research-article

Open access

Keystone: an open framework for architecting trusted execution environments

Authors:

David Kohlbrenner,

Krste Asanović,

Dawn SongAuthors Info & Claims

EuroSys '20: Proceedings of the Fifteenth European Conference on Computer Systems

Article No.: 38, Pages 1 - 16

https://doi.org/10.1145/3342195.3387532

Published: 17 April 2020 Publication History

Abstract

Trusted execution environments (TEEs) see rising use in devices from embedded sensors to cloud servers and encompass a range of cost, power constraints, and security threat model choices. On the other hand, each of the current vendor-specific TEEs makes a fixed set of trade-offs with little room for customization. We present Keystone---the first open-source framework for building customized TEEs. Keystone uses simple abstractions provided by the hardware such as memory isolation and a programmable layer underneath untrusted components (e.g., OS). We build reusable TEE core primitives from these abstractions while allowing platform-specific modifications and flexible feature choices. We showcase how Keystone-based TEEs run on unmodified RISC-V hardware and demonstrate the strengths of our design in terms of security, TCB size, execution of a range of benchmarks, applications, kernels, and deployment models.

References

[1]

2013. ARM TrustZone. infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf.

[2]

2015. AES. https://github.com/B-Con/crypto-algorithms.

[3]

2015. Torch Tensors. https://github.com/torch/TH.

[4]

2016. Tiny SHA3. https://github.com/mjosaarinen/tiny_sha3/.

[5]

2017. Torch NNs. https://github.com/torch/nn/tree/master/lib/THNN.

[6]

2019. Ed25519. https://github.com/mit-sanctum/ed25519.

[7]

2019. Hypervisor draft v0.5. https://github.com/riscv/riscv-isa-manual/releases/tag/draft-20191030-899457c.

[8]

2020. cloc - count lines of code. https://github.com/AlDanial/cloc.

[9]

2020. HiFive Unleashed. https://www.sifive.com/boards/hifive-unleashed.

[10]

2020. MultiZone Hex Five Security. https://hex-five.com/.

[11]

2020. Open Enclave SDK. https://openenclave.io/sdk/.

[12]

2020. Open Portable TEE. https://www.op-tee.org/.

[13]

2020. RISC-V Proxy Kernel. https://github.com/riscv/riscv-pk.

[14]

2020. unifdef. http://dotat.at/prog/unifdef/.

[15]

Ittai Anati, Shay Gueron, Simon P Johnson, and Vincent R Scarlata. 2013. Innovative Technology for CPU Based Attestation and Sealing. In HASP.

[16]

James P Anderson. 1972. Computer Security Technology Planning Study. Technical Report. Anderson (James P) and Co Fort Washington PA.

[17]

Krste Asanović Andrew Waterman. 2017. The RISC-V Instruction Set Manual Volume II: Privileged Architecture. https://content.riscv.org/wp-content/uploads/2017/05/riscv-privileged-v1.10.pdf.

[18]

Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In OSDI.

Digital Library

[19]

Krste Asanović, Rimas Avizienis, Jonathan Bachrach, Scott Beamer, David Biancolin, Christopher Celio, Henry Cook, Daniel Dabbelt, John Hauser, Adam Izraelevitz, Sagar Karandikar, Ben Keller, Donggyu Kim, John Koenig, Yunsup Lee, Eric Love, Martin Maas, Albert Magyar, Howard Mao, Miquel Moreto, Albert Ou, David A. Patterson, Brian Richards, Colin Schmidt, Stephen Twigg, Huy Vo, and Andrew Waterman. 2016. The Rocket Chip Generator. Technical Report UCB/EECS-2016-17.

[20]

Pierre-Louis Aublin, Florian Kelbert, Dan O'Keeffe, Divya Muthukumaran, Christian Priebe, Joshua Lind, Robert Krahn, Christof Fetzer, David Eyers, and Peter Pietzuch. 2018. LibSEAL: Revealing Service Integrity Violations Using Trusted Execution. In EuroSys.

[21]

Ahmed M. Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, and Wenbo Shen. 2014. Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World. In CCS.

[22]

Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding Applications from an Untrusted Cloud with Haven. In OSDI.

[23]

Muli Ben-Yehuda, Michael D. Day, Zvi Dubitzky, Michael Factor, Nadav Har'El, Abel Gordon, Anthony Liguori, Orit Wasserman, and Ben-Ami Yassour. 2010. The Turtles Project: Design and Implementation of Nested Virtualization. In OSDI.

[24]

Thomas Bourgeat, Ilia A. Lebedev, Andrew Wright, Sizhuo Zhang, Arvind, and Srinivas Devadas. 2019. MI6: Secure Enclaves in a Speculative Out-of-Order Processor. In MICRO.

[25]

Ferdinand Brasser, David Gens, Patrick Jauernig, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2019. Sanctuary: ARMing TrustZone with User-space Enclaves. In NDSS.

[26]

Ernie Brickell, Jan Camenisch, and Liqun Chen. 2004. Direct Anonymous Attestation. In CCS.

[27]

Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In USENIX Security.

Digital Library

[28]

Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In USENIX Security.

[29]

Christopher Celio, David A. Patterson, and Krste Asanović. 2015. The Berkeley Out-of-Order Machine (BOOM): An Industry-Competitive, Synthesizable, Parameterized RISC-V Processor. Technical Report UCB/EECS-2015-167.

[30]

D. Champagne and R. B. Lee. 2010. Scalable architectural support for trusted software. In HPCA.

[31]

Chia che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In ATC.

[32]

Stephen Checkoway and Hovav Shacham. 2013. Iago attacks: Why the System Call API is a Bad Untrusted RPC Interface. In ASPLOS.

[33]

Xi Chen, Robert P Dick, and Alok Choudhary. 2008. Operating system controlled processor-memory bus encryption. In DATE.

[34]

Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R.K. Ports. 2008. Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems. In ASP-LOS.

[35]

Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. Cryptology ePrint Archive, Report 2016/086.

[36]

Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In USENIX Security.

Digital Library

[37]

John Criswell, Nathan Dautenhahn, and Vikram Adve. 2014. Virtual Ghost: Protecting Applications from Hostile Operating Systems. In ASPLOS.

Digital Library

[38]

Mark Horowitz David Lie, Chandramohan A. Thekkath. 2003. Implementing an Untrusted Operating System on Trusted Hardware. In SOSP.

[39]

J. Deng, W. Dong, R. Socher, L.-J. Li, K. Li, and L. Fei-Fei. 2009. ImageNet: A Large-Scale Hierarchical Image Database. In CVPR09.

[40]

Dawson R. Engler. 1998. The Exokernel Operating System Architecture. Ph.D. Dissertation. Cambridge, MA, USA. AAI0800457.

[41]

Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, and Bryan Parno. 2017. Komodo: Using verification to disentangle secure-enclave hardware from software. In SOSP.

[42]

Qian Ge, Yuval Yarom, David Cock, and Gernot Heiser. 2018. A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. Journal of Cryptographic Engineering (2018).

[43]

Ronghui Gu, Zhong Shao, Hao Chen, Xiongnan Wu, Jieung Kim, Vilhelm Sjöberg, and David Costanzo. 2016. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In OSDI.

[44]

Shay Gueron. 2016. A Memory Encryption Engine Suitable for General Purpose Processors. Cryptology ePrint Archive, Report 2016/204.

[45]

Owen S. Hofmann, Sangman Kim, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel. 2013. InkTag: Secure Applications on an Untrusted Operating System. In ASPLOS.

[46]

R. Housley, W. Polk, W. Ford, and D. Solo. 2002. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Profile.

[47]

Zhichao Hua, Jinyu Gu, Yubin Xia, Haibo Chen, Binyu Zang, and Haibing Guan. 2017. vTZ: Virtualizing ARM TrustZone. In USENIX Security.

[48]

Galen Hunt, George Letey, and Ed Nightingale. 2017. The Seven Properties of Highly Secure Devices. Technical Report. https://www.microsoft.com/en-us/research/publication/seven-properties-highly-secure-devices/

[49]

Simon Johnson, Vinnie Scarlata, Carlos Rozas, Ernie Brickell, and Frank Mckeen. 2016. Intel Software Guard Extensions: EPID Provisioning and Attestation Services.

[50]

David Kaplan. 2017. AMD SEV-ES. http://support.amd.com/TechDocs/ProtectingVMRegisterStatewithSEV-ES.pdf.

[51]

David Kaplan, Jeremy Powell, and Tom Woller. 2016. http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf

[52]

Sagar Karandikar, Howard Mao, Donggyu Kim, David Biancolin, Alon Amid, Dayeol Lee, Nathan Pemberton, Emmanuel Amaro, Colin Schmidt, Aditya Chopra, Qijing Huang, Kyle Kovacs, Borivoje Nikolic, Randy Katz, Jonathan Bachrach, and Krste Asanović. 2018. Firesim: FPGA-accelerated Cycle-exact Scale-out System Simulation in the Public Cloud. In ISCA.

[53]

Pierre Selwan Ken Irving. 2018. Revolutionizing the Computing Landscape and Beyond. https://content.riscv.org/wp-content/uploads/2018/12/RISC-V-MultiCore-Secure-Boot-Ken-Irvining-and-Pierre-Selwan.pdf.

[54]

Vladimir Kiriansky, Ilia Lebedev, Saman Amarasinghe, Srinivas Devadas, and Joel Emer. 2018. DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors. In MICRO.

[55]

Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal Verification of an OS Kernel. In SOSP.

[56]

Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In IEEE S&P.

[57]

Patrick Koeberl, Steffen Schulz, Ahmad-Reza Sadeghi, and Vijay Varadharajan. 2014. TrustLite: A Security Architecture for Tiny Embedded Devices. In EuroSys.

[58]

Ilia Lebedev, Kyle Hogan, and Srinivas Devadas. 2018. Secure Boot and Remote Attestation in the Sanctum Processor. In CSF.

[59]

Dayeol Lee, Dongha Jung, Ian T. Fang, Chia-Che Tsai, and Raluca Ada Popa. 2020. An Off-Chip Attack on Hardware Enclaves via the Memory Bus. In USENIX Security.

[60]

J. Liedtke. 1995. On Micro-kernel Construction. In SOSP.

[61]

Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. 2010. TrustVisor: Efficient TCB Reduction and Attestation. In IEEE S&P.

[62]

Jonathan M McCune, Bryan J Parno, Adrian Perrig, Michael K Reiter, and Hiroshi Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In EuroSys.

Digital Library

[63]

Frank McKeen, Ilya Alexandrovich, Ittai Anati, Dror Caspi, Simon Johnson, Rebekah Leslie-Hurd, and Carlos Rozas. 2016. Intel Software Guard Extensions Support for Dynamic Memory Management Inside an Enclave. In HASP.

[64]

Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative Instructions and Software Model for Isolated Execution. In HASP.

[65]

Ralph C Merkle. 1987. A digital signature based on a conventional encryption function. In Conference on the theory and application of cryptographic techniques. Springer, 369--378.

Digital Library

[66]

Keaton Mowery, Michael Wei, David Kohlbrenner, Hovav Shacham, and Steven Swanson. 2013. Welcome to the Entropics: Boot-time entropy in embedded devices. In IEEE S&P.

[67]

Jason Garms Nelly Porter. 2019. Advancing confidential computing with Asylo and the Confidential Computing Challenge. https://cloud.google.com/blog/products/identity-security/advancing-confidential-computing-with-asylo-and-the-confidential-computing-challenge.

[68]

Luke Nelson, James Bornholt, Ronghui Gu, Andrew Baumann, Emina Torlak, and Xi Wang. 2019. Serval: Scaling Symbolic Evaluation for Automated Verification of Systems Code. In SOSP.

[69]

Luke Nelson, Helgi Sigurbjarnarson, Kaiyuan Zhang, Dylan Johnson, James Bornholt, Emina Torlak, and Xi Wang. 2017. Hyperkernel: Push-Button Verification of an OS Kernel. In SOSP.

Digital Library

[70]

Khang T Nguyen. 2016. Introduction to Cache Allocation Technology in the IntelÂő XeonÂő Processor E5 v4 Family. https://software.intel.com/en-us/articles/introduction-to-cache-allocation-technology.

[71]

Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. 2018. Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In ATC.

[72]

Meni Orenbach, Pavel Lifshits, Marina Minkin, and Mark Silberstein. 2017. Eleos: ExitLess OS Services for SGX Enclaves. In EuroSys.

Digital Library

[73]

Meni Orenbach, Yan Michalevsky, Christof Fetzer, and Mark Silberstein. 2019. CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves. In ATC.

[74]

Nate Graff Palmer Dabbelt. 2018. SiFive's Trusted Execution Reference Platform. https://content.riscv.org/wp-content/uploads/2018/12/SiFives-Trusted-Execution-Reference-Platform-Palmer-Dabbelt-1-1.pdf.

[75]

Bryan Parno, Jonathan M. McCune, and Adrian Perrig. 2010. Boot-strapping Trust in Commodity Computers. In IEEE S&P.

[76]

Donald E. Porter, Silas Boyd-Wickizer, Jon Howell, Reuben Olinsky, and Galen C. Hunt. 2011. Rethinking the Library OS from the Top Down. In ASPLOS.

[77]

Dan R. K. Ports and Tal Garfinkel. 2008. Towards Application Security on Untrusted Operating Systems. In HOTSEC.

[78]

S. r. Ames, R. Schell, and M. Gasser. 1983. Security Kernel Design and Implementation: An Introduction. Computer 16, 07 (1983).

[79]

B. Rogers, S. Chhabra, M. Prvulovic, and Y. Solihin. 2007. Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly. In MICRO.

[80]

Samuel Weiser and Mario Werner and Ferdinand Brasser and Maja Malenko and Stefan Mangard and Ahmad-Reza Sadeghi. 2019. TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V. In NDSS.

[81]

Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. 2017. Panoply: Low-TCB Linux Applications With SGX Enclaves. In NDSS.

[82]

Shweta Shinde, Shengi Wang, Pinghai Yuan, Aquinas Hobor, Abhik Roychoudhury, and Prateek Saxena. 2020. BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof. In USENIX Security.

[83]

Rohit Sinha, Manuel Costa, Akash Lal, Nuno Lopes, Sanjit Seshia, Sriram Rajamani, and Kapil Vaswani. 2016. A Design and Verification Methodology for Secure Isolated Regions. In PLDI.

[84]

Rohit Sinha, Sriram Rajamani, Sanjit Seshia, and Kapil Vaswani. 2015. Moat: Verifying Confidentiality of Enclave Programs. In CCS.

Digital Library

[85]

Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, and Sanjit A. Seshia. 2017. A Formal Foundation for Secure Remote Execution of Enclaves. In CCS.

[86]

G. Edward Suh, Charles W. O'Donnell, Ishan Sachdev, and Srinivas Devadas. 2005. Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions. SIGARCH Comput. Archit. News (2005).

[87]

David Lie Chandramohan Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell, and Mark Horowitz. 2000. Architectural Support for Copy and Tamper Resistant Software. In ASPLOS.

[88]

Shruti Tople, Karan Grover, Shweta Shinde, Ranjita Bhagwan, and Ramachandran Ramjee. 2018. Privado: Practical and Secure DNN Inference. ArXiv (2018). arXiv:1810.00602

[89]

Ofir Weisse, Valeria Bertacco, and Todd Austin. 2017. Regaining lost cycles with HotCalls: A fast interface for SGX secure enclaves. In ISCA.

[90]

Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In IEEE S&P.

[91]

M. Yan, J. Choi, D. Skarlatos, A. Morrison, C. Fletcher, and J. Torrellas. 2018. InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy. In MICRO.

Cited By

Bruhns IBerndt SSander JEisenbarth T(2024)Slalom at the Carnival: Privacy-preserving Inference with Masks from Public KnowledgeIACR Communications in Cryptology10.62056/akp-49qgxqOnline publication date: 7-Oct-2024
https://doi.org/10.62056/akp-49qgxq
Kieu-Do-Nguyen BNguyen KDang TThe Binh NPham-Quoc CTran NPham CHoang T(2024)A Trusted Execution Environment RISC-V System-on-Chip Compatible with Transport Layer Security 1.3Electronics10.3390/electronics1313250813:13(2508)Online publication date: 26-Jun-2024
https://doi.org/10.3390/electronics13132508
Chen XHe SSun LZheng YWu C(2024)A Survey of Consortium Blockchain and Its ApplicationsCryptography10.3390/cryptography80200128:2(12)Online publication date: 22-Mar-2024
https://doi.org/10.3390/cryptography8020012
Show More Cited By

Index Terms

Keystone: an open framework for architecting trusted execution environments
1. Security and privacy

Recommendations

A cross-process Spectre attack via cache on RISC-V processor with trusted execution environment
Abstract
The trust execution environment (TEE) provides a safe region, also known as a secret enclave, for executing private programs that need protection. This work proposed a cross-process exploitation scheme for conducting the cache side-channel attack,...
Graphical abstract

Display Omitted
Highlights
- Replicate cache side-channel attack variants on an FPGA with the RISC-V processor’s configuration.
- Implement a cross-process side-channel attack via cache scenario for the first time on the RISC-V platform.
- Experiment with cache ...
Breaking TrustZone Memory Isolation through Malicious Hardware on a Modern FPGA-SoC
ASHES'19: Proceedings of the 3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop

FPGA-SoCs are heterogeneous computing systems consisting of reconfigurable hardware and high performance processing units. This combination enables a flexible design methodology for embedded systems. However, the sharing of resources between these ...
Comparative Analysis and Implementation of Jump Address Masking for Preventing TEE Bypassing Fault Attacks
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security

Attacks on embedded devices continue to evolve with the increasing number of applications in actual products. A trusted execution environment (TEE) enhances the security of embedded devices by isolating and protecting sensitive applications such as ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

EuroSys '20: Proceedings of the Fifteenth European Conference on Computer Systems

April 2020

49 pages

ISBN:9781450368827

DOI:10.1145/3342195

General Chairs:
Angelos Bilas
University of Crete and FORTH-ICS
,
Kostas Magoutis
University of Crete and FORTH-ICS
,
Evangelos Markatos
University of Crete and FORTH-ICS
,
Program Chairs:
Dejan Kostic
KTH Royal Institute of Technology, Sweden
,
Margo Seltzer
The University of British Columbia, Canada

Copyright © 2020 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 April 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

EuroSys '20

Sponsor:

SIGOPS

EuroSys '20: Fifteenth EuroSys Conference 2020

April 27 - 30, 2020

Heraklion, Greece

Acceptance Rates

EuroSys '20 Paper Acceptance Rate 43 of 234 submissions, 18%;

Overall Acceptance Rate 241 of 1,308 submissions, 18%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

230
Total Citations
View Citations
11,540
Total Downloads

Downloads (Last 12 months)3,306
Downloads (Last 6 weeks)460

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bruhns IBerndt SSander JEisenbarth T(2024)Slalom at the Carnival: Privacy-preserving Inference with Masks from Public KnowledgeIACR Communications in Cryptology10.62056/akp-49qgxqOnline publication date: 7-Oct-2024
https://doi.org/10.62056/akp-49qgxq
Kieu-Do-Nguyen BNguyen KDang TThe Binh NPham-Quoc CTran NPham CHoang T(2024)A Trusted Execution Environment RISC-V System-on-Chip Compatible with Transport Layer Security 1.3Electronics10.3390/electronics1313250813:13(2508)Online publication date: 26-Jun-2024
https://doi.org/10.3390/electronics13132508
Chen XHe SSun LZheng YWu C(2024)A Survey of Consortium Blockchain and Its ApplicationsCryptography10.3390/cryptography80200128:2(12)Online publication date: 22-Mar-2024
https://doi.org/10.3390/cryptography8020012
D'Onghia GCiravegna FBruno GElorza Forcada MPastor ALioy A(2024)Securing 5G: Trusted Execution Environments for Centrally Controlled IPsec Integrity2024 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking62109.2024.10619852(595-597)Online publication date: 3-Jun-2024
https://doi.org/10.23919/IFIPNetworking62109.2024.10619852
Jayasena ABachmann RMishra P(2024)EvilCS: An Evaluation of Information Leakage through Context Switching on Security Enclaves2024 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE58400.2024.10546809(1-6)Online publication date: 25-Mar-2024
https://doi.org/10.23919/DATE58400.2024.10546809
Yang XYue CZhang WLiu YOoi BChen J(2024)SecuDB: An In-Enclave Privacy-Preserving and Tamper-Resistant Relational DatabaseProceedings of the VLDB Endowment10.14778/3685800.368581517:12(3906-3919)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.14778/3685800.3685815
Castes CKalani NSaltovskaia STerrier NWilkinson ABugnion E(2024)Kicking the Firmware Out of the TCB with the Miralis Virtual Firmware MonitorProceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification10.1145/3698576.3698764(8-15)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3698576.3698764
Lei DSaeed A(2024)Do We Need a Million Satellites in Orbit? Constellation-as-a-Service with Modular Satellites: Challenges and OpportunitiesProceedings of the 2nd International Workshop on LEO Networking and Communication10.1145/3697253.3697262(61-66)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1145/3697253.3697262
Forden JGebhard ABerner MBrylow DNaik MPereira FTitzer B(2024)MiniJava on RISC-V: A Game of Global Compilers DominationProceedings of the Workshop Dedicated to Jens Palsberg on the Occasion of His 60th Birthday10.1145/3694848.3694854(21-29)Online publication date: 22-Oct-2024
https://dl.acm.org/doi/10.1145/3694848.3694854
Johnson MVolos SGordon KAllen SWintersteiger CClebsch SStarks JCosta M(2024)Confidential Container GroupsCommunications of the ACM10.1145/3686261Online publication date: 23-Sep-2024
https://doi.org/10.1145/3686261
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents