TrustJS

Goltzsche, David; Wulf, Colin; Muthukumaran, Divya; Rieck, Konrad; Pietzuch, Peter; Kapitza, Rüdiger

doi:10.1145/3065913.3065917

Cited by 33 publications

(4 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Controlled-channel attacks [61] can leak the secret data. We analysed these attacks against the other frameworks [17,20] executing private algorithms client-side in Section 4.…”

Section: Research Directionmentioning

confidence: 99%

See 1 more Smart Citation

Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves

Küçük

Grawrock²,

Martin

2019

EURASIP J. on Info. Security

View full text Add to dashboard Cite

Many applications are built upon private algorithms, and executing them in untrusted, remote environments poses confidentiality issues. To some extent, these problems can be addressed by ensuring the use of secure hardware in the execution environment; however, an insecure software-stack can only provide limited algorithm secrecy. This paper aims to address this problem, by exploring the components of the Trusted Computing Base (TCB) in hardware-supported enclaves. First, we provide a taxonomy and give an extensive understanding of trade-offs during secure enclave development. Next, we present a case study on existing secret-code execution frameworks; which have bad TCB design due to processing secrets with commodity software in enclaves. This increased attack surface introduces additional footprints on memory that breaks the confidentiality guarantees; as a result, the private algorithms are leaked. Finally, we propose an alternative approach for remote secret-code execution of private algorithms. Our solution removes the potentially untrusted commodity software from the TCB and provides a minimal loader for secret-code execution. Based on our new enclave development paradigm, we demonstrate three industrial templates for cloud applications: 1 computational power as a service, 2 algorithm querying as a service, and 3 data querying as a service.

show abstract

“…Controlled-channel attacks [61] can leak the secret data. We analysed these attacks against the other frameworks [17,20] executing private algorithms client-side in Section 4.…”

Section: Research Directionmentioning

confidence: 99%

“…Both TrustJS [20] and SecureJS [17] frameworks enable a dynamic load of JS code at runtime. These frameworks use the first method described in Section 3.5.…”

Section: Case Study: Leaks On Framework Enabling Confidential Code Ementioning

confidence: 99%

Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves

Küçük

Grawrock²,

Martin

2019

EURASIP J. on Info. Security

View full text Add to dashboard Cite

show abstract

“…TrustJs is a framework for trustworthy execution of security-sensitive JavaScript code inside commodity browsers [168]. It leverages enclaves to protect the client-side execution of JavaScript, enabling a flexible partitioning of web application code.…”

Section: Web and Sgxmentioning

confidence: 99%

“…doing so, general user machines-which are more vulnerable to generic malwares and simpler infection vectors like social engineering-may be regarded as trusted. This brings new possibilities like server processing offloading [168], network monitoring [241] or trusted decentralised P2P networks, as we propose here.…”

Section: Tee In the Client-sidementioning

confidence: 99%

Distributed systems and trusted execution environments : trade-offs and challenges

Pires¹

View full text Add to dashboard Cite

Security and privacy concerns in computer systems have grown in importance with the ubiquity of connected devices. Additionally, cloud computing boosts such distress as private data is stored and processed in multi-tenant infrastructure providers. In recent years, trusted execution environments (TEEs) have caught the attention of scientific and industry communities as they became largely available in user-and server-class machines. TEEs provide security guarantees based on cryptographic constructs built in hardware. Since silicon chips are difficult to probe or reverse engineer, they can offer stronger protection against remote or even physical attacks when compared to their software counterparts. Intel software guard extensions (SGX), in particular, implements powerful mechanisms that can shield sensitive data even from privileged users with full control of system software. Designing secure distributed systems is a notably daunting task, since they involve many coordinated processes running in geographically-distant nodes, therefore having numerous points of attack. In this work, we essentially explore some of these challenges by using Intel SGX as a crucial tool. We do so by designing and experimentally evaluating several elementary systems ranging from communication and processing middleware to a peer-to-peer privacy-preserving solution. We start with support systems that naturally fit cloud deployment scenarios, namely content-based routing, batching and stream processing frameworks. Our communication middleware protects the most critical stage of matching subscriptions against publications inside secure enclaves and achieves substantial performance gains in comparison to traditional software-based equivalents. The processing platforms, in turn, receive encrypted data and code to be executed within the trusted environment. Our prototypes are then used to analyse the manifested memory usage issues intrinsic to SGX. Next, we aim at protecting very sensitive data: cryptographic keys. By leveraging TEEs, we design protocols for group data sharing that have lower computational complexity than legacy methods. As a bonus, our proposals allow large savings on metadata volume and processing time of cryptographic operations, all with equivalent security guarantees. Finally, we focus our attention on privacy-preserving systems. After all, users cannot modify some existing systems like web-search engines, and the providers of these services may keep individual profiles containing sensitive private information about them. We aim at achieving indistinguishability and unlinkability properties by employing techniques like sensitivity analysis, query obfuscation and leveraging relay nodes. Our evaluation shows that we propose the most robust system in comparison to existing solutions with regard to user re-identification rates and results' accuracy in a scalable way. All in all, this thesis proposes new mechanisms that take advantage of TEEs for distributed system architectures. We show through an empirical approach on top of...

show abstract

Centy: Scalable Server-Side Web Integrity Verification System Based on Fuzzy Hashes

Tengana¹,

Solano²,

Castelblanco³

et al. 2021

Detection of Intrusions and Malware, and Vulnerability Assessment

View full text Add to dashboard Cite

TrustJS

Cited by 33 publications

References 20 publications

Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves

Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves

Distributed systems and trusted execution environments : trade-offs and challenges

Centy: Scalable Server-Side Web Integrity Verification System Based on Fuzzy Hashes

Contact Info

Product

Resources

About