Nested Enclave: Supporting Fine-grained Hierarchical Isolation with SGX

Park, Joongun; Kang, Naegyeong; Kim, Taehoon; Kwon, Youngjin; Huh, Jaehyuk

doi:10.1109/isca45697.2020.00069

Cited by 25 publications

(9 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recent architectures offer privacy-preserving offloaded computation. Data privacy techniques include Trusted Execution Environments (TEEs) [34,51,68], as well as memory access control and obfuscation [33,56,65,67]. While these prior techniques are vulnerable to side channel attacks, HE is not.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Client-optimized algorithms and acceleration for encrypted compute offloading

Hagen

Lucia

2022

Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

View full text Add to dashboard Cite

Homomorphic Encryption (HE) enables secure cloud offload processing on encrypted data. HE schemes are limited in the complexity and type of operations they can perform, motivating client-aided implementations that distribute computation between client (unencrypted) and server (encrypted). Prior client-aided systems optimize server performance, ignoring client costs: client-aided models put encryption and decryption on the critical path and require communicating large ciphertexts. We introduce Client-aided HE for Opaque Compute Offloading (CHOCO), a client-optimized system for encrypted offload processing. CHOCO reduces ciphertext size, reducing communication and computing costs through HE parameter minimization and through "rotational redundancy", a new HE algorithm optimization. We present Client-aided HE for Opaque Compute Offloading Through Accelerated Cryptographic Operations (CHOCO-TACO), an accelerator for HE encryption and decryption, making client-aided HE feasible for even resource-constrained clients. CHOCO supports two popular HE schemes (BFV and CKKS) and several applications, including DNNs, PageRank, KNN, and K-Means. CHOCO reduces communication by up to 2948× over prior work. With CHOCO-TACO client enc-/decryption is up to 1094× faster and uses up to 648× less energy. CCS CONCEPTS• Security and privacy → Cryptography; • Computer systems organization → Parallel architectures; • Software and its engineering → Designing software.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Recent work offers several options for privacy-preserving computation, including trusted execution environments (TEEs) [34,51,68], differential privacy (DP), multi-party computation (MPC) [2,11,60], and homomorphic encryption (HE) [6,8,20,22]. Of these, HE provides the strongest client security guarantees [8].…”

Section: Introductionmentioning

confidence: 99%

Client-optimized algorithms and acceleration for encrypted compute offloading

Hagen

Lucia

2022

Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

View full text Add to dashboard Cite

show abstract

“…CPU Enclaves. Numerous flavors of secure processors and CPU enclaves exist [15, 29,33,34,40,41,65,70,71,[79][80][81], with the best known being Intel SGX and ARM TrustZone. Keystone [62] is a recent framework for RISC-V enclaves that addresses CPU-specific memory-management challenges, such as self-paging and dynamic resizing, but does not provide hardware-enabled authenticated encryption.…”

Section: Related Workmentioning

confidence: 99%

ShEF: Shielded Enclaves for Cloud FPGAs

Zhao,

Gao,

Kozyrakis

2021

Preprint

View full text Add to dashboard Cite

FPGAs are now used in public clouds to accelerate a wide range of applications, including many that operate on sensitive data such as financial and medical records. We present ShEF, a trusted execution environment (TEE) for cloud-based reconfigurable accelerators. ShEF is independent from CPUbased TEEs and allows secure execution under a threat model where the adversary can control all software running on the CPU connected to the FPGA, has physical access to the FPGA, and can compromise the FPGA interface logic of the cloud provider. ShEF provides a secure boot and remote attestation process that relies solely on existing FPGA mechanisms for root of trust. It also includes a Shield component that provides secure access to data while the accelerator is in use. The Shield is highly customizable and extensible, allowing users to craft a bespoke security solution that fits their accelerator's memory access patterns, bandwidth, and security requirements at minimum performance and area overheads. We describe a prototype implementation of ShEF for existing cloud FPGAs and measure the performance benefits of customizable security using five accelerator designs.

show abstract

“…Panoply [85] reduces TCB by delegates syscalls to OS and verify later. Nested Enclave [71] presents static sharing enclave and communication via the outer enclave. STOCKADE provides dynamic EPC sharing with page granularity.…”

Section: Comparison To the Prior Workmentioning

confidence: 99%

Stockade: Hardware Hardening for Distributed Trusted Sandboxes

Park¹,

Kang²,

Lee³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Recent studies showed that a cloud application consists of multiple distributed modules provided by mutually distrustful parties. For trusted services, such applications can use trusted execution environments (TEEs) communicating through software-encrypted memory channels. Such an emerging TEE execution model requires a new type of bi-directional protection: protecting the rest of the system from the enclave module with sandboxing and protecting the enclave module from third-party modules and the operating system. However, the current TEE model cannot efficiently represent such distributed sandbox applications. To overcome the lack of hardware supports, this paper proposes an extended TEE model called STOCKADE, which supports distributed sandboxes hardened by hardware. STOCKADE proposes new three key techniques. First, it extends the hardware-based memory isolation in SGX to confine a user software module only within its TEE (enclave). Second, it proposes a trusted monitor enclave that filters and validates systems calls from enclaves. Finally, it allows hardware-protected memory sharing between a pair of enclaves for efficient protected communication without software-based encryption. Using an emulated SGX platform with the proposed extensions, this paper shows that distributed sandbox applications can be effectively supported with small changes of SGX hardware.

show abstract

Nested Enclave: Supporting Fine-grained Hierarchical Isolation with SGX

Cited by 25 publications

References 27 publications

Client-optimized algorithms and acceleration for encrypted compute offloading

Client-optimized algorithms and acceleration for encrypted compute offloading

ShEF: Shielded Enclaves for Cloud FPGAs

Stockade: Hardware Hardening for Distributed Trusted Sandboxes

Contact Info

Product

Resources

About