Design and Implementation of Virtual Security Function Based on Multiple Enclaves

Wang, Juan; Yu, Yang; Li, Yi; Fan, Chengyang; Hao, Shirong

doi:10.3390/fi13010012

Cited by 5 publications

(3 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is noted by scientists and this is confirmed by mathematics [33]. This approach will allow to some extent eliminate the internal uncertainty associated with a large number of data sources, the anonymity of participants, and uncertainty of responsibilities [34], [35].…”

mentioning

confidence: 77%

State regulation of the IoT in the Russian Federation: Fundamentals and challenges

Zharova

Elin

2021

IJECE

View full text Add to dashboard Cite

<span>The purpose of this section is to study the problems with implementing technical and legal regulations for the development of public administration functions in the Russian Federation when using the internet of things (IoT). The introduction is based on an analysis of regulatory legal acts and presents the main strategic directions for the development of public administration functions in the Russian federation when using IoT. State reports, scientific literature, a system of technical and legal regulation are analyzed, and the main problems of implementing the IoT that impede the achievement of effective public administration are studied. The Russian practice of using IoT in various economic areas is investigated. Based on an analysis of the mechanisms for ensuring data safety of information technology users in the Russian federation, problems were investigated, such as the collecting data through IoT, including publicly available personal data in order to profile human activities, and creating of a digital twin of a person. The social constraints for introducing distributed registry technologies are users' distrust in the field of data privacy protection and mathematical algorithms that are used to establish trust in a digital environment instead of trusted centralized intermediaries; these problems were also analyzed. The Russian approach was analyzed in comparison to European experience in this field. To ensure information security and the possibility of its distribution, the IoT is revealed.</span>

show abstract

mentioning

confidence: 77%

State regulation of the IoT in the Russian Federation: Fundamentals and challenges

Zharova

Elin

2021

IJECE

View full text Add to dashboard Cite

show abstract

“…Based on a comprehensive analysis of the SGX switchless call, we establish an optimization strategy and apply it to our prior work called SGX-Box [11], an SGX-enabled network middlebox. Recent studies [11,12,34] leverage SGX to protect network middleboxes running on the cloud-based network function virtualization (NFV) architecture. In particular, SGX protects deep packet inspection and a ruleset used for pattern matching in the security-purpose in-network functions, such as Web firewalls and intrusion detection systems (IDS).…”

Section: Motivation Challenges and Problem Scopementioning

confidence: 99%

“…In particular, Intel software guard extension (SGX) [10] accelerates the adoption of confidential computing, providing near to the native speed of a processor and compatibility with x86 architecture. Such advantages inspire researchers to leverage Intel SGX to various cloud-native applications for enhancing security and privacy [11][12][13][14][15]. However, even if SGX guarantees isolated execution of applications running on the cloud, it suffers from performance degradation depending on the workload characteristics.…”

Section: Introductionmentioning

confidence: 99%

An Optimization Methodology for Adapting Legacy SGX Applications to Use Switchless Calls

Kim

2021

Applied Sciences

View full text Add to dashboard Cite

A recent innovation in the trusted execution environment (TEE) technologies enables the delegation of privacy-preserving computation to the cloud system. In particular, Intel SGX, an extension of x86 instruction set architecture (ISA), accelerates this trend by offering hardware-protected isolation with near-native performance. However, SGX inherently suffers from performance degradation depending on the workload characteristics due to the hardware restriction and design decisions that primarily concern the security guarantee. The system-level optimizations on SGX runtime and kernel module have been proposed to resolve this, but they cannot effectively reflect application-specific characteristics that largely impact the performance of legacy SGX applications. This work presents an optimization strategy to achieve application-level optimization by utilizing asynchronous switchless calls to reduce enclave transition, one of the dominant overheads of using SGX. Based on the systematic analysis, our methodology examines the performance benefit for each enclave transition wrapper and selectively applies switchless calls without modifying the legacy codebases. The evaluation shows that our optimization strategy successfully improves the end-to-end performance of our showcasing application, an SGX-enabled network middlebox.

show abstract

Research on Computer Network Security Protection System Based on Level Protection in Cloud Computing Environment

Li¹,

Dang²,

Yang³

et al. 2021

2021 IEEE International Conference on Advances in Electrical Engineering and Computer Applications (AEECA)

View full text Add to dashboard Cite

Design and Implementation of Virtual Security Function Based on Multiple Enclaves

Cited by 5 publications

References 24 publications

State regulation of the IoT in the Russian Federation: Fundamentals and challenges

State regulation of the IoT in the Russian Federation: Fundamentals and challenges

An Optimization Methodology for Adapting Legacy SGX Applications to Use Switchless Calls

Research on Computer Network Security Protection System Based on Level Protection in Cloud Computing Environment

Contact Info

Product

Resources

About