Clemmys

Trach, Bohdan; Oleksenko, Oleksii; Gregor, Franz; Bhatotia, Pramod; Fetzer, Christof

doi:10.1145/3319647.3325835

Cited by 22 publications

(4 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Clemmys [60] provides a framework for running serverless functions in SGX enclaves. The functions are run inside a SCONE-based environment [22], that supports unmodified POSIX binaries.…”

Section: Related Workmentioning

confidence: 99%

“…This allows TAPDance to keep a relatively low software trusted computing base involving a TLS library and a customized userspace runtime to service applet library functionality needs. In general, serverless frameworks that use TEEs have large runtimes relative to TAPDance because they are designed to support general computations instead of pure computations [20], [27], [54], [60] Komodo [39] decouples the enclave memory management from the hardware, in contrast to SGX. The memory management is delegated to a formally verified software monitor that runs in the ARM secure mode.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Architecting Trigger-Action Platforms for Security, Performance and Functionality

Jegan,

Swift,

Fernandes

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Trigger-action platform (TAP) is a type of distributed system that allows end-users to create programs that stitch their web-based services together to achieve useful automation. For example, a program can be triggered when a new spreadsheet row is added, it can compute on that data and invoke an action, such as sending a message on Slack. Current TAP architectures require users to place complete trust in their secure operation. Experience has shown that unconditional trust in cloud services is unwarranted -an attacker who compromises the TAP cloud service will gain access to sensitive data and devices for millions of users. In this work, we re-architect TAPs so that users have to place minimal trust in the cloud. Specifically, we design and implement TAPDance, a TAP that guarantees confidentiality and integrity of program execution in the presence of an untrustworthy TAP service. We utilize RISC-V Keystone enclaves to enable these security guarantees while minimizing the trusted software and hardware base. Performance results indicate that TAPDance outperforms a baseline TAP implementation using Node.js with 32% lower latency and 33% higher throughput on average.

show abstract

“…Clemmys [60] provides a framework for running serverless functions in SGX enclaves. The functions are run inside a SCONE-based environment [22], that supports unmodified POSIX binaries.…”

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Architecting Trigger-Action Platforms for Security, Performance and Functionality

Jegan,

Swift,

Fernandes

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…The adoption of specialised hardware for security in Cloud scenarios is largely diffused [17][18][19][20][21] to address the issue to entrust applications and their data to Cloud providers. The two main technologies adopted are TEEs and enclaves, which share the idea to reserve a separate and protected region of memory for executing code that is not accessible or temperable by the owner of the machine by enabling secure data processing.…”

Section: Related Work 21 Specialised Hardware For Cloud Securitymentioning

confidence: 99%

Secure Partitioning of Cloud Applications, with Cost Look-Ahead

et al. 2023

View full text Add to dashboard Cite

The security of Cloud applications is a major concern for application developers and operators. Protecting users’ data confidentiality requires methods to avoid leakage from vulnerable software and unreliable Cloud providers. Recently, trusted execution environments (TEEs) emerged in Cloud settings to isolate applications from the privileged access of Cloud providers. Such hardware-based technologies exploit separation kernels, which aim at safely isolating the software components of applications. In this article, we propose a methodology to determine safe partitionings of Cloud applications to be deployed on TEEs. Through a probabilistic cost model, we enable application operators to select the best trade-off partitioning in terms of future re-partitioning costs and the number of domains. To the best of our knowledge, no previous proposal exists addressing such a problem. We exploit information-flow security techniques to protect the data confidentiality of applications by relying on declarative methods to model applications and their data flow. The proposed solution is assessed by executing a proof-of-concept implementation that shows the relationship among the future partitioning costs, number of domains and execution times.

show abstract

“…show that secret data transfer between functions can take up to 34.7% of the execution time [94]. Although recent studies [96,97,98] propose different software-based optimization techniques, the end-to-end latency to invoke a function is nowhere close to the satisfactory range. Li et al conclude that the design technology of the current SGX is the reason for the high latency overhead.…”

Section: Confidential Computing In the Serverless Cloud Paradigmmentioning

confidence: 99%

Edge-MultiAI: Multi-Tenancy of Latency-Sensitive Deep Learning Applications on Edge

Zobaed

Mokhtari

Champati

et al. 2022

2022 IEEE/ACM 15th International Conference on Utility and Cloud Computing (UCC)

View full text Add to dashboard Cite

Confidential computing has gained prominence due to the escalating volume of datadriven applications (e.g., machine learning and big data) and the acute desire for secure processing of sensitive data, particularly, across distributed environments, such as edge-to-cloud continuum. Provided that the works accomplished in this emerging area are scattered across various research fields, this paper aims at surveying the fundamental concepts, and cutting-edge software and hardware solutions developed for confidential computing using trusted execution environments, homomorphic encryption, and secure enclaves. We underscore the significance of building trust in both hardware and software levels and delve into their applications particularly for machine learning (ML) applications. While substantial progress has been made, there are some barely-explored areas that need extra attention from the researchers and practitioners in the community to improve confidentiality aspects, develop more robust attestation mechanisms, and to address vulnerabilities of the existing trusted execution environments. Providing a comprehensive taxonomy of the confidential computing landscape, this survey enables researchers to advance this field to ultimately ensure the secure processing of users' sensitive data across a multitude of applications and computing tiers.

show abstract

Clemmys

Cited by 22 publications

References 14 publications

Architecting Trigger-Action Platforms for Security, Performance and Functionality

Architecting Trigger-Action Platforms for Security, Performance and Functionality

Secure Partitioning of Cloud Applications, with Cost Look-Ahead

Edge-MultiAI: Multi-Tenancy of Latency-Sensitive Deep Learning Applications on Edge

Contact Info

Product

Resources

About