research-article

Shielding Applications from an Untrusted Cloud with Haven

Authors:
Andrew Baumann

Microsoft Research, Redmond, WA

Microsoft Research, Redmond, WA
View Profile

,
Marcus Peinado

Microsoft Research, Redmond, WA

Microsoft Research, Redmond, WA
View Profile

,
Galen Hunt

Microsoft Research, Redmond, WA

Microsoft Research, Redmond, WA
View Profile

Authors Info & Claims

ACM Transactions on Computer Systems Volume 33 Issue 3Article No.: 8pp 1–26https://doi.org/10.1145/2799647

Published:31 August 2015Publication History

ACM Transactions on Computer Systems

Abstract

Today’s cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider’s staff and its globally distributed software/hardware platform not to expose any of their private data.

We introduce the notion of shielded execution, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (i.e., the cloud operator’s OS, VM, and firmware). Our prototype, Haven, is the first system to achieve shielded execution of unmodified legacy applications, including SQL Server and Apache, on a commodity OS (Windows) and commodity hardware. Haven leverages the hardware protection of Intel SGX to defend against privileged code and physical attacks such as memory probes, and also addresses the dual challenges of executing unmodified legacy binaries and protecting them from a malicious host. This work motivated recent changes in the SGX specification.

References

Amazon Web Services. 2013. AWS CloudHSM Getting Started Guide. Retrieved July 23, 2015, from http://aws.amazon.com/cloudhsm/.Google Scholar
Ittai Anati, Shay Gueron, Simon P. Johnson, and Vincent R. Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy.Google Scholar
Thomas E. Anderson, Brian N. Bershad, Edward D. Lazowska, and Henry M. Levy. 1992. Scheduler activations: Effective kernel support for the user-level management of threads. ACM Transactions on Computer Systems 10, 53--79. Google ScholarDigital Library
Arvind Arasu, Spyros Blanas, Ken Eguro, Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy, and Ramaratnam Venkatesan. 2013. Orthogonal security with Cipherbase. In Proceedings of the 6th Conference on Innovative Data Systems Research.Google Scholar
ARM Limited. 2009. Building a Secure System Using TrustZone Technology. Ref. PRD29-GENC-009492C. ARM Limited.Google Scholar
Andrew Baumann, Dongyoon Lee, Pedro Fonseca, Lisa Glendenning, Jacob R. Lorch, Barry Bond, Reuben Olinsky, and Galen C. Hunt. 2013. Composing OS extensions safely and efficiently with Bascule. In Proceedings of the 8th ACM European Conference on Computer Systems (EuroSys’13). 239--252. DOI:http://dx.doi.org/10.1145/2465351.2465375 Google ScholarDigital Library
Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding applications from an untrusted cloud with Haven. In Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation. 267--283. Google ScholarDigital Library
Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar. 2003. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium. 105--120. Google ScholarDigital Library
Ernie Brickell, Gary Graunke, Michael Neve, and Jean-Pierre Seifert. 2006. Software Mitigations to Hedge AES against Cache-Based Software Side Channel Vulnerabilities. Report 2006/052. Cryptology ePrint Archive.Google Scholar
David Champagne and Ruby B. Lee. 2010. Scalable architectural support for trusted software. In Proceedings of the 16th IEEE International Symposium on High-Performance Computer Architecture. 1--12.Google Scholar
Stephen Checkoway and Hovav Shacham. 2013. Iago attacks: Why the system call API is a bad untrusted RPC interface. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems. 12. DOI:http://dx.doi.org/10.1145/2451116.2451145 Google ScholarDigital Library
Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R. K. Ports. 2008. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems. 2--13. DOI:http://dx.doi.org/10.1145/1346281.1346284 Google ScholarDigital Library
Siddhartha Chhabra, Brian Rogers, Yan Solihin, and Milos Prvulovic. 2011. SecureME: A hardware-software approach to full system security. In Proceedings of the International Conference on Supercomputing. 108--119. DOI:http://dx.doi.org/10.1145/1995896.1995914 Google ScholarDigital Library
Cloud Security Alliance. 2013. Government Access to Information Survey. Retrieved July 23, 2015, from https://cloudsecurityalliance.org/research/surveys/#_nsa_prism.Google Scholar
John Criswell, Nathan Dautenhahn, and Vikram Adve. 2014. Virtual ghost: Protecting applications from hostile operating systems. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’14). 81--96. DOI:http://dx.doi.org/10.1145/2541940.2541986 Google ScholarDigital Library
John R. Douceur, Jeremy Elson, Jon Howell, and Jacob R. Lorch. 2008. Leveraging legacy code to deploy desktop applications on the Web. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation. 339--354. Google ScholarDigital Library
Kevin Fu, Frans Kaashoek, and David Mazières. 2000. Fast and secure distributed read-only file system. In Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation. 181--196. Google ScholarDigital Library
Blaise Gassend, Edward Suh, Dwaine Clarke, Marten van Dijk, and Srinivas Devadas. 2003. Caches and hash trees for efficient memory integrity verification. In Proceedings of the 9th IEEE International Symposium on High-Performance Computer Architecture. 295--306. Google ScholarDigital Library
Barton Gellman and Laura Poitras. 2013. U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program. Washington Post, June 6, 2013.Google Scholar
Barton Gellman and Ashkan Soltani. 2013. NSA infiltrates links to yahoo, google data centers worldwide, snowden documents say. Washington Post, October 30, 2013.Google Scholar
Craig Gentry. 2009. A Fully Homomorphic Encryption Scheme. Ph.D. Dissertation. Stanford University, Stanford, CA. Google ScholarDigital Library
Craig Gentry, Shai Halevi, and Nigel P. Smart. 2012. Homomorphic evaluation of the AES circuit. In Advances in Cryptology—CRYPTO 2012. Lecture Notes in Computer Science, Vol. 7417. Springer, 850--867,Google Scholar
Steven M. Hand. 1999. Self-paging in the nemesis operating system. In Proceedings of the 3rd USENIX Symposium on Operating Systems Design and Implementation. 73--86. http://dl.acm.org/citation.cfm?id=296806.296812 Google ScholarDigital Library
Chris Hawblitzel, Jon Howell, Jacob R. Lorch, Arjun Narayan, Bryan Parno, Danfeng Zhang, and Brian Zill. 2014. Ironclad apps: End-to-end security via automated full-system verification. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation. Google ScholarDigital Library
Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Vinay Phegade, and Juan Del Cuvillo. 2013. Using innovative instructions to create trustworthy software solutions. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. Article No. 11. DOI:http://dx.doi.org/10.1145/2487726.2488370 Google ScholarDigital Library
Owen S. Hofmann, Sangman Kim, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel. 2013. InkTag: Secure applications on an untrusted operating system. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems. 265--278. DOI:http://dx.doi.org/10.1145/2451116.2451146 Google ScholarDigital Library
Fangyong Hou, Nong Xiao, Fang Liu, Hongjun He, and Dawu Gu. 2009. Performance and consistency improvements of hash tree based disk storage protection. In Proceedings of the 2009 IEEE International Conference on Networking, Architecture, and Storage. 51--56. Google ScholarDigital Library
Jon Howell, Bryan Parno, and John R. Douceur. 2013. How to run POSIX apps in a minimal picoprocess. In Proceedings of the 2013 USENIX Annual Technical Conference. 321--332. Google ScholarDigital Library
Intel Corp. 2013. Software Guard Extensions Programming Reference. Ref. #329298-001. Intel Corp. https://software.intel.com/sites/default/files/329298-001.pdf.Google Scholar
Intel Corp. 2014a. Intel 64 and IA-32 Architectures Software Developer’s Manual. Ref. #253665-050US. Intel Corp.Google Scholar
Intel Corp. 2014b. Software Guard Extensions Programming Reference, Rev. 2. Ref. #329298-002. Intel Corp. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf.Google Scholar
Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal verification of an OS kernel. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles. 207--220. DOI:http://dx.doi.org/10.1145/1629575.1629596 Google ScholarDigital Library
Ruby B. Lee, Peter C. S. Kwan, John P. McGregor, Jeffrey Dwoskin, and Zhenghong Wang. 2005. Architecture for protecting critical secrets in microprocessors. In Proceedings of the 32nd International Symposium on Computer Architecture. 2--13. DOI:http://dx.doi.org/10.1109/ISCA.2005.14 Google ScholarDigital Library
Roy Levin, Ellis S. Cohen, William M. Corwin, Fred J. Pollack, and William A. Wulf. 1975. Policy/mechanism separation in HYDRA. In Proceedings of the 5th ACM Symposium on Operating Systems Principles. 132--140. Google ScholarDigital Library
Yanlin Li, Jonathan M. McCune, James Newsome, Adrian Perrig, Brandon Baker, and Will Drewry. 2014. MiniBox: A two-way sandbox for x86 native code. In Proceedings of the 2014 USENIX Annual Technical Conference. Google ScholarDigital Library
David Lie, Chandramohan Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell, and Mark Horowitz. 2000. Architectural support for copy and tamper resistant software. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems. 168--177. Google ScholarDigital Library
David Lie, Chandramohan A. Thekkath, and Mark Horowitz. 2003. Implementing an untrusted operating system on trusted hardware. In Proceedings of the 19th ACM Symposium on Operating Systems Principles. 178--192. DOI:http://dx.doi.org/10.1145/945445.945463 Google ScholarDigital Library
Jacob R. Lorch, Andrew Baumann, Lisa Glendenning, Dutch Meyer, and Andrew Warfield. 2015. Tardigrade: Leveraging lightweight virtual machines to easily and efficiently construct fault-tolerant services. In Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation. https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/lorch. Google ScholarDigital Library
Umesh Maheshwari, Radek Vingralek, and William Shapiro. 2000. How to build a trusted database system on untrusted storage. In Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation. 135--150. Google ScholarDigital Library
Brian D. Marsh, Michael L. Scott, Thomas J. LeBlanc, and Evangelos P. Markatos. 1991. First-class user-level threads. In Proceedings of the 13th ACM Symposium on Operating Systems Principles. 110--121. Google ScholarDigital Library
Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. 2010. TrustVisor: Efficient TCB reduction and attestation. In Proceedings of the IEEE Symposium on Security and Privacy. 143--158. DOI:http://dx.doi.org/10.1109/SP.2010.17 Google ScholarDigital Library
Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In 3rd ACM SOGOPS/EuroSys European Conference on Computer Systems (EuroSys’08). 315--328. DOI:http://dx.doi.org/10.1145/1352592.1352625 Google ScholarDigital Library
David McGrew and John Viega. 2004. The Galois/Counter Mode of Operation (GCM). Retrieved July 24, 2015, from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf.Google Scholar
Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. Article No. 10. DOI:http://dx.doi.org/10.1145/2487726.2488368 Google ScholarDigital Library
Ralph Merkle. 1987. A digital signature based on a conventional encryption function. In Advances in Cryptology—CRYPTO ’87. Lecture Notes in Computer Science, Vol. 293. Springer, 369--378. Google ScholarDigital Library
Claire Cain Miller. 2014. Revelations of N.S.A. spying cost U.S. tech companies. New York Times, March 21, 2014.Google Scholar
Emmanuel Owusu, Jorge Guajardo, Jonathan McCune, Jim Newsome, Adrian Perrig, and Amit Vasudevan. 2013. OASIS: On achieving a sanctuary for integrity and secrecy on untrusted platforms. In Proceedings of the 20th ACM Conference on Computer and Communications Security. 13--24. DOI:http://dx.doi.org/10.1145/2508859.2516678 Google ScholarDigital Library
Bryan Parno, Jacob R. Lorch, John R. Douceur, James Mickens, and Jonathan M. McCune. 2011. Memoir: Practical state continuity for protected modules. In Proceedings of the IEEE Symposium on Security and Privacy. 379--394. DOI:http://dx.doi.org/10.1109/SP.2011.38 Google ScholarDigital Library
Dan Plastina. 2015. Azure Key Vault—Making the Cloud Safer. Retrieved July 24, 2015, from http://blogs.technet.com/b/kv/archive/2015/01/08/azure-key-vault-making-the-cloud-safer.aspx.Google Scholar
Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan. 2011. CryptDB: Protecting confidentiality with encrypted query processing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 85--100. DOI:http://dx.doi.org/10.1145/2043556.2043566 Google ScholarDigital Library
Gerald J. Popek and Robert P. Goldberg. 1974. Formal requirements for virtualizable third generation architectures. Communications of the ACM 17, 7, 412--421. DOI:http://dx.doi.org/10.1145/361011.361073 Google ScholarDigital Library
Donald E. Porter, Silas Boyd-Wickizer, Jon Howell, Reuben Olinksy, and Galen C. Hunt. 2011. Rethinking the library OS from the top down. In Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems. 291--304. Google ScholarDigital Library
PrivateCore. 2014. Trustworthy Computing for OpenStack with vCage. Retrieved July 24, 2015, from http://privatecore.com/vcage/.Google Scholar
Himanshu Raj, David Robinson, Talha Bin Tariq, Paul England, Stefan Saroiu, and Alec Wolman. 2011. Credo: Trusted Computing for Guest VMs with a Commodity Hypervisor. Technical Report MSR-TR-2011-130. Microsoft Research.Google Scholar
Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. 2004. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th USENIX Security Symposium. Google ScholarDigital Library
Nuno Santos, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2014. Using ARM trustzone to build a trusted language runtime for mobile applications. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems. 67--80. DOI:http://dx.doi.org/10.1145/2541940.2541949 Google ScholarDigital Library
Emin Gün Sirer, Willem de Bruijn, Patrick Reynolds, Alan Shieh, Kevin Walsh, Dan Williams, and Fred B. Schneider. 2011. Logical attestation: An authorization architecture for trustworthy computing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 249--264. DOI:http://dx.doi.org/10.1145/2043556.2043580 Google ScholarDigital Library
Sean W. Smith and Steve Weingart. 1999. Building a high-performance, programmable secure coprocessor. Computer Networks 31, 9, 831--860. http://dl.acm.org/citation.cfm?id=324119.324128 Google ScholarDigital Library
Richard Ta-Min, Lionel Litty, and David Lie. 2006. Splitting interfaces: Making trust between applications and operating systems configurable. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation. 279--292. http://dl.acm.org/citation.cfm?id=1267308.1267328 Google ScholarDigital Library
Sai Deep Tetali, Mohsen Lesani, Rupak Majumdar, and Todd Millstein. 2013. MrCrypt: Static analysis for secure cloud computations. In Proceedings of the 2013 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications. 271--286. DOI:http://dx.doi.org/10.1145/2509136.2509554 Google ScholarDigital Library
Transaction Processing Performance Council. 2010. TPC Benchmark E Standard Specification. Rev. 1.12.0. Transaction Processing Performance Council.Google Scholar
Trusted Computing Group. 2011. TPM Main Specification Level 2. Version 1.2, Revision 116. Trusted Computing Group.Google Scholar
Chia-Che Tsai, Kumar Saurabh Arora, Nehal Bandi, Bhushan Jain, William Jannen, Jitin John, Harry A. Kalodner, Vrushali Kulkarni, Daniela Oliveira, and Donald E. Porter. 2014. Cooperation and security isolation of library OSes for multi-process applications. In Proceedings of the 9th European Conference on Computer Systems (EuroSys’14). Article No. 9. Google ScholarDigital Library
Amit Vasudevan, Emmanuel Owusu, Zongwei Zhou, James Newsome, and Jonathan M. McCune. 2012. Trustworthy execution on mobile devices: What security properties can my mobile platform give me? In Proceedings of the 5th International Conference on Trust and Trustworthy Computing. 159--178. DOI:http://dx.doi.org/10.1007/978-3-642-30921-2_10 Google ScholarDigital Library
Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA.Google ScholarDigital Library
Jisoo Yang and Kang G. Shin. 2008. Using hypervisor to provide data secrecy for user applications on a per-page basis. In Proceedings of the 4th International Conference on Virtual Execution Environments. 71--80. DOI:http://dx.doi.org/10.1145/1346256.1346267 Google ScholarDigital Library
Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. 2009. Native client: A sandbox for portable, untrusted x86 native code. In Proceedings of the 30th IEEE Symposium on Security and Privacy. 79--93. Google ScholarDigital Library
Aaram Yun, Chunhui Shi, and Yongdae Kim. 2009. On protecting integrity and confidentiality of cryptographic file system for outsourced storage. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security. 67--76. Google ScholarDigital Library
Fengzhe Zhang, Jin Chen, Haibo Chen, and Binyu Zang. 2011. CloudVisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 203--216. DOI:http://dx.doi.org/10.1145/2043556.2043576 Google ScholarDigital Library
Xiao Zhang, Sandhya Dwarkadas, and Kai Shen. 2009. Towards practical page coloring-based multicore cache management. In 4th ACM European Conference on Computer Systems (EuroSys’09). 89--102. DOI:http://dx.doi.org/10.1145/1519065.1519076 Google ScholarDigital Library

Index Terms

Shielding Applications from an Untrusted Cloud with Haven
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software creation and management
    1. Designing software
  2. Software organization and properties
    1. Contextual software domains
      1. Operating systems

Recommendations

Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX
ASPLOS '20: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems

Intel Software Guard Extensions (SGX) enables user-level code to create private memory regions called enclaves, whose code and data are protected by the CPU from software and hardware attacks outside the enclaves. Recent work introduces library ...
Read More
Shielding applications from an untrusted cloud with Haven
OSDI'14: Proceedings of the 11th USENIX conference on Operating Systems Design and Implementation

Today's cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider's staff and its globally-distributed software/hardware platform not to expose any of their private data.

We introduce the notion of shielded ...
Read More
COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX
ASPLOS '20: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems

Intel SGX is a hardware-based trusted execution environment (TEE), which enables an application to compute on confidential data in a secure enclave. SGX assumes a powerful threat model, in which only the CPU itself is trusted; anything else is untrusted,...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Computer Systems Volume 33, Issue 3
September 2015
140 pages
ISSN:0734-2071
EISSN:1557-7333
DOI:10.1145/2818727
Editor:
Todd C. Mowry
Carnegie Mellon University, Pittsburgh, PA
Issue’s Table of Contents
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 31 August 2015
- Accepted: 1 June 2015
- Received: 1 April 2015
Published in tocs Volume 33, Issue 3

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Cloud security
Intel SGX
enclave
library OS
shielded execution
trusted computing
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 268
  Total Citations
  View Citations
- 2,235
  Total Downloads
- Downloads (Last 12 months)146
- Downloads (Last 6 weeks)13
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Shielding Applications from an Untrusted Cloud with Haven

ACM Transactions on Computer Systems

Abstract

References

Cited By

Index Terms

Recommendations

Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX

Shielding applications from an untrusted cloud with Haven

COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Shielding Applications from an Untrusted Cloud with Haven

ACM Transactions on Computer Systems

Abstract

References

Cited By

Index Terms

Recommendations

Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX

Shielding applications from an untrusted cloud with Haven

COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media