Ryoan

Hunt, Tyler; Zhu, Zhiting; Xu, Yuanzhong; Schmidt, Péter; Witchel, Emmett

doi:10.1145/3231594

Cited by 89 publications

(9 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Trojan Horse) and thus steals sensitive information from the host. Designing novel approaches to prevent TEE-based untrusted computation is another topic that demands further investigation [69,110]. • TEE trust management.…”

Section: Discussionmentioning

confidence: 99%

“…In [68], the proposed Chiron adopted SGX and the sandbox Ryoan [69] [158] proposed Citadel that allows parties (or say data owners) holding training data and an aggregation server (or say aggregator owner) equipped with enclaves to protect their input privacy. When multiple enclaves are deployed, Citadel achieves a less than 1.73× performance slowdown.…”

Section: Research Statusmentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Secure Computation Using Trusted Execution Environments

Li¹,

Yang²,

Xiang³

et al. 2023

Preprint

View full text Add to dashboard Cite

As an essential technology underpinning trusted computing, the trusted execution environment (TEE) allows one to launch computation tasks on both on-and off-premises data while assuring confidentiality and integrity. This article provides a systematic review and comparison of TEE-based secure computation protocols. We first propose a taxonomy that classifies secure computation protocols into three major categories, namely secure outsourced computation, secure distributed computation and secure multi-party computation. To enable a fair comparison of these protocols, we also present comprehensive assessment criteria with respect to four aspects: setting, methodology, security and performance. Based on these criteria, we review, discuss and compare the state-of-the-art TEE-based secure computation protocols for both general-purpose computation functions and special-purpose ones, such as privacy-preserving machine learning and encrypted database queries. To the best of our knowledge, this article is the first survey to review TEE-based secure computation protocols and the comprehensive comparison can serve as a guideline for selecting suitable protocols for deployment in practice. Finally, we also discuss several future research directions and challenges.CCS Concepts: • Security and privacy → Tamper-proof and tamper-resistant designs; Trust frameworks; Privacy-preserving protocols; Management and querying of encrypted data.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Research Statusmentioning

confidence: 99%

A Survey of Secure Computation Using Trusted Execution Environments

Li¹,

Yang²,

Xiang³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Lastly, we report research works that applied data confinement solutions -based on Software Fault Isolation -inside TEEs to protect against untrusted enclave service providers. Ryoan [13] introduced a distributed sandbox by adapting the Google Native Client (NaCl) to the enclave environment, thereby containing untrusted data-processing modules to prevent any leakage of user input data. The solution comes with a verifier and a service runtime.…”

Section: Embedding Language Runtimes In Teesmentioning

confidence: 99%

“…Wasm [12], initially conceived for executing high-performance native code in browsers, allows building a memory-safe, lightweight, and portable sandboxed execution environment based on restricted memory access and control flow with limited usage of resources. In the field of SFI, Ryoan [13] and Deflection [14] are notable solutions which combined SFI with TEEs. However, both suffer from performance and usability issues.…”

Section: Introductionmentioning

confidence: 99%

A Comprehensive Trusted Runtime for WebAssembly With Intel SGX

Ménétrey,

Pasin,

Felber

et al. 2024

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

In real-world scenarios, trusted execution environments (TEEs) frequently host applications that lack the trust of the infrastructure provider, as well as data owners who have specifically outsourced their data for remote processing. We present TWINE, a trusted runtime for running WebAssembly-compiled applications within TEEs, establishing a two-way sandbox. TWINE leverages memory safety guarantees of WebAssembly (Wasm) and abstracts the complexity of TEEs, empowering the execution of legacy and languageagnostic applications. It extends the standard WebAssembly system interface (WASI), providing controlled OS services, focusing on I/O. Additionally, through built-in TEE mechanisms, TWINE delivers attestation capabilities to ensure the integrity of the runtime and the OS services supplied to the application. We evaluate its performance using general-purpose benchmarks and real-world applications, showing it compares on par with state-of-the-art solutions. A case study involving fintech company Credora reveals that TWINE can be deployed in production with reasonable performance trade-offs, ranging from a 0.7× slowdown to a 1.17× speedup compared to native run time. Finally, we identify performance improvement through library optimisation, showcasing one such adjustment that leads up to 4.1× speedup. TWINE is open-source and has been upstreamed into the original Wasm runtime, WAMR.

show abstract

“…With the same trust assumption as the existing research work [16], the only trusted entity in Branchy-TEE is the Intel SGX-enabled CPU on the cloud server, which must support Local/Remote Authentication mechanisms (LA/RA) in addition to providing a trusted execution environment. Apart from that, everything in the infrastructure is untrustworthy, and the potential threats considered in Branchy-TEE are mainly from: Honest-But-Curious cloud providers, malicious co-located cloud tenants, and privileged attackers.…”

Section: B Threat Modelmentioning

confidence: 99%

Branchy-TEE: Deep Learning Security Inference Acceleration Using Trusted Execution Environment

Wang,

Deng,

Meng

et al. 2023

International Conferences on Software Engineering and Knowledge Engineering

View full text Add to dashboard Cite

Deep Learning as a Service (DLaaS) has become a remarkable trend in modern data-driven online services. Both data holders and service providers need to build on trust in thirdparty cloud infrastructure platforms. However, once the trust is broken, data holders' sensitive data and service providers' intellectual property rights will face significant security and privacy risks. In this paper, we propose a secure and efficient inference framework for deep learning in untrustworthy cloud platforms, termed Branchy-TEE, which aims to protect the confidentiality and integrity of data and models of multiple participating actors throughout the inference process using the Trusted Execution Environment (TEE). Branchy-TEE dynamically loads the inference network into the TEE on-demand based on early-exit mechanism, expecting to break the hardware performance bottleneck of the TEE. Moreover, a joint training method based on knowledge distillation for multi-exit networks is proposed, by flowing "knowledge" from the final exit with high accuracy to the early branch exit with lower accuracy. Finally, the effectiveness and efficiency of Branchy-TEE are verified through extensive experiments in real environments, while achieving an optimal balance between performance and hardware resources.

show abstract

Ryoan

Cited by 89 publications

References 49 publications

A Survey of Secure Computation Using Trusted Execution Environments

A Survey of Secure Computation Using Trusted Execution Environments

A Comprehensive Trusted Runtime for WebAssembly With Intel SGX

Branchy-TEE: Deep Learning Security Inference Acceleration Using Trusted Execution Environment

Contact Info

Product

Resources

About