A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf
.
Filters
EnclaveDom: Privilege Separation for Large-TCB Applications in Trusted Execution Environments
[article]
2020
arXiv
pre-print
We present EnclaveDom, a privilege separation system for large-TCB TEE applications that partitions an enclave into tagged memory regions, and enforces per-region access rules at the granularity of individual ...
Trusted executions environments (TEEs) such as Intel(R) SGX provide hardware-isolated execution areas in memory, called enclaves. ...
Acknowledgments We thank Mingwei Zhang, Michael Steiner, Bruno Vavala, Prakash Narayana Moorthy, Dmitrii Kuvaiskii, Mona Vij, Michael LeMay, Thomas Knauth, and Vinnie Scarlata for their feedback and insightful ...
arXiv:1907.13245v2
fatcat:ueoh2f5vizhdznbkgiesicaguu
Stockade: Hardware Hardening for Distributed Trusted Sandboxes
[article]
2022
arXiv
pre-print
The widening availability of hardware-based trusted execution environments (TEEs) has been accelerating the adaptation of new applications using TEEs. ...
First, it extends the hardware-based memory isolation in SGX to confine a user software module only within its enclave. ...
Acknowledgements This work was supported by Institute for Information & communications Technology Promotion (IITP2017-0-00466). The grant is funded by the Ministry of Science and ICT, Korea. ...
arXiv:2108.13922v2
fatcat:j625oagkj5a7fbzy6oxuvdknm4
Civet: An Efficient Java Partitioning Framework for Hardware Enclaves
2020
USENIX Security Symposium
Hardware enclaves are designed to execute small pieces of sensitive code or to operate on sensitive data, in isolation from larger, less trusted systems. ...
Partitioning a large, legacy application requires significant effort. ...
Thus, execution time is relatively flat until 64 shards, at which point the cost of additional RPCs dominates and drives up execution time. ...
dblp:conf/uss/TsaiSJMPP20
fatcat:hspplsrmzneynioe663roirtn4
μTiles: Efficient Intra-Process Privilege Enforcement of Memory Regions
[article]
2020
arXiv
pre-print
It adds negligible runtime overhead (≈ 0.5%-3.5%) and is easy to integrate with existing applications for providing strong privilege separation. ...
However, the status quo is that Unix-like operating systems do not offer privilege separation inside a process. ...
Acknowledgment We thank Ed Nightingale, Reuben Olinsky, and Jewell Seay for helpful discussions, and David Chisnall, Jon Crowcroft, Marno van der Maas, and Ali Varamesh for feedback on earlier drafts of ...
arXiv:2004.04846v1
fatcat:hhctnbtynrdnnaobt5avpdt5yy