Relevant bibliographies by topics / Trusted Execution Environments (TEEs) / Journal articles

Journal articles on the topic 'Trusted Execution Environments (TEEs)'

To see the other types of publications on this topic, follow the link: Trusted Execution Environments (TEEs).
Author: Grafiati
Published: 10 December 2022
Last updated: 28 January 2023

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'Trusted Execution Environments (TEEs).'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Meftah, Souhail, Shuhao Zhang, Bharadwaj Veeravalli, and Khin Mi Mi Aung. "Revisiting the Design of Parallel Stream Joins on Trusted Execution Environments." Algorithms 15, no. 6 (May 25, 2022): 183. http://dx.doi.org/10.3390/a15060183.

Full text
Abstract:
The appealing properties of secure hardware solutions such as trusted execution environment (TEE) including low computational overhead, confidentiality guarantee, and reduced attack surface have prompted considerable interest in adopting them for secure stream processing applications. In this paper, we revisit the design of parallel stream join algorithms on multicore processors with TEEs. In particular, we conduct a series of profiling experiments to investigate the impact of alternative design choices to parallelize stream joins on TEE including: (1) execution approaches, (2) partitioning schemes, and (3) distributed scheduling strategies. From the profiling study, we observe three major high-performance impediments: (a) the computational overhead introduced with cryptographic primitives associated with page swapping operations, (b) the restrictive Enclave Page Cache (EPC) size that limits the supported amount of in-memory processing, and (c) the lack of vertical scalability to support the increasing workload often required for near real-time applications. Addressing these issues allowed us to design SecJoin, a more efficient parallel stream join algorithm that exploits modern scale-out architectures with TEEs rendering no trade-offs on security whilst optimizing performance. We present our model-driven parameterization of SecJoin and share our experimental results which have shown up to 4-folds of improvements in terms of throughput and latency.
APA, Harvard, Vancouver, ISO, and other styles
2

Singh, Jatinder, Jennifer Cobbe, Do Le Quoc, and Zahra Tarkhani. "Enclaves in the Clouds." Queue 18, no. 6 (December 14, 2020): 78–114. http://dx.doi.org/10.1145/3442632.3448126.

Full text
Abstract:
With organizational data practices coming under increasing scrutiny, demand is growing for mechanisms that can assist organizations in meeting their data-management obligations. TEEs (trusted execution environments) provide hardware-based mechanisms with various security properties for assisting computation and data management. TEEs are concerned with the confidentiality and integrity of data, code, and the corresponding computation. Because the main security properties come from hardware, certain protections and guarantees can be offered even if the host privileged software stack is vulnerable.
APA, Harvard, Vancouver, ISO, and other styles
3

Niu, Yue, Ramy E. Ali, and Salman Avestimehr. "3LegRace: Privacy-Preserving DNN Training over TEEs and GPUs." Proceedings on Privacy Enhancing Technologies 2022, no. 4 (October 2022): 183–203. http://dx.doi.org/10.56553/popets-2022-0105.

Full text
Abstract:
Leveraging parallel hardware (e.g. GPUs) for deep neural network (DNN) training brings high computing performance. However, it raises data privacy concerns as GPUs lack a trusted environment to protect the data. Trusted execution environments (TEEs) have emerged as a promising solution to achieve privacypreserving learning. Unfortunately, TEEs’ limited computing power renders them not comparable to GPUs in performance. To improve the trade-off among privacy, computing performance, and model accuracy, we propose an asymmetric model decomposition framework, AsymML, to (1) accelerate training using parallel hardware; and (2) achieve a strong privacy guarantee using TEEs and differential privacy (DP) with much less accuracy compromised compared to DP-only methods. By exploiting the low-rank characteristics in training data and intermediate features, AsymML asymmetrically decomposes inputs and intermediate activations into low-rank and residual parts. With the decomposed data, the target DNN model is accordingly split into a trusted and an untrusted part. The trusted part performs computations on low-rank data, with low compute and memory costs. The untrusted part is fed with residuals perturbed by very small noise. Privacy, computing performance, and model accuracy are well managed by respectively delegating the trusted and the untrusted part to TEEs and GPUs. We provide a formal DP guarantee that demonstrates that, for the same privacy guarantee, combining asymmetric data decomposition and DP requires much smaller noise compared to solely using DP without decomposition. This improves the privacy-utility trade-off significantly compared to using only DP methods without decomposition. Furthermore, we present a rank bound analysis showing that the low-rank structure is preserved after each layer across the entire model. Our extensive evaluations on DNN models show that AsymML delivers 7.6× speedup in training compared to the TEE-only executions while ensuring privacy. We also demonstrate that AsymML is effective in protecting data under common attacks such as model inversion and gradient attacks.
APA, Harvard, Vancouver, ISO, and other styles
4

Khurshid, Anum, Sileshi Demesie Yalew, Mudassar Aslam, and Shahid Raza. "TEE-Watchdog: Mitigating Unauthorized Activities within Trusted Execution Environments in ARM-Based Low-Power IoT Devices." Security and Communication Networks 2022 (May 25, 2022): 1–21. http://dx.doi.org/10.1155/2022/8033799.

Full text
Abstract:
Trusted execution environments (TEEs) are on the rise in devices all around us ranging from large-scale cloud-based solutions to resource-constrained embedded devices. With the introduction of ARM TrustZone-M, hardware-assisted trusted execution is now supported in IoT nodes. TrustZone-M provides isolated execution of security-critical operations and sensitive data-generating peripherals. However, TrustZone-M, like all other TEEs, does not provide a mechanism to monitor operations in the trusted areas of the device and software in the secure areas of an IoT device has access to the entire secure and nonsecure software stack. This is crucial due to the diversity of device manufacturers and component suppliers in the market, which manifests trust issues, especially when third-party peripherals are incorporated into a TEE. Compromised TEEs can be misused for industrial espionage, data exfiltration through system backdoors, and illegal data sharing. It is of utmost importance here that system peripheral behaviour in terms of resource access is in accordance with their intended usage that is specified during integration. We propose TEE-Watchdog, a lightweight framework that establishes MPU protections for secure system peripherals in TrustZone-enabled low-end IoT devices. TEE-Watchdog ensures blocking unauthorized peripheral accesses and logging of application misbehaviour running in the TEE based on a manifest file. We define lightweight specifications and structure for the application manifest file enlisting permissions for critical system peripherals using concise binary object representation (CBOR). We implement and evaluate TEE-Watchdog using a Musca-A2 test chipboard. Our microbenchmark evaluations on CPU time and RAM usage demonstrated the practicality of TEE-Watchdog. Securing the system peripherals using TEE-Watchdog protections induced a 1.4% overhead on the latency of peripheral accesses, which was 61 microseconds on our test board. Our optimized CBOR-encoded manifest file template also showed a decrease in manifest file size by 40% as compared to the standard file formats, e.g., JSON.
APA, Harvard, Vancouver, ISO, and other styles
5

Maliszewski, Kajetan, Jorge-Arnulfo Quiané-Ruiz, Jonas Traub, and Volker Markl. "What is the price for joining securely?" Proceedings of the VLDB Endowment 15, no. 3 (November 2021): 659–72. http://dx.doi.org/10.14778/3494124.3494146.

Full text
Abstract:
Protection of personal data has been raised to be among the top requirements of modern systems. At the same time, it is now frequent that the owner of the data and the owner of the computing infrastructure are two entities with limited trust between them (e. g., volunteer computing or the hybrid-cloud). Recently, trusted execution environments (TEEs) became a viable solution to ensure the security of systems in such environments. However, the performance of relational operators in TEEs remains an open problem. We conduct a comprehensive experimental study to identify the main bottlenecks and challenges when executing relational equi-joins in TEEs. For this, we introduce TEEbench, a framework for unified benchmarking of relational operators in TEEs, and use it for conducting our experimental evaluation. In a nutshell, we perform the following experimental analysis for eight core join algorithms: off-the-shelf performance; the performance implications of data sealing and obliviousness; sensitivity and scalability. The results show that all eight join algorithms significantly suffer from different performance bottlenecks in TEEs. They can be up to three orders of magnitude slower in TEEs than on plain CPUs. Our study also indicates that existing join algorithms need a complete, hardware-aware redesign to be efficient in TEEs, and that, in secure query plans, managing TEE features is equally important to join selection.
APA, Harvard, Vancouver, ISO, and other styles
6

Liu, Songran, Nan Guan, Zhishan Guo, and Wang Yi. "MiniTEE—A Lightweight TrustZone-Assisted TEE for Real-Time Systems." Electronics 9, no. 7 (July 11, 2020): 1130. http://dx.doi.org/10.3390/electronics9071130.

Full text
Abstract:
While trusted execution environments (TEEs) provide industry standard security and isolation, TEE requests through secure monitor calls (SMCs) attribute to large time overhead and weakened temporal predictability. Moreover, as current available TEE solutions are designed for Linux and/or Android initially, it will encounter many constraints (e.g., driver libraries incompatible, large memory footprint, etc.) when integrating with low-end Real-Time Operating Systems, RTOSs. In this paper, we present MiniTEE to understand, evaluate and discuss the benefits and limitations when integrating TrustZone-assisted TEEs with RTOSs. We demonstrate how MiniTEE can be adequately exploited for meeting the real-time needs, while presenting a low performance overhead to the rich OSs (i.e., low-end RTOSs).
APA, Harvard, Vancouver, ISO, and other styles
7

Fei, Shufan, Zheng Yan, Wenxiu Ding, and Haomeng Xie. "Security Vulnerabilities of SGX and Countermeasures." ACM Computing Surveys 54, no. 6 (July 2021): 1–36. http://dx.doi.org/10.1145/3456631.

Full text
Abstract:
Trusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of the most representative TEEs that creates an isolated environment on an untrusted operating system, thus providing run-time protection for the execution of security-critical code and data. However, Intel SGX is far from the acme of perfection. It has become a target of various attacks due to its security vulnerabilities. Researchers and practitioners have paid attention to the security vulnerabilities of SGX and investigated optimization solutions in real applications. Unfortunately, existing literature lacks a thorough review of security vulnerabilities of SGX and their countermeasures. In this article, we fill this gap. Specifically, we propose two sets of criteria for estimating security risks of existing attacks and evaluating defense effects brought by attack countermeasures. Furthermore, we propose a taxonomy of SGX security vulnerabilities and shed light on corresponding attack vectors. After that, we review published attacks and existing countermeasures, as well as evaluate them by employing our proposed criteria. At last, on the strength of our survey, we propose some open challenges and future directions in the research of SGX security.
APA, Harvard, Vancouver, ISO, and other styles
8

Choi, Joseph I., and Kevin R. B. Butler. "Secure Multiparty Computation and Trusted Hardware: Examining Adoption Challenges and Opportunities." Security and Communication Networks 2019 (April 2, 2019): 1–28. http://dx.doi.org/10.1155/2019/1368905.

Full text
Abstract:
When two or more parties need to compute a common result while safeguarding their sensitive inputs, they use secure multiparty computation (SMC) techniques such as garbled circuits. The traditional enabler of SMC is cryptography, but the significant number of cryptographic operations required results in these techniques being impractical for most real-time, online computations. Trusted execution environments (TEEs) provide hardware-enforced isolation of code and data in use, making them promising candidates for making SMC more tractable. This paper revisits the history of improvements to SMC over the years and considers the possibility of coupling trusted hardware with SMC. This paper also addresses three open challenges: (1) defeating malicious adversaries, (2) mobile-friendly TEE-supported SMC, and (3) a more general coupling of trusted hardware and privacy-preserving computation.
APA, Harvard, Vancouver, ISO, and other styles
9

Jones, Michael, Matthew Johnson, Mark Shervey, Joel T. Dudley, and Noah Zimmerman. "Privacy-Preserving Methods for Feature Engineering Using Blockchain: Review, Evaluation, and Proof of Concept." Journal of Medical Internet Research 21, no. 8 (August 14, 2019): e13600. http://dx.doi.org/10.2196/13600.

Full text
Abstract:
Background The protection of private data is a key responsibility for research studies that collect identifiable information from study participants. Limiting the scope of data collection and preventing secondary use of the data are effective strategies for managing these risks. An ideal framework for data collection would incorporate feature engineering, a process where secondary features are derived from sensitive raw data in a secure environment without a trusted third party. Objective This study aimed to compare current approaches based on how they maintain data privacy and the practicality of their implementations. These approaches include traditional approaches that rely on trusted third parties, and cryptographic, secure hardware, and blockchain-based techniques. Methods A set of properties were defined for evaluating each approach. A qualitative comparison was presented based on these properties. The evaluation of each approach was framed with a use case of sharing geolocation data for biomedical research. Results We found that approaches that rely on a trusted third party for preserving participant privacy do not provide sufficiently strong guarantees that sensitive data will not be exposed in modern data ecosystems. Cryptographic techniques incorporate strong privacy-preserving paradigms but are appropriate only for select use cases or are currently limited because of computational complexity. Blockchain smart contracts alone are insufficient to provide data privacy because transactional data are public. Trusted execution environments (TEEs) may have hardware vulnerabilities and lack visibility into how data are processed. Hybrid approaches combining blockchain and cryptographic techniques or blockchain and TEEs provide promising frameworks for privacy preservation. For reference, we provide a software implementation where users can privately share features of their geolocation data using the hybrid approach combining blockchain with TEEs as a supplement. Conclusions Blockchain technology and smart contracts enable the development of new privacy-preserving feature engineering methods by obviating dependence on trusted parties and providing immutable, auditable data processing workflows. The overlap between blockchain and cryptographic techniques or blockchain and secure hardware technologies are promising fields for addressing important data privacy needs. Hybrid blockchain and TEE frameworks currently provide practical tools for implementing experimental privacy-preserving applications.
APA, Harvard, Vancouver, ISO, and other styles
10

Koutroumpouchos, Nikolaos, Christoforos Ntantogian, and Christos Xenakis. "Building Trust for Smart Connected Devices: The Challenges and Pitfalls of TrustZone." Sensors 21, no. 2 (January 13, 2021): 520. http://dx.doi.org/10.3390/s21020520.

Full text
Abstract:
TrustZone-based Trusted Execution Environments (TEEs) have been utilized extensively for the implementation of security-oriented solutions for several smart intra and inter-connected devices. Although TEEs have been promoted as the starting point for establishing a device root of trust, a number of published attacks against the most broadly utilized TEE implementations request a second view on their security. The aim of this research is to provide an analytical and educational exploration of TrustZone-based TEE vulnerabilities with the goal of pinpointing design and implementation flaws. To this end, we provide a taxonomy of TrustZone attacks, analyze them, and more importantly derive a set of critical observations regarding their nature. We perform a critical appraisal of the vulnerabilities to shed light on their underlying causes and we deduce that their manifestation is the joint effect of several parameters that lead to this situation. The most important ones are the closed implementations, the lack of security mechanisms, the shared resource architecture, and the absence of tools to audit trusted applications. Finally, given the severity of the identified issues, we propose possible improvements that could be adopted by TEE implementers to remedy and improve the security posture of TrustZone and future research directions.
APA, Harvard, Vancouver, ISO, and other styles
11

Kapsoulis, Nikolaos, Alexandros Psychas, Antonios Litke, and Theodora Varvarigou. "Reinforcing SLA Consensus on Blockchain." Computers 10, no. 12 (November 26, 2021): 159. http://dx.doi.org/10.3390/computers10120159.

Full text
Abstract:
Cloud Infrastructure as a Service (IaaS) Service Level Agreements (SLAs) assessment constitutes the de facto area of interest and applications in the public cloud infrastructure. However, the domination of colossal corporations tends to monopolize the way metrics and Key Performance Indicators (KPIs) are measured and determined, leading to governed environments where the clientele is unable to obtain accurate and unbiased assessment of SLAs. Leaning toward SLA self-assessment, this paper provides a fair SLA consensus approach with innate transparency and privacy by leveraging permissioned blockchains that are equipped with Trusted Execution Environments (TEEs). The SLA assessment intelligence is performed inside enclaved smart contracts isolated from the on-chain entities views. The result constitutes a permissioned blockchain ecosystem where the IaaS and their clientele commonly agree on all the respective SLA monitoring and computation rules beforehand, as defined in any SLA assessment process, while the SLA consensus scheme constantly audits the SLA metrics based on these pre-approved regulations.
APA, Harvard, Vancouver, ISO, and other styles
12

Wang, Yanping, Xiaosong Zhang, Xiaofen Wang, Teng Hu, Peng Lu, and Mingyong Yin. "Security Enhancements for Data-Driven Systems: A Blockchain-Based Trustworthy Data Sharing Scheme." Security and Communication Networks 2022 (October 11, 2022): 1–11. http://dx.doi.org/10.1155/2022/1317626.

Full text
Abstract:
With the increasingly prominent value of big data, data sharing within enterprises and organizations has become increasingly popular, and many institutions have established data centers to achieve effective data storage and sharing. Meanwhile, cyberspace data security and privacy have become the most critical issue that people are concerned about since shared data often involves commercial secrets and sensitive information. At present, data encryption techniques have been applied to protect the security of the sensitive data stored in and shared by the data centers. However, the challenges of efficient data sharing, secure management of decryption keys, deduplication of the plaintext, and transparency and auditability of the data access arise. These challenges may obstruct the development of data sharing in data-driven systems. To meet these challenges, we propose a secure and trustworthy data sharing scheme and introduce blockchain, proxy re-encryption (PRE), and trusted execution environments (TEEs) into the data-driven systems. Our scheme mainly enables (1) automatic distribution and management of the decryption keys, (2) reduction of the reduplicative data, and (3) trustworthy data sharing and recording. Finally, we implement the proposed scheme and compare it with other existing schemes. It is demonstrated that our scheme reduces the computation and communication overhead.
APA, Harvard, Vancouver, ISO, and other styles
13

Wang, Sheng, Yiran Li, Huorong Li, Feifei Li, Chengjin Tian, Le Su, Yanshan Zhang, et al. "Operon." Proceedings of the VLDB Endowment 15, no. 12 (August 2022): 3332–45. http://dx.doi.org/10.14778/3554821.3554826.

Full text
Abstract:
The past decade has witnessed the rapid development of cloud computing and data-centric applications. While these innovations offer numerous attractive features for data processing, they also bring in new issues about the loss of data ownership. Though some encrypted databases have emerged recently, they can not fully address these concerns for the data owner. In this paper, we propose an ownership-preserving database (OPDB), a new paradigm that characterizes different roles' responsibilities from nowadays applications and preserves data ownership throughout the entire application. We build Operon to follow the OPDB paradigm, which utilizes the trusted execution environment (TEE) and introduces a behavior control list (BCL). Different from access controls that merely handle accessibility permissions, BCL further makes data operation behaviors under control. Besides, we make Operon practical for real-world applications, by extending database capabilities towards flexibility, functionality and ease of use. Operon is the first database framework with which the data owner exclusively controls its data across different roles' subsystems. We have successfully integrated Operon with different TEEs, i.e. , Intel SGX and an FPGA-based implementation, and various database services on Alibaba Cloud, i.e. , PolarDB and RDS PostgreSQL. The evaluation shows that Operon achieves 71% - 97% of the performance of plaintext databases under the TPC-C benchmark while preserving the data ownership.
APA, Harvard, Vancouver, ISO, and other styles
14

Köhler, Jens, and Henry Förster. "Trusted Execution Environments im Fahrzeug." ATZelektronik 11, no. 5 (October 2016): 38–43. http://dx.doi.org/10.1007/s35658-016-0080-0.

Full text
APA, Harvard, Vancouver, ISO, and other styles
15

Köhler, Jens, and Henry Förster. "Trusted Execution Environments in Vehicles." ATZelektronik worldwide 11, no. 5 (October 2016): 36–41. http://dx.doi.org/10.1007/s38314-016-0074-y.

Full text
APA, Harvard, Vancouver, ISO, and other styles
16

Kohlbrenner, David, Shweta Shinde, Dayeol Lee, Krste Asanovic, and Dawn Song. "Building Open Trusted Execution Environments." IEEE Security & Privacy 18, no. 5 (September 2020): 47–56. http://dx.doi.org/10.1109/msec.2020.2990649.

Full text
APA, Harvard, Vancouver, ISO, and other styles
17

Anciaux, Nicolas, Luc Bouganim, Philippe Pucheral, lulian Sandu Popa, and Guillaume Scerri. "Personal database security and trusted execution environments." Proceedings of the VLDB Endowment 12, no. 12 (August 2019): 1994–97. http://dx.doi.org/10.14778/3352063.3352118.

Full text
APA, Harvard, Vancouver, ISO, and other styles
18

Jauernig, Patrick, Ahmad-Reza Sadeghi, and Emmanuel Stapf. "Trusted Execution Environments: Properties, Applications, and Challenges." IEEE Security & Privacy 18, no. 2 (March 2020): 56–60. http://dx.doi.org/10.1109/msec.2019.2947124.

Full text
APA, Harvard, Vancouver, ISO, and other styles
19

Sasy, Sajin, and Ian Goldberg. "ConsenSGX: Scaling Anonymous Communications Networks with Trusted Execution Environments." Proceedings on Privacy Enhancing Technologies 2019, no. 3 (July 1, 2019): 331–49. http://dx.doi.org/10.2478/popets-2019-0050.

Full text
Abstract:
Abstract Anonymous communications networks enable individuals to maintain their privacy online. The most popular such network is Tor, with about two million daily users; however, Tor is reaching limits of its scalability. One of the main scalability bottlenecks of Tor and similar network designs originates from the requirement of distributing a global view of the servers in the network to all network clients. This requirement is in place to avoid epistemic attacks, in which adversaries who know which parts of the network certain clients do and do not know about can rule in or out those clients from being responsible for particular network traffic. In this work, we introduce a novel solution to this scalability problem by leveraging oblivious RAM constructions and trusted execution environments in order to enable clients to fetch only the parts of the network view they require, without the directory servers learning which parts are being fetched. We compare the performance of our design with the current Tor mechanism and other related works to show one to two orders of magnitude better performance from an end-to-end perspective. We analyse the requirements to actually deploy such a scheme today and conclude that it would only require a small fraction (<2.5%) of the relays to have the required hardware support; moreover, these relays can perform their roles with minimal network bandwidth requirements.
APA, Harvard, Vancouver, ISO, and other styles
20

Schwarz, Michael, and Daniel Gruss. "How Trusted Execution Environments Fuel Research on Microarchitectural Attacks." IEEE Security & Privacy 18, no. 5 (September 2020): 18–27. http://dx.doi.org/10.1109/msec.2020.2993896.

Full text
APA, Harvard, Vancouver, ISO, and other styles
21

Atamli-Reineh, Ahmad, Andrew Paverd, Giuseppe Petracca, and Andrew Martin. "A framework for application partitioning using trusted execution environments." Concurrency and Computation: Practice and Experience 29, no. 23 (April 23, 2017): e4130. http://dx.doi.org/10.1002/cpe.4130.

Full text
APA, Harvard, Vancouver, ISO, and other styles
22

Alder, Fritz, Jo Van Bulck, Jesse Spielman, David Oswald, and Frank Piessens. "Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments." Digital Threats: Research and Practice 3, no. 2 (June 30, 2022): 1–26. http://dx.doi.org/10.1145/3491264.

Full text
Abstract:
This article analyzes a previously overlooked attack surface that allows unprivileged adversaries to impact floating-point computations in enclaves through the Application Binary Interface (ABI). In a comprehensive study across 7 industry-standard and research enclave shielding runtimes for Intel Software Guard Extensions (SGX), we show that control and state registers of the x87 Floating-Point Unit (FPU) and Intel Streaming SIMD Extensions are not always properly sanitized on enclave entry. We furthermore show that this attack goes beyond the x86 architecture and can also affect RISC-V enclaves. Focusing on SGX, we abuse the adversary’s control over precision and rounding modes as an ABI fault injection primitive to corrupt enclaved floating-point operations. Our analysis reveals that this is especially relevant for applications that use the older x87 FPU, which is still under certain conditions used by modern compilers. We exemplify the potential impact of ABI quality-degradation attacks for enclaved machine learning and for the SPEC benchmarks. We then explore the impact on confidentiality, showing that control over exception masks can be abused as a controlled channel to recover enclaved multiplication operands. Our findings, affecting 5 of 7 studied SGX runtimes and one RISC-V runtime, demonstrate the challenges of implementing high-assurance trusted execution across computing architectures.
APA, Harvard, Vancouver, ISO, and other styles
23

Ekberg, Jan-Erik, Kari Kostiainen, and N. Asokan. "The Untapped Potential of Trusted Execution Environments on Mobile Devices." IEEE Security & Privacy 12, no. 4 (July 2014): 29–37. http://dx.doi.org/10.1109/msp.2014.38.

Full text
APA, Harvard, Vancouver, ISO, and other styles
24

Cheng, Jieren, Jun Li, Naixue Xiong, Meizhu Chen, Hao Guo, and Xinzhi Yao. "Lightweight Mobile Clients Privacy Protection Using Trusted Execution Environments for Blockchain." Computers, Materials & Continua 65, no. 3 (2020): 2247–62. http://dx.doi.org/10.32604/cmc.2020.011668.

Full text
APA, Harvard, Vancouver, ISO, and other styles
25

Sebastian, D. Jonathan, Utkarsh Agrawal, Ali Tamimi, and Adam Hahn. "DER-TEE: Secure Distributed Energy Resource Operations Through Trusted Execution Environments." IEEE Internet of Things Journal 6, no. 4 (August 2019): 6476–86. http://dx.doi.org/10.1109/jiot.2019.2909768.

Full text
APA, Harvard, Vancouver, ISO, and other styles
26

Liu, Yin, Kijin An, and Eli Tilevich. "RT-Trust: Automated refactoring for different trusted execution environments under real-time constraints." Journal of Computer Languages 56 (February 2020): 100939. http://dx.doi.org/10.1016/j.cola.2019.100939.

Full text
APA, Harvard, Vancouver, ISO, and other styles
27

Liang, Yihuai, Yan Li, and Byeong-Seok Shin. "FairCs—Blockchain-Based Fair Crowdsensing Scheme using Trusted Execution Environment." Sensors 20, no. 11 (June 3, 2020): 3172. http://dx.doi.org/10.3390/s20113172.

Full text
Abstract:
Crowdsensing applications provide platforms for sharing sensing data collected by mobile devices. A blockchain system has the potential to replace a traditional centralized trusted third party for crowdsensing services to perform operations that involve evaluating the quality of sensing data, finishing payment, and storing sensing data and so forth. The requirements which are codified as smart contracts are executed to evaluate the quality of sensing data in a blockchain. However, regardless of the fact that the quality of sensing data may actually be sufficient, one key challenge is that malicious requesters can deliberately publish abnormal requirements that cause failure to occur in the quality evaluation process. If requesters control a miner node or full node, they can access the data without making payment; this is because of the transparency of data stored in the blockchain. This issue promotes unfair dealing and severely lowers the motivation of workers to participate in crowdsensing tasks. We (i) propose a novel crowdsensing scheme to address this issue using Trusted Execution Environments; (ii) offer a solution for the confidentiality and integrity of sensing data, which is only accessible by the worker and corresponding requester; (iii) and finally, report on the implementation of a prototype and evaluate its performance. Our results demonstrate that the proposed solution can guarantee fairness without a significant increase in overhead.
APA, Harvard, Vancouver, ISO, and other styles
28

Wang, Ziwang, Liang Wang, and Huili Yan. "MA-TEECM: Mutual Anonymous Authentication-Based Credential Migration Technology for Mobile Trusted Execution Environments." IEEE Access 11 (2023): 3680–90. http://dx.doi.org/10.1109/access.2023.3235372.

Full text
APA, Harvard, Vancouver, ISO, and other styles
29

Lee, Junmo, Sanghyeon Park, and Soo-Mook Moon. "Secure Voting System with Sybil Attack Resistance using Probabilistic Quadratic Voting and Trusted Execution Environments." KIISE Transactions on Computing Practices 27, no. 8 (August 31, 2021): 382–87. http://dx.doi.org/10.5626/ktcp.2021.27.8.382.

Full text
APA, Harvard, Vancouver, ISO, and other styles
30

Markin, Dmitry Olegovich, Sergey Mikhailovich Makeev, and Thaj Trung Ho. "Security threat level estimation for untrusted software based on TrustZone technology." Proceedings of the Institute for System Programming of the RAS 34, no. 1 (2022): 35–48. http://dx.doi.org/10.15514/ispras-2022-34(1)-3.

Full text
Abstract:
The paper proposes a model for assessing the security of information processed by untrusted software from the components of the TrustZone technology. The results of vulnerability analysis of TrustZone technology implementations are presented. The structure of the trustlets security analysis tool has been developed. The paper deals with the problem of assessing the credibility of foreign-made software and hardware based on processors with the ARM architecture. The main results of the work are the classification of trustlets using their threat level assessment and the model of security threat level estimation of information processed by trustlets. Trustlets are software that operates in a trusted execution environment based on TrustZone technology in computers with ARM processors. An assessment of the security of information processed by trustlets for some implementations of trusted execution environments was carried out. The structural scheme of the analysis tool that allows identifying potentially dangerous code constructs in binary files of trustlets is presented. Also analysis tool's algorithm performing syntactic analysis of trustlet data is described. The calculation of the security assessment is carried out on the basis of a set of features proposed by authors. Calculated security assessment levels can be used to classify trustlets that are part of «trusted» operating systems based on TrustZone technology. The levels of potential threat to the security of the information they process are used to differ trustlets during certification tests and vulnerability search. It is advisable to use the results of the work in the interests of conducting certification tests of computer software based on processors with ARM architecture.
APA, Harvard, Vancouver, ISO, and other styles
31

Becker, K. F., S. Voges, P. Fruehauf, M. Heimann, S. Nerreter, R. Blank, M. Erdmann, et al. "Implementation of Trusted Manufacturing & AI-based process optimization into microelectronic manufacturing research environments." International Symposium on Microelectronics 2021, no. 1 (October 1, 2021): 000021–25. http://dx.doi.org/10.4071/1085-8024-2021.1.

Full text
Abstract:
Abstract Digitization is one of the hot topics in all Industry 4.0 efforts that are currently discussed. Often the focus is on digitization of business processes with a financial/organizational perspective on manufacturing, so the tools are adapting to enterprise resource planning [ERP] and manufacturing execution system [MES] rather than on actual manufacturing issues on the shop floor. Within the SiEvEI 4.0 project, a research consortium from the area of electronics manufacturing is working on digitization for a manufacturing scenario where high value electronic goods are built in a distributed manufacturing environment. The key research topics addressed are the implementation of a Chain of Trust [CoT] for such a distributed manufacturing, i.e. and the application of artificial intelligence/machine learning to analyze and eventually optimize manufacturing processes. The paper will introduce the concept of both COT and AI-based process analysis that will later on transferred into a microelectronics production environment. Two reference processes are targeted, SMD assembly using fully automated manufacturing equipment and Solder Ball Application using a high-mix/low volume concept. As a result, the paper presents a concept of how to digitize manufacturing processes and use this digital description of a process combination to make a distributed manufacturing flow safe and increase product/process quality.
APA, Harvard, Vancouver, ISO, and other styles
32

Brenna, Lars, Isak Sunde Singh, Håvard Dagenborg Johansen, and Dag Johansen. "TFHE-rs: A library for safe and secure remote computing using fully homomorphic encryption and trusted execution environments." Array 13 (March 2022): 100118. http://dx.doi.org/10.1016/j.array.2021.100118.

Full text
APA, Harvard, Vancouver, ISO, and other styles
33

Valadares, Dalton Cezane Gomes, Newton Carlos Will, Jean Caminha, Mirko Barbosa Perkusich, Angelo Perkusich, and Kyller Costa Gorgonio. "Systematic Literature Review on the Use of Trusted Execution Environments to Protect Cloud/Fog-Based Internet of Things Applications." IEEE Access 9 (2021): 80953–69. http://dx.doi.org/10.1109/access.2021.3085524.

Full text
APA, Harvard, Vancouver, ISO, and other styles
34

Li, Rujia, Qin Wang, Qi Wang, David Galindo, and Mark Ryan. "SoK: TEE-Assisted Confidential Smart Contract." Proceedings on Privacy Enhancing Technologies 2022, no. 3 (July 2022): 711–31. http://dx.doi.org/10.56553/popets-2022-0093.

Full text
Abstract:
The blockchain-based smart contract lacks privacy, since the contract state and instruction code are exposed to the public. Combining smart-contract execution with Trusted Execution Environments provides an efficient solution, called TEE-assisted smart contracts (TCSC), for protecting the confidentiality of contract states. However, the combination approaches are varied, and a systematic study is absent. Newly released systems may fail to draw upon the experience learned from existing protocols, such as repeating known design mistakes or applying TEE technology in insecure ways. In this paper, we first investigate and categorize existing systems into two types: the layer-one solution and the layer-two solution. Then, we establish an analysis framework to capture their common aspects, covering desired properties (for contract services), threat models, and security considerations (for underlying systems). Based on our taxonomy, we identify their ideal functionalities, and uncover fundamental flaws and challenges in each specification’s design. We believe that this work would provide a guide for the development of TEE-assisted smart contracts, as well as a framework to evaluate future TCSC systems.
APA, Harvard, Vancouver, ISO, and other styles
35

Laoutaris, Nikolaos, and Costas Iordanou. "What do information centric networks, trusted execution environments, and digital watermarking have to do with privacy, the data economy, and their future?" ACM SIGCOMM Computer Communication Review 51, no. 1 (January 31, 2021): 32–38. http://dx.doi.org/10.1145/3457175.3457181.

Full text
Abstract:
What if instead of having to implement controversial user tracking techniques, Internet advertising & marketing companies asked explicitly to be granted access to user data by name and category, such as Alice→Mobility→05-11-2020? The technology for implementing this already exists, and is none other than the Information Centric Networks (ICN), developed for over a decade in the framework of Next Generation Internet (NGI) initiatives. Beyond named access to personal data, ICN's in-network storage capability can be used as a substrate for retrieving aggregated, anonymized data, or even for executing complex analytics within the network, with no personal data leaking outside. In this opinion article we discuss how ICNs combined with trusted execution environments and digital watermarking, can be combined to build a personal data overlay inter-network in which users will be able to control who gets access to their personal data, know where each copy of said data is, negotiate payments in exchange for data, and even claim ownership, and establish accountability for data leakages due to malfunctions or malice. Of course, coming up with concrete designs about how to achieve all the above will require a huge effort from a dedicated community willing to change how personal data are handled on the Internet. Our hope is that this opinion article can plant some initial seeds towards this direction.
APA, Harvard, Vancouver, ISO, and other styles
36

Wagh, Sameer, Paul Cuff, and Prateek Mittal. "Differentially Private Oblivious RAM." Proceedings on Privacy Enhancing Technologies 2018, no. 4 (October 1, 2018): 64–84. http://dx.doi.org/10.1515/popets-2018-0032.

Full text
Abstract:
Abstract In this work, we investigate if statistical privacy can enhance the performance of ORAM mechanisms while providing rigorous privacy guarantees. We propose a formal and rigorous framework for developing ORAM protocols with statistical security viz., a differentially private ORAM (DP-ORAM). We present Root ORAM, a family of DP-ORAMs that provide a tunable, multi-dimensional trade-off between the desired bandwidth overhead, local storage and system security. We theoretically analyze Root ORAM to quantify both its security and performance. We experimentally demonstrate the benefits of Root ORAM and find that (1) Root ORAM can reduce local storage overhead by about 2× for a reasonable values of privacy budget, significantly enhancing performance in memory limited platforms such as trusted execution environments, and (2) Root ORAM allows tunable trade-offs between bandwidth, storage, and privacy, reducing bandwidth overheads by up to 2×-10× (at the cost of increased storage/statistical privacy), enabling significant reductions in ORAM access latencies for cloud environments. We also analyze the privacy guarantees of DP-ORAMs through the lens of information theoretic metrics of Shannon entropy and Min-entropy [16]. Finally, Root ORAM is ideally suited for applications which have a similar access pattern, and we showcase its utility via the application of Private Information Retrieval.
APA, Harvard, Vancouver, ISO, and other styles
37

Zhang, Junpeng, Hui Zhu, Fengwei Wang, Jiaqi Zhao, Qi Xu, and Hui Li. "Security and Privacy Threats to Federated Learning: Issues, Methods, and Challenges." Security and Communication Networks 2022 (September 28, 2022): 1–24. http://dx.doi.org/10.1155/2022/2886795.

Full text
Abstract:
Federated learning (FL) has nourished a promising method for data silos, which enables multiple participants to construct a joint model collaboratively without centralizing data. The security and privacy considerations of FL are focused on ensuring the robustness of the global model and the privacy of participants’ information. However, the FL paradigm is under various security threats from the adversary aggregator and participants. Therefore, it is necessary to comprehensively identify and classify potential threats to provide a theoretical basis for FL with security guarantees. In this paper, a unique classification of attacks, which reviews state-of-the-art research on security and privacy issues for FL, is constructed from the perspective of malicious threats based on different computing parties. Specifically, we categorize attacks with respect to performed by aggregator and participant, highlighting the Deep Gradients Leakage attacks and Generative Adversarial Networks attacks. Following an overview of attack methods, we discuss the primary mitigation techniques against security risks and privacy breaches, especially the application of blockchain and Trusted Execution Environments. Finally, several promising directions for future research are discussed.
APA, Harvard, Vancouver, ISO, and other styles
38

Mo, Fan, Hamed Haddadi, Kleomenis Katevas, Eduard Marin, Diego Perino, and Nicolas Kourtellis. "PPFL." GetMobile: Mobile Computing and Communications 25, no. 4 (March 30, 2022): 35–38. http://dx.doi.org/10.1145/3529706.3529715.

Full text
Abstract:
Mobile networks and devices provide the users with ubiquitous connectivity, while many of their functionality and business models rely on data analysis and processing. In this context, Machine Learning (ML) plays a key role and has been successfully leveraged by the different actors in the mobile ecosystem (e.g., application and Operating System developers, vendors, network operators, etc.). Traditional ML designs assume (user) data are collected and models are trained in a centralized location. However, this approach has privacy consequences related to data collection and processing. Such concerns have incentivized the scientific community to design and develop Privacy-preserving ML methods, including techniques like Federated Learning (FL) where the ML model is trained or personalized on user devices close to the data; Differential Privacy, where data are manipulated to limit the disclosure of private information; Trusted Execution Environments (TEE), where most of the computation is run under a secure/ private environment; and Multi-Party Computation, a cryptographic technique that allows various parties to run joint computations without revealing their private data to each other.
APA, Harvard, Vancouver, ISO, and other styles
39

Bastos, David, José Ribeiro, Fernando Silva, Mário Rodrigues, Carlos Rabadão, Antonio Fernández-Caballero, João Paulo Barraca, Nelson Pacheco Rocha, and António Pereira. "Security Mechanisms of a Mobile Health Application for Promoting Physical Activity among Older Adults." Sensors 21, no. 21 (November 3, 2021): 7323. http://dx.doi.org/10.3390/s21217323.

Full text
Abstract:
Physical activity contributes to the maintenance of health conditions and functioning. However, the percentage of older adults who comply with the recommendations for physical activity levels is low when compared to the same percentages on younger groups. The SmartWalk system aims to encourage older adults to perform physical activity (i.e., walking in the city), which is monitored and adjusted by healthcare providers for best results. The study reported in this article focused on the implementation of SmartWalk security services to keep personal data safe during communications and while at rest, which were validated considering a comprehensive use case. The security framework offers various mechanisms, including an authentication system that was designed to complement the pairs of usernames and passwords with trusted execution environments and token-based features, authorization with different access levels, symmetric and asymmetric key cryptography, critical transactions review, and logging supported by blockchain technology. The resulting implementation contributes for a common understanding of the security features of trustful smart cities’ applications, which conforms with existing legislation and regulations.
APA, Harvard, Vancouver, ISO, and other styles
40

Fischer, Andreas, Benny Fuhry, Jörn Kußmaul, Jonas Janneck, Florian Kerschbaum, and Eric Bodden. "Computation on Encrypted Data Using Dataflow Authentication." ACM Transactions on Privacy and Security 25, no. 3 (August 31, 2022): 1–36. http://dx.doi.org/10.1145/3513005.

Full text
Abstract:
Encrypting data before sending it to the cloud ensures data confidentiality but requires the cloud to compute on encrypted data. Trusted execution environments, such as Intel SGX enclaves, promise to provide a secure environment in which data can be decrypted and then processed. However, vulnerabilities in the executed program give attackers ample opportunities to execute arbitrary code inside the enclave. This code can modify the dataflow of the program and leak secrets via SGX side channels. Fully homomorphic encryption would be an alternative to compute on encrypted data without data leaks. However, due to its high computational complexity, its applicability to general-purpose computing remains limited. Researchers have made several proposals for transforming programs to perform encrypted computations on less powerful encryption schemes. Yet current approaches do not support programs making control-flow decisions based on encrypted data. We introduce the concept of dataflow authentication (DFAuth) to enable such programs. DFAuth prevents an adversary from arbitrarily deviating from the dataflow of a program. Our technique hence offers protections against the side-channel attacks described previously. We implemented two flavors of DFAuth, a Java bytecode-to-bytecode compiler, and an SGX enclave running a small and program-independent trusted code base. We applied DFAuth to a neural network performing machine learning on sensitive medical data and a smart charging scheduler for electric vehicles. Our transformation yields a neural network with encrypted weights, which can be evaluated on encrypted inputs in \( 12.55 \,\mathrm{m}\mathrm{s} \) . Our protected scheduler is capable of updating the encrypted charging plan in approximately 1.06 seconds.
APA, Harvard, Vancouver, ISO, and other styles
41

Ostrak, Andre, Jaak Randmets, Ville Sokk, Sven Laur, and Liina Kamm. "Implementing Privacy-Preserving Genotype Analysis with Consideration for Population Stratification." Cryptography 5, no. 3 (August 20, 2021): 21. http://dx.doi.org/10.3390/cryptography5030021.

Full text
Abstract:
In bioinformatics, genome-wide association studies (GWAS) are used to detect associations between single-nucleotide polymorphisms (SNPs) and phenotypic traits such as diseases. Significant differences in SNP counts between case and control groups can signal association between variants and phenotypic traits. Most traits are affected by multiple genetic locations. To detect these subtle associations, bioinformaticians need access to more heterogeneous data. Regulatory restrictions in cross-border health data exchange have created a surge in research on privacy-preserving solutions, including secure computing techniques. However, in studies of such scale, one must account for population stratification, as under- and over-representation of sub-populations can lead to spurious associations. We improve on the state of the art of privacy-preserving GWAS methods by showing how to adapt principal component analysis (PCA) with stratification control (EIGENSTRAT), FastPCA, EMMAX and the genomic control algorithm for secure computing. We implement these methods using secure computing techniques—secure multi-party computation (MPC) and trusted execution environments (TEE). Our algorithms are the most complex ones at this scale implemented with MPC. We present performance benchmarks and a security and feasibility trade-off discussion for both techniques.
APA, Harvard, Vancouver, ISO, and other styles
42

Darbandi, Mehdi, Hamza Mohammed Ridha Al-Khafaji, Seyed Hamid Hosseini Nasab, Ahmad Qasim Mohammad AlHamad, Beknazarov Zafarjon Ergashevich, and Nima Jafari Navimipour. "Blockchain Systems in Embedded Internet of Things: Systematic Literature Review, Challenges Analysis, and Future Direction Suggestions." Electronics 11, no. 23 (December 4, 2022): 4020. http://dx.doi.org/10.3390/electronics11234020.

Full text
Abstract:
Internet of Things (IoT) environments can extensively use embedded devices. Without the participation of consumers; tiny IoT devices will function and interact with one another, but their operations must be reliable and secure from various threats. The introduction of cutting-edge data analytics methods for linked IoT devices, including blockchain, may lower costs and boost the use of cloud platforms. In a peer-to-peer network such as blockchain, no one has to be trusted because each peer is in charge of their task, and there is no central server. Because blockchain is tamper-proof, it is connected to IoT to increase security. However, the technology is still developing and faces many challenges, such as power consumption and execution time. This article discusses blockchain technology and embedded devices in distant areas where IoT devices may encounter network shortages and possible cyber threats. This study aims to examine existing research while also outlining prospective areas for future work to use blockchains in smart settings. Finally, the efficiency of the blockchain is evaluated through performance parameters, such as latency, throughput, storage, and bandwidth. The obtained results showed that blockchain technology provides security and privacy for the IoT.
APA, Harvard, Vancouver, ISO, and other styles
43

Matos, Everton de, and Markku Ahvenjärvi. "seL4 Microkernel for Virtualization Use-Cases: Potential Directions towards a Standard VMM." Electronics 11, no. 24 (December 16, 2022): 4201. http://dx.doi.org/10.3390/electronics11244201.

Full text
Abstract:
Virtualization plays an essential role in providing security to computational systems by isolating execution environments. Many software solutions, called hypervisors, have been proposed to provide virtualization capabilities. However, only a few were designed for being deployed at the edge of the network in devices with fewer computation resources when compared with servers in the Cloud. Among the few lightweight software that can play the hypervisor role, seL4 stands out by providing a small Trusted Computing Base and formally verified components, enhancing its security. Despite today being more than a decade with seL4 microkernel technology, its existing userland and tools are still scarce and not very mature. Over the last few years, the main effort has been to increase the maturity of the kernel itself, and not the tools and applications that can be hosted on top. Therefore, it currently lacks proper support for a full-featured userland Virtual Machine Monitor, and the existing one is quite fragmented. This article discusses the potential directions to a standard VMM by presenting our view of design principles and the feature set needed. This article does not intend to define a standard VMM, we intend to instigate this discussion through the seL4 community.
APA, Harvard, Vancouver, ISO, and other styles
44

Currie, Levern Q., and Eva Wiese. "Mind Perception in a Competitive Human-Robot Interaction Game." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 63, no. 1 (November 2019): 1957–61. http://dx.doi.org/10.1177/1071181319631284.

Full text
Abstract:
Robotic agents are becoming increasingly pervasive in society, and have already begun advancing fields such as healthcare, education, and industry. However, despite their potential to do good for society, many people still feel unease when imaging a future where robots and humans work and live together in shared environments, partly because robots are not generally trusted or ascribed human-like socio-emotional skills such as mentalizing and empathizing. In addition, performing tasks conjointly with robots can be frustrating and ineffective partially due to the fact that neuronal networks involved in action understanding and execution (i.e., the action-perception network; APN) are underactivated in human-robot interaction (HRI). While a number of studies has linked underactivation in APN to reduced abilities to predict a robot’s actions, little is known about how performing a competitive task together with a robot affects one’s own ability to execute or suppress an action. In the current experiment, we use a Go/No-Go task that requires participants to give a response on Go trials and suppress a response on No-Go trials to examine whether the performance of human players is impacted by whether they play the game against a robot believed to be controlled by a human as opposed to being pre-programmed. Preliminary data shows higher false alarm rates on No-Go trials, higher hit rates on Go trials, longer reaction times on Go trials and higher inverse efficiency scores in the human-controlled versus the pre-programmed condition. The results show that mind perception (here: perceiving actions as human-controlled) significantly impacted action execution of human players in a competitive human-robot interaction game.
APA, Harvard, Vancouver, ISO, and other styles
45

Syed, Toqeer Ali, Salman Jan, Muhammad Shoaib Siddiqui, Ali Alzahrani, Adnan Nadeem, Arshad Ali, and Ali Ullah. "CAR-Tourist: An Integrity-Preserved Collaborative Augmented Reality Framework-Tourism as a Use-Case." Applied Sciences 12, no. 23 (November 24, 2022): 12022. http://dx.doi.org/10.3390/app122312022.

Full text
Abstract:
The unprecedented growth in Augmented Reality (AR) has captured the focus of researchers and the industrial sector. The development of AR applications and their implementation in various domains is broadening. One of the advancements in the field of AR is Collaborative AR, which provides ample opportunities for the members of a team to work on a particular project remotely. The various activities carried out remotely, in a collaborative fashion, are based on the active interaction and transmission of data and applications across a communication channel that constitutes a mesh of frequently interacting applications, thus providing a real feeling of working together physically in the purportedly same demographic area. However, in the integration of different roles, remotely working in collaborative AR has a great chance of being intruded upon and manipulated. Consequently, the intrusion may explore novel vulnerabilities to various sensitive collaborative projects. One of the security concerns for collaborative and interconnected remote applications is to have pristine environments, where the participants of the collaborative AR can reliably trust each other during the execution of the various processes. This paper presents an integrity-aware CAR-Tourist (Collaborative Augmented reality for Tourism) framework wherein the unauthorized user’s access is denied and the remote participants of the network are provided with a secure environment through the state-of-the-art Blockchain architecture. This study further provides a use-case implementation of a tourism application. Each tourist has the chance to hire a remote guide for collaborative guidance over a blockchain-trusted network. Moreover, the proposed framework is lightweight, as the only necessary communication between the tourist and guide is recorded in the blockchain network. Each user has to register on a permission blockchain to be allowed to perform certain activities on our proposed CAR-Tourist framework. The decentralized Blockchain approach provides a consensus mechanism based on which not every participant is free to intrude on ongoing communication. Thus, through the proposed framework, all the participants in the collaborative Augmented Reality will have the essential trust of working remotely without external intrusion.
APA, Harvard, Vancouver, ISO, and other styles
46

Geppert, Tim, Stefan Deml, David Sturzenegger, and Nico Ebert. "Trusted Execution Environments: Applications and Organizational Challenges." Frontiers in Computer Science 4 (July 7, 2022). http://dx.doi.org/10.3389/fcomp.2022.930741.

Full text
Abstract:
A lack of trust in the providers is still a major barrier to cloud computing adoption – especially when sensitive data is involved. While current privacy-enhancing technologies, such as homomorphic encryption, can increase security, they come with a considerable performance overhead. As an alternative Trusted Executing Environment (TEE) provides trust guarantees for code execution in the cloud similar to transport layer security for data transport or advanced encryption standard algorithms for data storage. Cloud infrastructure providers like Amazon, Google, and Microsoft introduced TEEs as part of their infrastructure offerings. This review will shed light on the different technological options of TEEs, as well as give insight into organizational issues regarding their usage.
APA, Harvard, Vancouver, ISO, and other styles
47

Schneider, Moritz, Aritra Dhar, Ivan Puddu, Kari Kostiainen, and Srdjan Čapkun. "Composite Enclaves: Towards Disaggregated Trusted Execution." IACR Transactions on Cryptographic Hardware and Embedded Systems, November 19, 2021, 630–56. http://dx.doi.org/10.46586/tches.v2022.i1.630-656.

Full text
Abstract:
The ever-rising computation demand is forcing the move from the CPU to heterogeneous specialized hardware, which is readily available across modern datacenters through disaggregated infrastructure. On the other hand, trusted execution environments (TEEs), one of the most promising recent developments in hardware security, can only protect code confined in the CPU, limiting TEEs’ potential and applicability to a handful of applications. We observe that the TEEs’ hardware trusted computing base (TCB) is fixed at design time, which in practice leads to using untrusted software to employ peripherals in TEEs. Based on this observation, we propose composite enclaves with a configurable hardware and software TCB, allowing enclaves access to multiple computing and IO resources. Finally, we present two case studies of composite enclaves: i) an FPGA platform based on RISC-V Keystone connected to emulated peripherals and sensors, and ii) a large-scale accelerator. These case studies showcase a flexible but small TCB (2.5 KLoC for IO peripherals and drivers), with a low-performance overhead (only around 220 additional cycles for a context switch), thus demonstrating the feasibility of our approach and showing that it can work with a wide range of specialized hardware.
APA, Harvard, Vancouver, ISO, and other styles
48

"Threats and Vulnerabilities to IoT End Devices Architecture and suggested remedies." International Journal of Recent Technology and Engineering 8, no. 6 (March 30, 2020): 5712–18. http://dx.doi.org/10.35940/ijrte.f9469.038620.

Full text
Abstract:
Due to decentralization of Internet of Things(IoT) applications and anything, anytime, anywhere connectivity has increased burden of data processing and decision making at IoT end devices. This overhead initiated new bugs and vulnerabilities thus security threats are emerging and presenting new challenges on these end devices. IoT End Devices rely on Trusted Execution Environments (TEEs) by implementing Root of trust (RoT) as soon as power is on thus forming Chain of trust (CoT) to ensure authenticity, integrity and confidentiality of every bit and byte of Trusted Computing Base (TCB) but due to un-trusted external world connectivity and security flaws such as Spectre and meltdown vulnerabilities present in the TCB of TEE has made CoT unstable and whole TEE are being misutilized. This paper suggests remedial solutions for the threats arising due to bugs and vulnerabilities present in the different components of TCB so as to ensure the stable CoT resulting into robust TEE.
APA, Harvard, Vancouver, ISO, and other styles
49

Nashimoto, Shoei, Daisuke Suzuki, Rei Ueno, and Naofumi Homma. "Bypassing Isolated Execution on RISC-V using Side-Channel-Assisted Fault-Injection and Its Countermeasure." IACR Transactions on Cryptographic Hardware and Embedded Systems, November 19, 2021, 28–68. http://dx.doi.org/10.46586/tches.v2022.i1.28-68.

Full text
Abstract:
RISC-V is equipped with physical memory protection (PMP) to prevent malicious software from accessing protected memory regions. PMP provides a trusted execution environment (TEE) that isolates secure and insecure applications. In this study, we propose a side-channel-assisted fault-injection attack to bypass isolation based on PMP. The proposed attack scheme involves extracting successful glitch parameters for fault injection from side-channel information under crossdevice conditions. A proof-of-concept TEE compatible with PMP in RISC-V was implemented, and the feasibility and effectiveness of the proposed attack scheme was validated through experiments in TEEs. The results indicate that an attacker can bypass the isolation of the TEE and read data from the protected memory region In addition, we experimentally demonstrate that the proposed attack applies to a real-world TEE, Keystone. Furthermore, we propose a software-based countermeasure that prevents the proposed attack.
APA, Harvard, Vancouver, ISO, and other styles
50

Foley, Patrick, Micah J. Sheller, Brandon Edwards, Sarthak Pati, Walter Riviera, Mansi Sharma, Prakash Narayana Moorthy, et al. "OpenFL: the open federated learning library." Physics in Medicine & Biology, October 5, 2022. http://dx.doi.org/10.1088/1361-6560/ac97d9.

Full text
Abstract:
Abstract Objective: Federated learning (FL) is a computational paradigm that enables organizations to collaborate on machine learning (ML) and deep learning (DL) projects without sharing sensitive data, such as patient records, financial data, or classified secrets. Approach: Open Federated Learning (OpenFL) framework is an open-source python-based tool for training ML/DL algorithms using the data-private collaborative learning paradigm of FL, irrespective to the use case. OpenFL works with training pipelines built with both TensorFlow and PyTorch, and can be easily extended to other ML and DL frameworks. Main Results: In this manuscript, we present OpenFL and summarize its motivation and development characteristics, with the intention of facilitating its application to existing ML/DL model training in a production environment. We further provide recommendations to secure a federation using trusted execution environments to ensure explicit model security and integrity, as well as maintain data confidentiality. Finally, we describe the first real-world healthcare federations that use the OpenFL library, and highlight how it can be applied to other non-healthcare use cases. Significance: The OpenFL library is designed for real world scalability, trusted execution, and also prioritizes easy migration of centralized ML models into a federated training pipeline. Although OpenFL's initial use case was in healthcare, it is applicable beyond this domain and is now reaching wider adoption both in research and production settings. The tool is open sourced at github.com/intel/openfl.
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'Trusted Execution Environments (TEEs)' for other source types:
Dissertations / Theses
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography