Secure Processors Part I: Background, Taxonomy for Secure Enclaves and Intel SGX Architecture

Costan, Victor; Lebedev, Ilya; Devadas, Srinivas

doi:10.1561/9781680833010

Cited by 24 publications

(32 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Data provided to an SP is non-deterministically encrypted, and the SP cannot decrypt the data. However, the SP contains a secure enclave [14] (which works as a trusted agent of the SDP) using which the SP can provision services over encrypted data. 1 The SP may request encrypted data from the cloud prior to the data being deleted.…”

Section: Entitiesmentioning

confidence: 99%

“…The SP stores encrypted sensor data ( 3 ), received from the cloud. For building services, the SP has the secure enclave (Intel Software Guard eXtension, SGX [14]) that works as a trusted agent of the SDP. The secure enclave receives the digitally signed user queries ( 5 ) and provides answers after decrypting the data inside the enclave and processing the sensor data ( 6 ).…”

Section: Iot Expunge -Dataflowmentioning

confidence: 99%

“…Step 2: Deleting sensor reading (Lines [1][2][3][4][5][6][7][8][9][10][11][12][13][14]. Suppose that in an epoch T i , n sensor records are needed to be deleted.…”

Section: State Transition Phasementioning

confidence: 99%

See 2 more Smart Citations

IoT Expunge

Panwar

Sharma

Gupta

et al. 2020

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

The growing deployment of Internet of Things (IoT) systems aims to ease the daily life of end-users by providing several value-added services. However, IoT systems may capture and store sensitive, personal data about individuals in the cloud, thereby jeopardizing user-privacy. Emerging legislation, such as California's CalOPPA and GDPR in Europe, support strong privacy laws to protect an individual's data in the cloud. One such law relates to strict enforcement of data retention policies. This paper proposes a framework, entitled IoT Expunge that allows sensor data providers to store the data in cloud platforms that will ensure enforcement of retention policies. Additionally, the cloud provider produces verifiable proofs of its adherence to the retention policies. Experimental results on a real-world smart building testbed show that IoT Expunge imposes minimal overheads to the user to verify the data against data retention policies. CCS CONCEPTS• Security and privacy → Security protocols; Mobile and wireless security; Domain-specific security and privacy architectures; Social aspects of security and privacy.1 Since secure enclave is a trusted agent of SDP, it can decrypt and compute over encrypted data.There are challenges in computing using enclaves due to side-channel attacks, e.g., cache-line, branch shadow, page-fault attacks [42], but since the focus of this paper is on implementing data retention policies, we do not address those challenges in this paper.

show abstract

Section: Entitiesmentioning

confidence: 99%

Section: Iot Expunge -Dataflowmentioning

confidence: 99%

See 1 more Smart Citation

IoT Expunge

Panwar

Sharma

Gupta

et al. 2020

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

show abstract

“…To achieve our second goal, a minimal trusted software stack, we use enclaves as TEE for the implementation of Scanclave. An example for such an enclave is Intel Software Guard Extensions (SGX) [9]. The goal of enclaves is to allow an application in user space to create an area which is protected against software running on higher privilege levels.…”

Section: Designmentioning

confidence: 99%

“…The private key can not be shipped with Scanclave, as high privileged software is able to inspect all components required to launch the enclave [9]. While the integrity of the components can be guaranteed by remote attestation protocols, their confidentiality can be violated by a high privileged adversary [3].…”

Section: Designmentioning

confidence: 99%

Scanclave: Verifying Application Runtime Integrity in Untrusted Environments

Morbitzer

2019

2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)

View full text Add to dashboard Cite

Data hosted in a cloud environment can be subject to attacks from a higher privileged adversary, such as a malicious or compromised cloud provider. To provide confidentiality and integrity even in the presence of such an adversary, a number of Trusted Execution Environments (TEEs) have been developed. A TEE aims to protect data and code within its environment against high privileged adversaries, such as a malicious operating system or hypervisor.While mechanisms exist to attest a TEE's integrity at load time [3], there are no mechanisms to attest its integrity at runtime. Additionally, work also exists that discusses mechanisms to verify the runtime integrity of programs and system components. However, those verification mechanisms are themselves not protected against attacks from a high privileged adversary. It is therefore desirable to combine the protection mechanisms of TEEs with the ability of application runtime integrity verification.In this paper, we present Scanclave, a lightweight design which achieves three design goals: Trustworthiness of the verifier, a minimal trusted software stack and the possibility to access an application's memory from a TEE. Having achieved our goals, we are able to verify the runtime integrity of applications even in the presence of a high privileged adversary.We refrain from discussing which properties define the runtime integrity of an application, as different applications will require different verification methods. Instead, we show how Scanclave enables a remote verifier to determine the runtime integrity of an application. Afterwards, we perform a security analysis for the different steps of our design. Additionally, we discuss different enclave implementations that might be used for the implementation of Scanclave.

show abstract

Exploiting Data Sensitivity on Partitioned Data

Mehrotra

Oktay

Sharma

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Several researchers have proposed solutions for secure data outsourcing on the public clouds based on encryption, secret-sharing, and trusted hardware. Existing approaches, however, exhibit many limitations including high computational complexity, imperfect security, and information leakage. This chapter describes an emerging trend in secure data processing that recognizes that an entire dataset may not be sensitive, and hence, non-sensitivity of data can be exploited to overcome some of the limitations of existing encryption-based approaches. In particular, data and computation can be partitioned into sensitive or non-sensitive datasets -sensitive data can either be encrypted prior to outsourcing or stored/processed locally on trusted servers. The non-sensitive dataset, on the other hand, can be outsourced and processed in the cleartext. While partitioned computing can bring new efficiencies since it does not incur (expensive) encrypted data processing costs on non-sensitive data, it can lead to information leakage. We study partitioned computing in two contexts -first, in the context of the hybrid cloud where local resources are integrated with public cloud resources to form an effective and secure storage and computational platform for enterprise data. In the hybrid cloud, sensitive data is stored on the private cloud to prevent leakage and a computation is partitioned between private and public clouds. Care must be taken that the public cloud cannot infer any information about sensitive data from inter-cloud data access during query processing. We then consider partitioned computing in a public cloud only setting, where sensitive data is encrypted before outsourcing. We formally define a partitioned security criterion that any approach to partitioned computing on public clouds must ensure in order to not introduce any new vulnerabilities to the existing secure solution. We sketch out an approach to secure partitioned computing that we refer to as query binning (QB) and show how QB can be used to support selection queries. We evaluate conditions under which partitioned computing approaches such as QB can improve the performance of cryptographic approaches that are prone to size, frequency-count, and workload attacks.

show abstract

Secure Processors Part I: Background, Taxonomy for Secure Enclaves and Intel SGX Architecture

Cited by 24 publications

References 0 publications

IoT Expunge

IoT Expunge

Scanclave: Verifying Application Runtime Integrity in Untrusted Environments

Exploiting Data Sensitivity on Partitioned Data

Contact Info

Product

Resources

About