Keystone: An open framework for architecting trusted execution environments
Trusted execution environments (TEEs) see rising use in devices from embedded sensors to
cloud servers and encompass a range of cost, power constraints, and security threat model …
cloud servers and encompass a range of cost, power constraints, and security threat model …
Survey of transient execution attacks and their mitigations
Transient execution attacks, also known as speculative execution attacks, have drawn much
interest in the last few years as they can cause critical data leakage. Since the first …
interest in the last few years as they can cause critical data leakage. Since the first …
A survey of security issues in hardware virtualization
Virtualization is a powerful technology for increasing the efficiency of computing services;
however, besides its advantages, it also raises a number of security issues. In this article, we …
however, besides its advantages, it also raises a number of security issues. In this article, we …
Shielding applications from an untrusted cloud with haven
Today's cloud computing infrastructure requires substantial trust. Cloud users rely on both
the provider's staff and its globally distributed software/hardware platform not to expose any …
the provider's staff and its globally distributed software/hardware platform not to expose any …
[PDF][PDF] Innovative instructions and software model for isolated execution.
For years the PC community has struggled to provide secure solutions on open platforms.
Intel has developed innovative new technology to enable SW developers to develop and …
Intel has developed innovative new technology to enable SW developers to develop and …
Pinocchio: Nearly practical verifiable computation
To instill greater confidence in computations outsourced to the cloud, clients should be able
to verify the correctness of the results returned. To this end, we introduce Pinocchio, a built …
to verify the correctness of the results returned. To this end, we introduce Pinocchio, a built …
Intel® software guard extensions (intel® sgx) support for dynamic memory management inside an enclave
F McKeen, I Alexandrovich, I Anati, D Caspi… - Proceedings of the …, 2016 - dl.acm.org
We introduce Intel® Software Guard Extensions (Intel® SGX) SGX2 which extends the SGX
instruction set to include dynamic memory management support for enclaves. Intel® SGX is …
instruction set to include dynamic memory management support for enclaves. Intel® SGX is …
Lest we remember: cold-boot attacks on encryption keys
JA Halderman, SD Schoen, N Heninger… - Communications of the …, 2009 - dl.acm.org
Contrary to widespread assumption, dynamic RAM (DRAM), the main memory in most
modern computers, retains its contents for several seconds after power is lost, even at room …
modern computers, retains its contents for several seconds after power is lost, even at room …
Komodo: Using verification to disentangle secure-enclave hardware from software
A Ferraiuolo, A Baumann, C Hawblitzel… - Proceedings of the 26th …, 2017 - dl.acm.org
Intel SGX promises powerful security: an arbitrary number of user-mode enclaves protected
against physical attacks and privileged software adversaries. However, to achieve this, Intel …
against physical attacks and privileged software adversaries. However, to achieve this, Intel …
Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems
X Chen, T Garfinkel, EC Lewis… - ACM SIGOPS …, 2008 - dl.acm.org
Commodity operating systems entrusted with securing sensitive data are remarkably large
and complex, and consequently, frequently prone to compromise. To address this limitation …
and complex, and consequently, frequently prone to compromise. To address this limitation …