Keystone

Lee, Dayeol; Kohlbrenner, David; Shinde, Shweta; Asanović, Krste; Song, Dawn

doi:10.1145/3342195.3387532

Cited by 250 publications

(78 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The management shim is 2.8 KiB and 561 lines of code. This is comparable the 1, 600 lines of code of Lee's security monitor [22], which has similar functionality. Assuming that binary size is directly proportional to lines of code, this would make the boot memory between 2 and 8 KiB.…”

Section: Management Shimsupporting

confidence: 52%

Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation

Maas

Moore

2020

Proceedings of the 2nd Workshop on Cyber-Security Arms Race

View full text Add to dashboard Cite

Systems that protect enclaves from privileged software must consider software-based side-channel attacks. Our system isolates enclaves on separate secure cores to stop attackers from running on the same core as the victim, which mitigates intra-core side-channel attacks. Redesigning the memory hierarchy based on enclave ownership protects enclaves against inter-core side-channel attacks. We implement this system and evaluate it in terms of communication performance, memory overhead and hardware area. Combining physical isolation and a redesigned memory hierarchy protects enclaves against all known software-based side-channel attacks.

show abstract

Section: Management Shimsupporting

confidence: 52%

Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation

Maas

Moore

2020

Proceedings of the 2nd Workshop on Cyber-Security Arms Race

View full text Add to dashboard Cite

show abstract

“…According to the design, current TEE can be classified into two categories: (1) TEE without a secure counter just supports simple stateless functions (e.g., smart cards [117,134]) and (2) TEE with a secure counter supports complex stateful functions. In recent years, many TEE designs focus on the latter such as the Trusted Platform Modules (TPM/vTPM) [138], Intel TXT [54], Intel SGX [34], ARM's TrustZone [86], Sanctum [35], KeyStone [83] and AMD SEV [71]. These designs vary significantly in terms of architectural choices, instruction sets, implementation details, cryptographic suites, as well as security features [112].…”

Section: Background Of Trusted Execution Environmentmentioning

confidence: 99%

A Survey of Secure Computation Using Trusted Execution Environments

Li¹,

Yang²,

Xiang³

et al. 2023

Preprint

View full text Add to dashboard Cite

As an essential technology underpinning trusted computing, the trusted execution environment (TEE) allows one to launch computation tasks on both on-and off-premises data while assuring confidentiality and integrity. This article provides a systematic review and comparison of TEE-based secure computation protocols. We first propose a taxonomy that classifies secure computation protocols into three major categories, namely secure outsourced computation, secure distributed computation and secure multi-party computation. To enable a fair comparison of these protocols, we also present comprehensive assessment criteria with respect to four aspects: setting, methodology, security and performance. Based on these criteria, we review, discuss and compare the state-of-the-art TEE-based secure computation protocols for both general-purpose computation functions and special-purpose ones, such as privacy-preserving machine learning and encrypted database queries. To the best of our knowledge, this article is the first survey to review TEE-based secure computation protocols and the comprehensive comparison can serve as a guideline for selecting suitable protocols for deployment in practice. Finally, we also discuss several future research directions and challenges.CCS Concepts: • Security and privacy → Tamper-proof and tamper-resistant designs; Trust frameworks; Privacy-preserving protocols; Management and querying of encrypted data.

show abstract

“…As such, the host operating system (including the container manager and container shim) and the hypervisor all lie within the Trusted Computing Base (TCB). Research into confidential cloud computing attempts to reduce the attack surface by leveraging specialized hardware-enforced Trusted Execution Environments (TEEs) [7,10,12,14,19,26,28,36,37], which enable user workloads to be protected inside enclaves even if the host's software is compromised or controlled by a malicious entity. TEEs available from major CPU vendors can be either process-based, such as Intel SGX [22] and ARM TrustZone [5], or VM-based, such as AMD SEV-SNP [3,25], Intel TDX [23] and ARM CCA [4,27].…”

Section: (B)mentioning

confidence: 99%

COCOAEXPO: Confidential Containers via Attested Execution Policies

Johnson¹,

Volos²,

Gordon³

et al. 2023

Preprint

View full text Add to dashboard Cite

Container-based technologies empower cloud tenants to develop highly portable software and deploy services in the cloud at a rapid pace. Cloud privacy, meanwhile, is important as a large number of container deployments operate on privacy-sensitive data, but challenging due to the increasing frequency and sophistication of attacks. State-of-the-art confidential container-based designs leverage process-based trusted execution environments (TEEs), but face security and compatibility issues that limits their practical deployment.We propose COCOAEXPO, an architecture that provides lift-and-shift deployment of unmodified containers while providing strong security protection against a powerful attacker who controls the untrusted host and hypervisor. COCOA-EXPO leverages VM-level isolation to execute a container group within a unique VM-based TEE. Besides container integrity and user data confidentiality and integrity, COCOA-EXPO also offers container attestation and execution integrity based on an attested execution policy. COCOAEXPO execution policies provide an inductive proof over all future states of the container group. This proof, which is established during initialization, forms a root of trust that can be used for secure operations within the container group without requiring any modifications of the containerized workflow itself (aside from the inclusion of the execution policy.)We evaluate COCOAEXPO on AMD SEV-SNP processors by running a diverse set of workloads demonstrating that workflows exhibit 0-26% additional overhead in performance over running outside the enclave, with a mean 13% overhead on SPEC2017, while requiring no modifications to their program code. Adding execution policies introduces less than 1% additional overhead.

show abstract

Keystone

Cited by 250 publications

References 32 publications

Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation

Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation

A Survey of Secure Computation Using Trusted Execution Environments

COCOAEXPO: Confidential Containers via Attested Execution Policies

Contact Info

Product

Resources

About