AccTEE

Goltzsche, David; Nieke, Manuel; Knauth, Thomas; Kapitza, Rüdiger

doi:10.1145/3361525.3361541

Cited by 31 publications

(6 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…WebAssembly and TEEs. ACCTEE [16] runs Wasm inside Intel SGX, with the specific goal of implementing trustworthy resource accounting under malicious OSs. It leverages the SGX-LKL [15] library OS and V8 JavaScript/WebAssembly engine to execute Wasm binaries inside SGX enclaves.…”

Section: Related Workmentioning

confidence: 99%

“…PolyBench/C [60] is a CPU-bound benchmark suite commonly used to validate compiler optimisations and compare the performance of Wasm execution environments [16], [61]. We leveraged PolyBench/C due to the practicality of deploying it in SGX enclaves.…”

Section: Micro-benchmarks: Polybench/cmentioning

confidence: 99%

“…In fact, these runtimes do not allow the execution of unmodified source code. In the domain of Wasm, we highlight ACCTEE [15] and SGX-LKL [16], which execute Wasm binaries inside secure enclaves. ACCTEE provides resource accounting for Wasm bytecode but lacks comprehensive OS-level sandboxing, relying instead on SGX-LKL for enclave execution.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Comprehensive Trusted Runtime for WebAssembly With Intel SGX

Ménétrey,

Pasin,

Felber

et al. 2024

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

In real-world scenarios, trusted execution environments (TEEs) frequently host applications that lack the trust of the infrastructure provider, as well as data owners who have specifically outsourced their data for remote processing. We present TWINE, a trusted runtime for running WebAssembly-compiled applications within TEEs, establishing a two-way sandbox. TWINE leverages memory safety guarantees of WebAssembly (Wasm) and abstracts the complexity of TEEs, empowering the execution of legacy and languageagnostic applications. It extends the standard WebAssembly system interface (WASI), providing controlled OS services, focusing on I/O. Additionally, through built-in TEE mechanisms, TWINE delivers attestation capabilities to ensure the integrity of the runtime and the OS services supplied to the application. We evaluate its performance using general-purpose benchmarks and real-world applications, showing it compares on par with state-of-the-art solutions. A case study involving fintech company Credora reveals that TWINE can be deployed in production with reasonable performance trade-offs, ranging from a 0.7× slowdown to a 1.17× speedup compared to native run time. Finally, we identify performance improvement through library optimisation, showcasing one such adjustment that leads up to 4.1× speedup. TWINE is open-source and has been upstreamed into the original Wasm runtime, WAMR.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Micro-benchmarks: Polybench/cmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Comprehensive Trusted Runtime for WebAssembly With Intel SGX

Ménétrey,

Pasin,

Felber

et al. 2024

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…TEE provides secure enclaves within hardware architecture, such as SGX's isolated compartments, safeguarding critical code and data from unauthorized access, software vulnerabilities, and hardware threats. AccTEE [23] executes WASM binary compiled for a specific target system in Intel's SGX enclaves to protect critical operations in unsafe OS or host systems. TWINE [24] runs a lightweight Wasm virtual machine in a trusted execution environment and supports WASI (WebAssembly system interface) so that existing WASM applications can be executed without recompilation.…”

Section: Related Work a Wasm Securitymentioning

confidence: 99%

metaSafer: A Technique to Detect Heap Metadata Corruption in WebAssembly

Song,

Park,

Kwon

2023

IEEE Access

View full text Add to dashboard Cite

WebAssembly (Wasm), a technology enabling efficient native code execution in web browsers, has seen a significant rise in adoption as a popular compilation target. This has led to the emergence of lightweight web services powered by Wasm, characterized by their small binary size and reduced data transfer overhead, thanks to the inherent efficiency of Wasm. Despite their lightweight nature, these services can deliver powerful features like image/video processing, AI and graphical application that surpass the capabilities of JavaScript. To ensure lightweight web services and enhance the overall web experience, Wasm has been extensively optimized. However, these optimizations have raised concerns about memory safety, leading to memory-related vulnerabilities. Wasm's characteristic memory structure, linear memory, has vulnerabilities that provide various attack vectors to attackers. In particular, it presents various attack possibilities through metadata modification containing memory structure information. Attackers can exploit heap memory overflow in Wasm applications, allowing them to target arbitrary memory addresses, modify data, or execute arbitrary code. Such overflows can corrupt memory metadata, resulting in incorrect memory behavior. While research has mitigate memory-related weaknesses in languages such as C and C++ and architectures like X86 in recent decades, the direct application of security solutions designed for different domains to Wasm is not a practical approach. Consequently, allocators in Wasm remain vulnerable to issues like heap overflow and metadata corruption. Thus, there is a pressing need for tailored memory safety techniques and solutions that accommodate Wasm's architecture-agnostic and linear memory structures. In this paper, we propose metaSafer as a solution. By shadowing metadata from Wasm linear memory to JavaScript virtual machine memory and conducting metadata verification, metaSafer effectively blocks attack attempts and vectors. Notably, our solution achieves fast memory shadowing and validation while maintaining a small code size. Through various verification processes, we measured the performance and code size of metaSafer, revealing that it is a software-only security solution with no additional hardware requirements. metaSafer demonstrates robust metadata protection for Wasm applications with an acceptable performance overhead of up to 8% in SQLite speed tests and Polybench benchmarks.

show abstract

“…Finally, there are also numerous efforts of using TEEs for various client side security applications, and these include web application sandboxing by AccTee [20], Tor security and privacy enhancement by SGX-Tor [26], and cheating prevention of computer games [11], [33]. Our protocol design is inspired by these efforts, but go beyond by exploring the new applications of TEE for CAVs.…”

Section: Related Workmentioning

confidence: 99%

Towards a TEE-based V2V Protocol for Connected and Autonomous Vehicles

Jangid¹,

Lin²

2022

Proceedings Fourth International Workshop on Automotive and Autonomous Vehicle Security

View full text Add to dashboard Cite

any misbehavior in the CAV communication should be prohibited and investigated. Therefore, the data management of the CAV network should include dynamic revocation and accountability of (malicious or compromised) vehicles.To address these challenges, many prior efforts (e.g., [3], [12], [28]) advocate the use of certificate-based authentication to meet the demands of CAV infrastructure security such as authentication as well as scalability and efficiency, inspired by the practice from Internet-based network [19], [21]. Unfortunately, such a certificate-based authentication requires frequent asymmetric key encryption and decryption and communication with centralized public-key infrastructures, thereby hindering their practicality, particularly when considering the fact that multiple on-road vehicles can form an ad-hoc network at arbitrary moment and there is a need to instantly authenticate a vehicle and trust its communication.In this paper, we propose a new Vehicle-to-Vehicle (V2V) protocol by leveraging the Trusted Execution Environment (TEE) of in-vehicle processors. In particular, we notice many of the security and efficiency demands can be met without involving certificates and frequent asymmetric key encryption and decryption if we can leverage TEE and use a TEE protected temporal (e.g., daily) symmetric key-based communication protocol. Specifically, in such a protocol, many security demands such as confidentiality, authenticity and replay protection can be achieved naturally by using securely provisioned Daily Symmetric (DK) keys protected by TEE. The changing symmetric keys are further stored in the TEE protected sealed storage to prevent a malicious OS or other privileged software from stealing or modifying the sensitive information. Such a TEE based authentication removes the pairwise key exchange overhead when using certificate-based authentication, allowing instantly broadcast of encrypted data.To strike the balance between privacy and utility, we also choose to associate a temporary random vehicle identifier (TID) with all the vehicle activities to protect driver's (or user's) privacy. In particular, the TID is derived from a Vehiclespecific Root Key (VRK) stored in a sealed storage as well as the servers of trusted authorities such as Bureau of Motor Vehicles (BMV). All CAV network activities, containing TID, are logged by road side units (e.g., the edge servers, and smart traffic lights). Only when there is an accident or security breach, the VRK will be revealed to forensics investigators. Based on the VRK, the forensics investigators can further locate the vehicle owners and hold them accountable if they commit any crimes. Strict access control will be enforced for the database server to ensure only those who have the permission is allowed to review the VRK information. Additionally,

show abstract

AccTEE

Cited by 31 publications

References 25 publications

A Comprehensive Trusted Runtime for WebAssembly With Intel SGX

A Comprehensive Trusted Runtime for WebAssembly With Intel SGX

metaSafer: A Technique to Detect Heap Metadata Corruption in WebAssembly

Towards a TEE-based V2V Protocol for Connected and Autonomous Vehicles

Contact Info

Product

Resources

About