SoK: Hardware-supported Trusted Execution Environments

Schneider, M; Masti, Ramya Jayaram; Shinde, Shweta; Čapkun, Srđjan; Perez, Ronald A.

doi:10.48550/arxiv.2205.12742

Cited by 8 publications

(11 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A number of technologies can be used to mitigate security and privacy concerns during FL [55][56][57] . Homomorphic encryption 58 , secure multiparty compute 59 , and trusted execution environments (TEEs) 60,61 allow for collaborative computations to be performed with untrusted parties while maintaining confidentiality of the inputs to the computation. Differentially private training algorithms [62][63][64] allow for mitigation of information leakage from both the collaborator model updates and the global consensus aggregated models.…”

Section: Discussionmentioning

confidence: 99%

“…In this study, all the network communications during the FL model training process were based on TLS 111 , to mitigate potential exposure of information during transit. Additionally, we demonstrated the feasibility of TEEs 60,61 for federated training by running the aggregator workload on the secure enclaves of Intel's Secure Guard Extensions (SGX) hardware (Intel® Xeon® E-2286M vPro 8-Core 2.4-5.0GHz Turbo), which ensured the confidentiality of the updates being aggregated and the integrity of the consensus model. TLS and TEEs can help mitigate some of the security and privacy concerns that remain for FL 55 .…”

Section: The Federationmentioning

confidence: 99%

“…60 Image-Based Biomedical Modeling, Department of Informatics, Technical University of Munich, Munich, Germany. 61 Department of Radiology, NYU Grossman School of Medicine, New York, NY, USA. 62 Department of Neurosurgery, NYU Grossman School of Medicine, New York, NY, USA.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Federated learning enables big data for rare cancer boundary detection

et al. 2022

View full text Add to dashboard Cite

Although machine learning (ML) has shown promise across disciplines, out-of-sample generalizability is concerning. This is currently addressed by sharing multi-site data, but such centralization is challenging/infeasible to scale due to various limitations. Federated ML (FL) provides an alternative paradigm for accurate and generalizable ML, by only sharing numerical model updates. Here we present the largest FL study to-date, involving data from 71 sites across 6 continents, to generate an automatic tumor boundary detector for the rare disease of glioblastoma, reporting the largest such dataset in the literature (n = 6, 314). We demonstrate a 33% delineation improvement for the surgically targetable tumor, and 23% for the complete tumor extent, over a publicly trained model. We anticipate our study to: 1) enable more healthcare studies informed by large diverse data, ensuring meaningful results for rare diseases and underrepresented populations, 2) facilitate further analyses for glioblastoma by releasing our consensus model, and 3) demonstrate the FL effectiveness at such scale and task-complexity as a paradigm shift for multi-site collaborations, alleviating the need for data-sharing.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: The Federationmentioning

confidence: 99%

See 1 more Smart Citation

Federated learning enables big data for rare cancer boundary detection

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Examples of TCs are the TPM, ARM TrustZone, or TEEs such as Intel Security Guard Extensions (SGX) and ARM Confidential Compute Architecture (CCA). Nowadays, trusted components are ubiquitous in modern hardware [38], and with recent developments in the automotive domain, starting with Infineon's automotive-certified Optiga TPM [27] (released in 2018) and automotive security processors such as the NXP NCJ38A [37] (available since 2020), TEE solutions are available and working groups within the Trusted Computing Group and Global Platform are active in designing automotive security services based on TEEs [42], [22].…”

Section: A Vehicles and Trusted Componentsmentioning

confidence: 99%

Efficient and Timely Revocation of V2X Credentials

Scopelliti,

Baumann,

Alder

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

In Intelligent Transport Systems, secure communication between vehicles, infrastructure, and other road users is critical to maintain road safety. This includes the revocation of cryptographic credentials of misbehaving or malicious vehicles in a timely manner. However, current standards are vague about how revocation should be handled, and recent surveys suggest severe limitations in the scalability and effectiveness of existing revocation schemes. In this paper, we present a formally verified mechanism for self-revocation of Vehicle-to-Everything (V2X) pseudonymous credentials, which relies on a trusted processing element in vehicles but does not require a trusted time source. Our scheme is compatible with ongoing standardization efforts and, leveraging the Tamarin prover, is the first to guarantee the actual revocation of credentials with a predictable upper bound on revocation time and in the presence of realistic attackers. We test our revocation mechanism in a virtual 5G-Edge deployment scenario where a large number of vehicles communicate with each other, simulating real-world conditions such as network malfunctions and delays. Results show that our scheme upholds formal guarantees in practice, while exhibiting low network overhead and good scalability.

show abstract

“…O tratamento de dados processados em um dispositivo requer confiabilidade no ambiente de execuc ¸ão. Os ambientes de execuc ¸ão confiáveis, do inglês Trusted Execution Environments (TEEs), vêm se tornando uma soluc ¸ão popular que visa proteger dados confidenciais em tempo de execuc ¸ão [Schneider et al 2022].…”

Section: Front-endunclassified

Sistema de Informação para Agendamento 4.0: Caracterização, UX e LGPD

E. Quincozes,

Kreutz

et al. 2023

iSys

View full text Add to dashboard Cite

A adoção em massa de smartphones está remodelando o mercado de saúde digital. Entre as soluções tecnológicas empregadas nesse mercado, existem aquelas específicas para agendamento de consultas médicas. No entanto, observamos que as soluções existentes ainda são centradas no profissional. Neste trabalho, primeiro (i) categorizamos os modelos de agendamento existentes. Em seguida, (ii) apresentamos um estudo de caso do aplicativo móvel MedBe, que adota o modelo de Agendamento 4.0 para o agendamento de consultas centrado no paciente. Tal estudo se deu baseado na Teoria do Foco no Cliente, que leva em conta a satisfação do cliente durante todo o desenvolvimento e avaliação do software. Nesse contexto, empregamos a técnica de autoavaliação UXUG-AP e uma pesquisa quantitativa usando um questionário baseado nos indicadores e sentenças TAM. Por fim, (iii) abordamos as implicações de segurança digital no modelo de Agendamentos 4.0 sob a ótica da Lei Geral de Proteção de Dados (LGPD). Nossos resultados demonstram que o MedBe atende 84% dos itens da técnica UXUG-AP. Em termos de usabilidade, nossa pesquisa mostra que 68,6% dos participantes consideram o MedBe fácil de usar e 62,9% discordam que usar o aplicativo requer muito esforço mental. Por fim, propomos e implementamos novas funcionalidades para a conformidade do MedBe com a LGPD.

show abstract

SoK: Hardware-supported Trusted Execution Environments

Cited by 8 publications

References 41 publications

Federated learning enables big data for rare cancer boundary detection

Federated learning enables big data for rare cancer boundary detection

Efficient and Timely Revocation of V2X Credentials

Sistema de Informação para Agendamento 4.0: Caracterização, UX e LGPD

Contact Info

Product

Resources

About