A Tale of Two Worlds

Bulck, Jo Van; Oswald, David; Marin, Eduard; Aldoseri, Abdulla; Garcia, Flavio D.; Piessens, Frank

doi:10.1145/3319535.3363206

Cited by 64 publications

(17 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Software-based solutions are commonly achieved through the use of Intel Transactional Synchronization Extensions (TSX) [14,49] and Oblivious RAM (ORAM) [2,43,47]. Bulck et al [57] presented an analysis of the vulnerabilities and mitigations in shielding runtimes implementations, including SGX.…”

Section: Intel Sgx Security Assessmentmentioning

confidence: 99%

Trusted Client-Side Encryption for Cloud Storage

Rocha

Valadares

Perkusich

et al. 2021

Communications in Computer and Information Science

View full text Add to dashboard Cite

Nowadays, users are delegating the data storage to cloud services, due to the virtually unlimited storage, change history, broadband connection, and high availability. Despite the benefits and facilities, it is necessary to pay extra attention to data confidentiality and users' privacy, as numerous threats aim to collect such information in an unauthorized manner. An approach to ensure data confidentiality is the use of client-side encryption, with the user taking control of the encryption keys and defining which files or data will be encrypted. This scheme is already explored by many applications on personal computers and also as a native feature in some smartphone operating systems, but are still susceptible to certain types of attacks. Aiming to improve the security of the client-side encryption approach, we propose to apply the Intel Software Guard Extensions (SGX) to perform data sealing, creating a secure vault that can be synchronized with any cloud storage service, while relying on the SGX to protect the key handling. To validate our proposal, we build a proof of concept based on the Cryptomator application, an open-source client-side encryption tool specially designed for cloud storage services. Our results show an overall performance better than the original Cryptomator application, with stronger security premises. Thus, our solution proved to be feasible and can be expanded and refined for practical use and integration with cloud synchronization services.

show abstract

Section: Intel Sgx Security Assessmentmentioning

confidence: 99%

Trusted Client-Side Encryption for Cloud Storage

Rocha

Valadares

Perkusich

et al. 2021

Communications in Computer and Information Science

View full text Add to dashboard Cite

show abstract

“…Of course, any vulnerability in the SDK itself will automatically impact all enclaves that make use of it. In "A Tale of Two Worlds" [5] Van Bulck et al discovered multiple vulnerabilities in all open source SDKs for enclave development that they tested. This paper do not invalidate the security properties of SGX in and of itself, but it highlights the difficulty in writing secure software in general and enclaves in particular.…”

Section: Attacks On Sgxmentioning

confidence: 99%

“…The basic attack is a controlled channel attack, see sec. III-A 5. EPID or Enhanced Privacy ID is Intel's recommended algorithm used for attestation while preserving privacy of the trusted system…”

mentioning

confidence: 99%

A Survey of Published Attacks on Intel SGX

Nilsson,

Bideh,

Brorsson

2020

Preprint

View full text Add to dashboard Cite

Intel Software Guard Extensions (SGX) provides a trusted execution environment (TEE) to run code and operate sensitive data. SGX provides runtime hardware protection where both code and data are protected even if other code components are malicious. However, recently many attacks targeting SGX have been identified and introduced that can thwart the hardware defence provided by SGX. In this paper we present a survey of all attacks specifically targeting Intel SGX that are known to the authors, to date. We categorized the attacks based on their implementation details into 7 different categories. We also look into the available defence mechanisms against identified attacks and categorize the available types of mitigations for each presented attack.

show abstract

“…Not only should the application not contain bugs, but it should be side-channel resistant. It was also shown that TEE SDKs themselves are often vulnerable to various attacks [117]. Minimizing application functionality can potentially lead to more secure applications.…”

Section: Designing Trusted Applicationsmentioning

confidence: 99%