

Supplemental Material

MP4 File

Download
2366.84 MB

References

[1]

Lenovo ThinkPad System Management Mode Arbitrary Code Execution 0day Exploit. Available at https://github.com/Cr4sh/ThinkPwn.git.

[2]

T. Alves and D. Felton. TrustZone: Integrated Hardware and Software Security. Information Quarterly, 3(4):18--24, 2004.

[3]

I. Anati, S. Gueron, S. P. Johnson, and V. R. Scarlata. Innovative Technology for CPU Based Attestation and Sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP, volume 13, 2013.

[4]

K. Asanovic, R. Avizienis, J. Bachrach, S. Beamer, D. Biancolin, C. Celio, H. Cook, D. Dabbelt, J. Hauser, A. Izraelevitz, et al. The Rocket Chip Generator. EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2016--17, 2016.

Digital Library

[5]

K. Asanović and D. A. Patterson. Instruction Sets Should Be Free: The Case For RISC-V. EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS- 2014--146, 2014.

[6]

M. Barbosa, B. Portela, G. Scerri, and B. Warinschi. Foundations of HardwareBased Attested Computation and Application to SGX. In IEEE European Symposium on Security and Privacy, EuroS&P 2016, Saarbrücken, Germany, March 21--24, 2016, pages 245--260, 2016.

[7]

M. Barnett, B. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino. Boogie: A Modular Reusable Verifier for Object-Oriented Programs. In FMCO '05, LNCS 4111, pages 364--387, 2005.

[8]

G. Barthe, P. R. D'Argenio, and T. Rezk. Secure information flow by selfcomposition. Mathematical Structures in Computer Science, 21(6):1207--1252, 2011.

Digital Library

[9]

Y. Bertot and P. Castéran. Interactive Theorem Proving and Program Development: Coq'Art: The Calculus of Inductive Constructions. Springer Science & Business Media, 2013.

[10]

K. Bhargavan, C. Fournet, and M. Kohlweiss. miTLS: Verifying Protocol Implementations against Real-World Attacks. IEEE Security & Privacy, 14(6):18--25, 2016.

Digital Library

[11]

J. Bonneau and I. Mironov. Cache-Collision Timing Attacks Against AES, pages 201--215. Springer Berlin Heidelberg, Berlin, Heidelberg, 2006.

Digital Library

[12]

F. Brasser, U. Müller, A. Dmitrienko, K. Kostiainen, S. Capkun, and A. Sadeghi. Software Grand Exposure: SGX Cache Attacks Are Practical. CoRR, abs/1702.07521, 2017.

[13]

M. C. Browne, E. M. Clarke, and O. Grumberg. Characterizing Finite Kripke Structures in Propositional Temporal Logic. Theoretical Computer Science, 59:115-- 131, 1988.

Digital Library

[14]

B. B. Brumley and N. Tuveri. Remote Timing Attacks Are Still Practical. In Proceedings of the 16th European Conference on Research in Computer Security, ESORICS'11, pages 355--371, Berlin, Heidelberg, 2011. Springer-Verlag.

[15]

D. Brumley and D. Boneh. Remote Timing Attacks Are Practical. In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12, SSYM'03, pages 1--1, Berkeley, CA, USA, 2003. USENIX Association.

Digital Library

[16]

D. Champagne and R. B. Lee. Scalable architectural support for trusted software. In High Performance Computer Architecture (HPCA), 2010 IEEE 16th International Symposium on, pages 1--12. IEEE, 2010.

[17]

A. Chaudhuri. Language-based security on Android. In Proceedings of the 2009 Workshop on Programming Languages and Analysis for Security, PLAS 2009, Dublin, Ireland, 15--21 June, 2009, pages 1--7, 2009.

Digital Library

[18]

C.-T. Chou, P. K. Mannava, and S. Park. A simple method for parameterized verification of cache coherence protocols. In A. J. Hu and A. K. Martin, editors, Proceedings of the 5th International Conference on Formal Methods in ComputerAided Design, pages 382--398, Berlin, Heidelberg, 2004. Springer Berlin Heidelberg.

[19]

M. R. Clarkson and F. B. Schneider. Hyperproperties. Journal of Computer Security, 18(6):1157--1210, Sept. 2010.

Digital Library

[20]

V. Costan and S. Devadas. Intel SGX Explained. Cryptology ePrint Archive, Report 2016/086, 2016. http://eprint.iacr.org/2016/086.

[21]

V. Costan, I. Lebedev, and S. Devadas. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In 25th USENIX Security Symposium (USENIX Security 16), pages 857--874, Austin, TX, 2016. USENIX Association.

[22]

A. Datta, J. Franklin, D. Garg, and D. Kaynar. A Logic of Secure Systems and Its Application to Trusted Computing. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, SP '09, pages 221--236, Washington, DC, USA, 2009. IEEE Computer Society.

Digital Library

[23]

L. de Moura and N. Bjørner. Z3: An Efficient SMT Solver. In TACAS '08, pages 337--340, 2008.

Digital Library

[24]

R. DeLine and K. R. M. Leino. BoogiePL: A typed procedural language for checking object-oriented programs. Technical Report MSR-TR-2005--70, Microsoft Research, 2005.

[25]

L. Domnitser, A. Jaleel, J. Loew, N. Abu-Ghazaleh, and D. Ponomarev. Nonmonopolizable caches: Low-complexity mitigation of cache side channel attacks. Transactions on Architecture and Code Optimization (TACO), 2012.

[26]

S. Embleton, S. Sparks, and C. C. Zou. SMM rootkit: a new breed of OS independent malware. Security and Communication Networks, 6(12):1590--1605, 2013.

[27]

C. W. Fletcher, M. v. Dijk, and S. Devadas. A Secure Processor Architecture for Encrypted Computation on Untrusted Programs. In Proceedings of the Seventh ACM Workshop on Scalable Trusted Computing, pages 3--8. ACM, 2012.

Digital Library

[28]

J. A. Goguen and J. Meseguer. Security Policies and Security Models. In 1982 IEEE Symposium on Security and Privacy, Oakland, CA, USA, April 26--28, 1982, pages 11--20, 1982.

[29]

D. Grawrock. Dynamics of a Trusted Platform: A building block approach. Intel Press, 2009.

Digital Library

[30]

C. Hawblitzel, J. Howell, J. R. Lorch, A. Narayan, B. Parno, D. Zhang, and B. Zill. Ironclad Apps: End-to-End Security via Automated Full-System Verification. In Proceedings of the 11th USENIX conference on Operating Systems Design and Implementation, pages 165--181, 2014.

Digital Library

[31]

M. P. Herlihy and J. M. Wing. Linearizability: A Correctness Condition for Concurrent Objects. ACM Transactions on Programming Languages and Systems, 12(3):463--492, July 1990.

Digital Library

[32]

M. Hoekstra, R. Lal, P. Pappachan, V. Phegade, and J. Del Cuvillo. Using Innovative Instructions to Create Trustworthy Software Solutions. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP, volume 13, 2013.

Digital Library

[33]

Intel Software Guard Extensions Programming Reference. Available at https: //software.intel.com/sites/default/files/329298-001.pdf.

[34]

G. Irazoqui, T. Eisenbarth, and B. Sunar. S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES. In IEEE Symposium on Security and Privacy, pages 591--604, May 2015.

Digital Library

[35]

Joanna Rutkowska. Red Pill... or how to detect VMM using (almost) one CPU instruction. https://github.com/Cr4sh/ThinkPwn.git.

[36]

G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal Verification of an OS Kernel. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, SOSP '09, pages 207--220, New York, USA, 2009.

Digital Library

[37]

P. C. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO '96, pages 104--113, London, UK, UK, 1996. Springer-Verlag.

[38]

S. Lee, M. Shih, P. Gera, T. Kim, H. Kim, and M. Peinado. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. CoRR, abs/1611.06952, 2016.

[39]

R. Leslie-Hurd, D. Caspi, and M. Fernandez. Verifying Linearizability of Intel® Software Guard Extensions. In Computer Aided Verification - 27th International Conference, CAV 2015, San Francisco, CA, USA, July 18--24, 2015, Proceedings, Part II, pages 144--160, 2015.

[40]

X. Li, V. Kashyap, J. K. Oberg, M. Tiwari, V. R. Rajarathinam, R. Kastner, T. Sherwood, B. Hardekopf, and F. T. Chong. Sapper: A Language for Hardware-Level Security Policy Enforcement. In Architectural Support for Programming Languages and Operating Systems, ASPLOS '14, Salt Lake City, UT, USA, March 1--5, 2014, pages 97--112, 2014.

Digital Library

[41]

X. Li, M. Tiwari, J. Oberg, V. Kashyap, F. T. Chong, T. Sherwood, and B. Hardekopf. Caisson: A Hardware Description Language for Secure Information Flow. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, San Jose, CA, USA, June 4--8, 2011, pages 109--120, 2011.

Digital Library

[42]

D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. ACM SIGPLAN Notices, 35(11):168--177, 2000.

Digital Library

[43]

F. Liu, Q. Ge, Y. Yarom, F. Mckeen, C. Rozas, G. Heiser, and R. B. Lee. CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing. In 2016 IEEE International Symposium on High Performance Computer Architecture (HPCA), Mar 2016.

[44]

F. Liu and R. B. Lee. Random Fill Cache Architecture. In 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 2014.

Digital Library

[45]

F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee. Last-Level Cache Side-Channel Attacks Are Practical. In Proceedings of the 2015 IEEE Symposium on Security and Privacy, pages 605--622, Washington, DC, USA, 2015. IEEE Computer Society.

Digital Library

[46]

M. Maas, E. Love, E. Stefanov, M. Tiwari, E. Shi, K. Asanovic, J. Kubiatowicz, and D. Song. Phantom: Practical oblivious computation in a secure processor. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 311--324. ACM, 2013.

Digital Library

[47]

F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative Instructions and Software Model for Isolated Execution. HASP, 13:10, 2013.

Digital Library

[48]

J. Mclean. Proving Noninterference and Functional Correctness Using Traces. Journal of Computer Security, 1:37--58, 1992.

Digital Library

[49]

A. Moghimi, G. Irazoqui, and T. Eisenbarth. CacheZoom: How SGX Amplifies The Power of Cache Attacks. CoRR, abs/1703.06986, 2017.

[50]

G. Morrisett, G. Tan, J. Tassarotti, J. Tristan, and E. Gan. RockSalt: better, faster, stronger SFI for the x86. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '12, Beijing, China - June 11 - 16, 2012, pages 395--404, 2012.

Digital Library

[51]

T. Murray, D. Matichuk, M. Brassil, P. Gammie, T. Bourke, S. Seefried, C. Lewis, X. Gao, and G. Klein. seL4: From General Purpose to a Proof of Information Flow Enforcement. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 415--429. IEEE, 2013.

Digital Library

[52]

M. Neugschwandtner, C. Platzer, P. M. Comparetti, and U. Bayer. dAnubis - Dynamic Device Driver Analysis Based on Virtual Machine Introspection. In Detection of Intrusions and Malware, and Vulnerability Assessment, 7th International Conference, DIMVA 2010, Bonn, Germany, July 8--9, 2010. Proceedings, pages 41--60, 2010.

[53]

T. Nipkow, L. C. Paulson, and M. Wenzel. Isabelle/HOL: A Proof Assistant for Higher-Order Logic, volume 2283. Springer Science & Business Media, 2002.

[54]

J. Noorman, P. Agten, W. Daniels, R. Strackx, A. Van Herrewege, C. Huygens, B. Preneel, I. Verbauwhede, and F. Piessens. Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base. In Proceedings of the 22Nd USENIX Conference on Security, SEC'13, pages 479--494, Berkeley, CA, USA, 2013. USENIX Association.

[55]

O. Ohrimenko, F. Schuster, C. Fournet, A. Mehta, S. Nowozin, K. Vaswani, and M. Costa. Oblivious Multi-Party Machine Learning on Trusted Processors. In 25th USENIX Security Symposium (USENIX Security 16), pages 619--636, Austin, TX, 2016. USENIX Association.

[56]

Y. Oren, V. P. Kemerlis, S. Sethumadhavan, and A. D. Keromytis. The Spy in the Sandbox - Practical Cache Attacks in Javascript. CoRR, abs/1502.07373, 2015.

[57]

B. Parno, J. R. Lorch, J. R. Douceur, J. Mickens, and J. M. McCune. Memoir: Practical State Continuity for Protected Modules. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP '11, pages 379--394, Washington, DC, USA, 2011. IEEE Computer Society.

Digital Library

[58]

R. Pass, E. Shi, and F. Tramèr. Formal Abstractions for Attested Execution Secure Processors. IACR Cryptology ePrint Archive, 2016:1027, 2016.

[59]

M. Patrignani, P. Agten, R. Strackx, B. Jacobs, D. Clarke, and F. Piessens. Secure Compilation to Protected Module Architectures. ACM Trans. Program. Lang. Syst., 37(2):6:1--6:50, 2015.

Digital Library

[60]

M. Patrignani and D. Clarke. Fully abstract trace semantics for low-level isolation mechanisms. In Symposium on Applied Computing, SAC 2014, Gyeongju, Republic of Korea - March 24 - 28, 2014, pages 1562--1569, 2014.

Digital Library

[61]

M. Patrignani and D. Clarke. Fully abstract trace semantics for protected module architectures. Computer Languages, Systems & Structures, 42:22--45, 2015.

Digital Library

[62]

A. W. Roscoe. CSP and determinism in security modelling. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, Oakland, California, USA, May 8--10, 1995, pages 114--127, 1995.

[63]

J. M. Rushby. Proof of separability: A verification technique for a class of a security kernels. In International Symposium on Programming, 5th Colloquium, Torino, Italy, April 6--8, 1982, Proceedings, pages 352--367, 1982.

[64]

J. Rutkowska. Security challenges in virtualized environments.

[65]

A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5--19, 2003.

Digital Library

[66]

M. Schwarz, S. Weiser, D. Gruss, C. Maurice, and S. Mangard. Malware Guard Extension: Using SGX to Conceal Cache Attacks. CoRR, abs/1702.08719, 2017.

[67]

J. Seo, B. Lee, S. Kim, M.-W. Shih, I. Shin, D. Han, and T. Kim. SGX-Shield: Enabling address space layout randomization for SGX programs. In 23nd Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26-Marc 1, 2017, 2017.

[68]

M.-W. Shih, S. Lee, T. Kim, and M. Peinado. T-SGX: Eradicating ControlledChannel Attacks Against Enclave Programs. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 2017.

[69]

S. Shinde, Z. L. Chua, V. Narayanan, and P. Saxena. Preventing Page Faults from Telling Your Secrets. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016, Xi'an, China, May 30 - June 3, 2016, pages 317--328, 2016.

Digital Library

[70]

R. Sinha, M. Costa, A. Lal, N. P. Lopes, S. K. Rajamani, S. A. Seshia, and K. Vaswani. A Design and Verification Methodology for Secure Isolated Regions. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, Santa Barbara, CA, USA, June 13--17, 2016, pages 665--681, 2016.

Digital Library

[71]

R. Sinha, S. K. Rajamani, S. A. Seshia, and K. Vaswani. Moat: Verifying Confidentiality of Enclave Programs. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12--6, 2015, pages 1169--1184, 2015.

Digital Library

[72]

T. Skolem. Logico-combinatorial investigations in the satisfiability or provability of mathematical propositions: a simplified proof of a theorem by L. Löwenheim and generalizations of the theorem. From Frege to Gödel. A Source Book in Mathematical Logic, 1879--1931, pages 252--263, 1967.

[73]

G. Smith and D. M. Volpano. Secure Information Flow in a Multi-Threaded Imperative Language. In POPL '98, Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Diego, CA, USA, January 19--21, 1998, pages 355--364, 1998.

Digital Library

[74]

R. Strackx and F. Piessens. Fides: Selectively Hardening Software Application Components Against Kernel-level or Process-level Malware. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, pages 2--13, New York, NY, USA, 2012. ACM.

Digital Library

[75]

P. Subramanyan, R. Sinha, I. Lebedev, S. Devadas, and S. A. Seshia. Models and Proofs for the Trusted Abstract Platform (TAP), Intel SGX and MIT Sanctum. https://github.com/0tcb/TAP.

[76]

G. E. Suh, D. Clarke, B. Gassend, M. Van Dijk, and S. Devadas. AEGIS: architecture for tamper-evident and tamper-resistant processing. In Proceedings of the 17th annual international conference on Supercomputing, pages 160--171. ACM, 2003.

Digital Library

[77]

T. Terauchi and A. Aiken. Secure Information Flow as a Safety Problem. In Static Analysis Symposium (SAS '05), LNCS 3672, pages 352--367, 2005.

Digital Library

[78]

E. Tromer, D. A. Osvik, and A. Shamir. Efficient Cache Attacks on AES, and Countermeasures. J. Cryptology, 23(1):37--71, 2010.

Digital Library

[79]

M. Vijayaraghavan, A. Chlipala, Arvind, and N. Dave. Modular Deductive Verification of Multiprocessor Hardware Designs. In Computer Aided Verification - 27th International Conference, CAV 2015, San Francisco, CA, USA, July 18--24, 2015, Proceedings, Part II, pages 109--127, 2015.

[80]

D. Volpano, C. Irvine, and G. Smith. A Sound Type System for Secure Flow Analysis. Journal of Computer Security, 4(2--3):167--187, Jan. 1996.

Digital Library

[81]

A. Waterman, Y. Lee, R. Avizienis, D. A. Patterson, and K. Asanović. The RISC-V Instruction Set Manual Volume II: Privileged Architecture Version 1.9.1. Technical Report UCB/EECS-2016--161, EECS Department, University of California, Berkeley, Nov 2016.

[82]

A. Waterman, Y. Lee, D. A. Patterson, and K. Asanović. The RISC-V Instruction Set Manual, Volume I: User-Level ISA, Version 2.0. Technical Report UCB/EECS- 2014--54, EECS Department, University of California, Berkeley, May 2014.

[83]

Y. Xu, W. Cui, and M. Peinado. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17--21, 2015, pages 640--656, 2015.

[84]

Y. Yarom and K. Falkner. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20--22, 2014., pages 719--732, 2014.

[85]

D. Zhang, Y. Wang, G. E. Suh, and A. C. Myers. A Hardware Design Language for Timing-Sensitive Information-Flow Security. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '15, Istanbul, Turkey, March 14--18, 2015, pages 503--516, 2015.

Digital Library

Cited By

Wei WLiu L(2024)Trustworthy Distributed AI Systems: Robustness, Privacy, and GovernanceACM Computing Surveys10.1145/3645102Online publication date: 7-Feb-2024
https://dl.acm.org/doi/10.1145/3645102
Li MYang YChen GYan MZhang YQuek TGao DZhou JCardenas A(2024)SoK: Understanding Design Choices and Pitfalls of Trusted Execution EnvironmentsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3644993(1600-1616)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3644993
Li MDing HWang QZhang MMeng WZhu LZhang ZLin X(2024)Decentralized Threshold Signatures With Dynamically Private AccountabilityIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.334796819(2217-2230)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2023.3347968
Show More Cited By

Index Terms

A Formal Foundation for Secure Remote Execution of Enclaves
1. Security and privacy

Recommendations

Moat: Verifying Confidentiality of Enclave Programs
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Security-critical applications constantly face threats from exploits in lower computing layers such as the operating system, virtual machine monitors, or even attacks from malicious administrators. To help protect application secrets from such attacks, ...
Intel Software Guard Extensions: Introduction and Open Research Challenges
SPRO '16: Proceedings of the 2016 ACM Workshop on Software PROtection

Hardware-enhanced security is an important pillar of secure systems in general and software protection in particular. This presentation will survey the recently announced Intel Software Guard Extensions (Intel SGX) as well as innovative usages for ...
Automatic enforcement of expressive security policies using enclaves
OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications

Hardware-based enclave protection mechanisms, such as Intel's SGX, ARM's TrustZone, and Apple's Secure Enclave, can protect code and data from powerful low-level attackers. In this work, we use enclaves to enforce strong application-specific information ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

October 2017

2682 pages

ISBN:9781450349468

DOI:10.1145/3133956

General Chair:
Bhavani Thuraisingham
The University of Texas at Dallas, USA
,
Program Chairs:
David Evans
University of Virginia
,
Tal Malkin
Columbia University
,
Dongyan Xu
Purdue University

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Best Paper

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS '17

Sponsor:

SIGSAC

CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security

October 30 - November 3, 2017

Texas, Dallas, USA

Acceptance Rates

CCS '17 Paper Acceptance Rate 151 of 836 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

65
Total Citations
View Citations
1,477
Total Downloads

Downloads (Last 12 months)269
Downloads (Last 6 weeks)56

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wei WLiu L(2024)Trustworthy Distributed AI Systems: Robustness, Privacy, and GovernanceACM Computing Surveys10.1145/3645102Online publication date: 7-Feb-2024
https://dl.acm.org/doi/10.1145/3645102
Li MYang YChen GYan MZhang YQuek TGao DZhou JCardenas A(2024)SoK: Understanding Design Choices and Pitfalls of Trusted Execution EnvironmentsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3644993(1600-1616)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3644993
Li MDing HWang QZhang MMeng WZhu LZhang ZLin X(2024)Decentralized Threshold Signatures With Dynamically Private AccountabilityIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.334796819(2217-2230)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2023.3347968
Witharana HChatterjee DMishra P(2024)Verifying Memory Confidentiality and Integrity of Intel TDX Trusted Execution Environments2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545349(44-54)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545349
Riedel PSchick Lvon Schwerin RReichert MSchaudt DHafner A(2024)Comparative analysis of open-source federated learning frameworks - a literature-based survey and reviewInternational Journal of Machine Learning and Cybernetics10.1007/s13042-024-02234-z15:11(5257-5278)Online publication date: 28-Jun-2024
https://doi.org/10.1007/s13042-024-02234-z
Shepherd CMarkantonakis KShepherd CMarkantonakis K(2024)Deployment Issues, Attacks, and Other ChallengesTrusted Execution Environments10.1007/978-3-031-55561-9_8(167-184)Online publication date: 22-Feb-2024
https://doi.org/10.1007/978-3-031-55561-9_8
Chen HChen HSun MLi KChen ZWang XCalandrino JTroncoso C(2023)A verified confidential computing as a service framework for privacy preservationProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620502(4733-4750)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620502
Paju AJaved MNurmi JSavimäki JMcGillion BBrumley B(2023)SoK: A Systematic Review of TEE Usage for Developing Trusted ApplicationsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600169(1-15)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600169
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Ghaniyoun MBarber KXiao YZhang YTeodorescu RSolihin YHeinrich M(2023)TEESec: Pre-Silicon Vulnerability Discovery for Trusted Execution EnvironmentsProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589070(1-15)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3579371.3589070
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents