Keystone: an open framework for architecting trusted execution environments
TLDR
Keystone is presented---the first open-source framework for building customized TEEs, which builds reusable TEE core primitives from these abstractions while allowing platform-specific modifications and flexible feature choices.Abstract:
Trusted execution environments (TEEs) see rising use in devices from embedded sensors to cloud servers and encompass a range of cost, power constraints, and security threat model choices. On the other hand, each of the current vendor-specific TEEs makes a fixed set of trade-offs with little room for customization. We present Keystone---the first open-source framework for building customized TEEs. Keystone uses simple abstractions provided by the hardware such as memory isolation and a programmable layer underneath untrusted components (e.g., OS). We build reusable TEE core primitives from these abstractions while allowing platform-specific modifications and flexible feature choices. We showcase how Keystone-based TEEs run on unmodified RISC-V hardware and demonstrate the strengths of our design in terms of security, TCB size, execution of a range of benchmarks, applications, kernels, and deployment models.read more
Citations
More filters
Proceedings ArticleDOI
Serverless Edge Computing: Vision and Challenges
Mohammad Sadegh Aslanpour,Adel Nadjaran Toosi,Claudio Cicconetti,Bahman Javadi,Peter Sbarski,Davide Taibi,Marcos Dias De Assuncao,Sukhpal Singh Gill,Raj Gaire,Schahram Dustdar +9 more
TL;DR: In this paper, an in-depth analysis promotes a broad vision for bringing Serverless to the Edge Computing and issues major challenges for serverless to be met before entering Edge computing.
ReportDOI
Design Choices for Central Bank Digital Currency: Policy and Technical Considerations
Sarah Allen,Srdjan Capkun,Ittay Eyal,Giulia Fanti,Bryan Ford,James Grimmelmann,Ari Juels,Kari Kostiainen,Sarah Meiklejohn,Andrew Miller,Eswar Prasad,Karl Wüst,Fan Zhang +12 more
TL;DR: This paper enumerates the fundamental technical design challenges facing CBDC designers, with a particular focus on performance, privacy, and security, and presents a vision of the rich range of functionalities and use cases that a well-designed CBDC platform could ultimately offer users.
Posted Content
CURE: A Security Architecture with CUstomizable and Resilient Enclaves
Raad Bahmani,Ferdinand Brasser,Ghada Dessouky,Patrick Jauernig,Matthias Klimmek,Ahmad-Reza Sadeghi,Emmanuel Stapf +6 more
TL;DR: CURE is proposed, the first security architecture, which tackles design challenges by providing different types of enclaves, and enables the exclusive assignment of system resources, e.g., peripherals, CPU cores, or cache resources to single enclaves.
Proceedings ArticleDOI
Oblivious coopetitive analytics using hardware enclaves
TL;DR: Oblivious Coopetitive Queries (OCQ), an efficient, general framework for oblivious coopetitive analytics using hardware enclaves, is proposed and implemented as an extension to Apache Spark SQL, finding that OCQ is up to 9.9x faster than Opaque, a state-of-the-art secure analytics framework which outsources all data and computation to an enclave-enabled cloud.
Proceedings ArticleDOI
HECTOR-V: A Heterogeneous CPU Architecture for a Secure RISC-V Execution Environment
TL;DR: It is argued that TEEs, such as Intel SGX or ARM TrustZone, implemented on the main application processor, are insecure, especially when considering side-channel attacks, and a heterogeneous multicore architecture can be utilized to realize a secure TEE design.
References
More filters
Proceedings ArticleDOI
ImageNet: A large-scale hierarchical image database
TL;DR: A new database called “ImageNet” is introduced, a large-scale ontology of images built upon the backbone of the WordNet structure, much larger in scale and diversity and much more accurate than the current image datasets.
Proceedings ArticleDOI
seL4: formal verification of an OS kernel
Gerwin Klein,Kevin Elphinstone,Gernot Heiser,June Andronick,David Cock,Philip Derrin,Dhammika Elkaduwe,Kai Engelhardt,Rafal Kolanski,Michael Norrish,Thomas Sewell,Harvey Tuch,Simon Winwood +12 more
TL;DR: To the knowledge, this is the first formal proof of functional correctness of a complete, general-purpose operating-system kernel.
Book ChapterDOI
A Digital Signature Based on a Conventional Encryption Function
TL;DR: A new digital signature based only on a conventional encryption function (such as DES) is described which is as secure as the underlying encryption function -- the security does not depend on the difficulty of factoring and the high computational costs of modular arithmetic are avoided.
Proceedings ArticleDOI
Spectre Attacks: Exploiting Speculative Execution
Paul C. Kocher,Jann Horn,Anders Fogh,Daniel Genkin,Daniel Gruss,Werner Haas,Mike Hamburg,Moritz Lipp,Stefan Mangard,Thomas Prescher,Michael Schwarz,Yuval Yarom +11 more
TL;DR: Spectre as mentioned in this paper is a side channel attack that can leak the victim's confidential information via side channel to the adversary. And it can read arbitrary memory from a victim's process.
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
TL;DR: In this article, the X.509 v3 certificate format and its extensions are described in detail, with additional information regarding the format and semantics of Internet name forms, and a set of required certificate extensions is specified.