To see the other types of publications on this topic, follow the link: Trusted Execution Environments (TEEs).
Journal articles on the topic 'Trusted Execution Environments (TEEs)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Trusted Execution Environments (TEEs).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Abhilash, Kayyidavazhiyil, and Kaipacheri Sheena. "Trusted Execution Environments for Internet of Things Devices." International Journal of Innovative Technology and Exploring Engineering (IJITEE) 11, no. 6 (2022): 45–48. https://doi.org/10.35940/ijitee.F9885.0511622.
Full textAbstract:
<strong>Abstract: </strong>A trusted execution Environment (TEE) could be a comfy place of a computer’s essential processor that's designed to shield the most touchy information and operations. TEEs are utilized in an expansion of applications, which incorporates cell gadgets, price processing, and statistics safety. The usage of TEEs is becoming increasingly crucial because the amount of touchy records that are processed and stored electronically continues to develop. TEEs can help guard statistics from being accessed or changed with the resource of unauthorised customers, and can also assist ensure that facts aren't always compromised at some stage in transmission. TEEs typically applied the employment of specialized hardware that would offer a better degree of protection than software program-most effective solutions. Hardware-primarily based total TEEs can also offer better overall performance and power efficiency than software-handiest solutions. There are some particular TEE implementations to be had, which incorporates Intel’s TXT, ARM’s TrustZone, and Samsung’s KNOX. Each of those implementations has its very personal strengths and weaknesses, so it's miles more crucial to pick the right TEE on your precise software. reckoning on execution environments are becoming an increasing number of necessities because the amount of touchy facts that's processed and stored electronically continues growing. TEEs can assist shield facts from being accessed or modified by means of way of unauthorized customers, and might also help make sure that records aren't compromised at some point of transmission. TEEs normally implemented the employment of specialized hardware, which will offer a far better degree of protection than software program-only answers. To research how this period has been implemented to the exceptional IoT eventualities, which normally address unique characteristics which incorporate device useful resource constraints, we allotted a scientific literature evaluation.
2
Subramanyan, Bala. "Object Capability Model for Tee: A Cheri Based Compartmentalization Approach." International Journal of Security, Privacy and Trust Management 12, no. 3/4 (2023): 23–30. http://dx.doi.org/10.5121/ijsptm.2023.12402.
Full textAbstract:
In this paper, we introduce a capability-driven approach to bolster security and granularity within Trusted Execution Environments (TEEs) [1]. By delivering precise privilege control and fine-grained compartmentalization, we aim to improve TEE security standards. To address vulnerabilities within Trusted Execution Environments (TEEs) and enable selective privilege management and secure object sharing between secure and normal worlds, we introduce a TEE compartmentalization framework based on the CHERI object-capability model. Leveraging DSbD technologies, our framework provides an efficient prototyping environment for developing trusted applications while safeguarding against existing threats. At Verifoxx Ltd, our architecture relies on TEEs to handle sensitive data, encompassing tasks such as extracting client secrets, managing commitments, sharding and executing cryptographic operations for zero-knowledge responses. The proposed approach holds promise where TEEs can enhance transaction security and enterprises seeking data protection. Our approach introduces in-enclave compartments with controlled communication, facilitating domain transitions through sealed data capability delegations and hardware-assisted call/return mechanisms. This enables application layer compartmentalization by modularly separating concerns within the secure world, emphasising single responsibility, least privileges, and information hiding from unprivileged compartments. Furthermore, we ensure the integrity of lower-layer hardware and OS properties, effectively thwarting compromise attempts.
3
Wen, Sheng, Liam Xu, Liwei Tian, Suping Liu, and Yong Ding. "TeeDFuzzer: Fuzzing Trusted Execution Environment." Electronics 14, no. 8 (2025): 1674. https://doi.org/10.3390/electronics14081674.
Full textAbstract:
The Trusted Execution Environment (TEE) is crucial for safeguarding the ecosystem of embedded systems. It uses isolation to minimize the TCB (Trusted Computing Base) and protect sensitive software. It is vital because devices handle vast, potentially sensitive data. Leveraging ARM TrustZone, widely used in mobile and IoT for TEEs, it ensures hardware protection via security extensions, though needing firmware and software stack support. Despite the reputation of TEEs for high security, TrustZone-aided ones have vulnerabilities. Fuzzing, as a practical bug-finding technique, has seen limited research in the context of TEE. The unique software architecture of TrustZone-assisted TEE complicates the direct application of traditional fuzzing methods. Moreover, simplistic approaches, such as feeding random input values into TEE through the API functions of the rich operating system, fail to uncover deeper, latent bugs within the TEE code. In this paper, we present a fuzzing strategy for TrustZone-assisted TEE that utilizes inferred dependencies between Trusted Kernel system calls to uncover deep-seated TEE bugs. We implemented our approach on OP-TEE, where it successfully identified 17 crashes, including one previously undetected kernel bug.
4
Musale, Pratik, and Adam Lee. "Trust TEE?: Exploring the Impact of Trusted Execution Environments on Smart Home Privacy Norms." Proceedings on Privacy Enhancing Technologies 2023, no. 3 (2023): 5–23. http://dx.doi.org/10.56553/popets-2023-0067.
Full textAbstract:
IoT devices like smart cameras and speakers provide convenience but can collect sensitive information within private spaces. While research has investigated user perception of comfort with information flows originating from these types of devices, little focus has been given to the role of the sensing hardware in influencing these sentiments. Given the proliferation of trusted execution environments (TEEs) across commodity- and server-class devices, we surveyed 1049 American adults using the Contextual Integrity framework to understand how the inclusion of cloud-based TEEs in IoT ecosystems may influence comfort with data collection and use. We find that cloud-based TEEs significantly increase user comfort across information flows. These increases are more pronounced for devices manufactured by smaller companies and show that cloud-based TEEs can bridge the previously-documented gulfs in user trust between small and large companies. Sentiments around consent, bystander data, and indefinite retention are unaffected by the presence of TEEs, indicating the centrality of these norms.
5
Meftah, Souhail, Shuhao Zhang, Bharadwaj Veeravalli, and Khin Mi Mi Aung. "Revisiting the Design of Parallel Stream Joins on Trusted Execution Environments." Algorithms 15, no. 6 (2022): 183. http://dx.doi.org/10.3390/a15060183.
Full textAbstract:
The appealing properties of secure hardware solutions such as trusted execution environment (TEE) including low computational overhead, confidentiality guarantee, and reduced attack surface have prompted considerable interest in adopting them for secure stream processing applications. In this paper, we revisit the design of parallel stream join algorithms on multicore processors with TEEs. In particular, we conduct a series of profiling experiments to investigate the impact of alternative design choices to parallelize stream joins on TEE including: (1) execution approaches, (2) partitioning schemes, and (3) distributed scheduling strategies. From the profiling study, we observe three major high-performance impediments: (a) the computational overhead introduced with cryptographic primitives associated with page swapping operations, (b) the restrictive Enclave Page Cache (EPC) size that limits the supported amount of in-memory processing, and (c) the lack of vertical scalability to support the increasing workload often required for near real-time applications. Addressing these issues allowed us to design SecJoin, a more efficient parallel stream join algorithm that exploits modern scale-out architectures with TEEs rendering no trade-offs on security whilst optimizing performance. We present our model-driven parameterization of SecJoin and share our experimental results which have shown up to 4-folds of improvements in terms of throughput and latency.
6
Han, Shumin, Kuixing Shen, Derong Shen, and Chuang Wang. "Enhanced Multi-Party Privacy-Preserving Record Linkage Using Trusted Execution Environments." Mathematics 12, no. 15 (2024): 2337. http://dx.doi.org/10.3390/math12152337.
Full textAbstract:
With the world’s data volume growing exponentially, it becomes critical to link it and make decisions. Privacy-preserving record linkage (PPRL) aims to identify all the record information corresponding to the same entity from multiple data sources, without disclosing sensitive information. Previous works on multi-party PPRL methods typically adopt homomorphic encryption technology due to its ability to perform computations on encrypted data without needing to decrypt it first, thus maintaining data confidentiality. However, these methods have notable shortcomings, such as the risk of collusion among participants leading to the potential disclosure of private keys, high computational costs, and decreased efficiency. The advent of trusted execution environments (TEEs) offers a solution by protecting computations involving private data through hardware isolation, thereby eliminating reliance on trusted third parties, preventing malicious collusion, and improving efficiency. Nevertheless, TEEs are vulnerable to side-channel attacks. In this work, we propose an enhanced PPRL method based on TEE technology. Our methodology involves processing plaintext data within a TEE using the inner product mask technique, which effectively obfuscates the data, making it impervious to side-channel attacks. The experimental results demonstrate that our approach not only significantly improves resistance to side-channel attacks but also enhances efficiency, showing better performance and privacy preservation compared to existing methods. This work provides a robust solution to the challenges faced by current PPRL methods and sets the stage for future research aimed at further enhancing scalability and security.
7
Singh, Jatinder, Jennifer Cobbe, Do Le Quoc, and Zahra Tarkhani. "Enclaves in the Clouds." Queue 18, no. 6 (2020): 78–114. http://dx.doi.org/10.1145/3442632.3448126.
Full textAbstract:
With organizational data practices coming under increasing scrutiny, demand is growing for mechanisms that can assist organizations in meeting their data-management obligations. TEEs (trusted execution environments) provide hardware-based mechanisms with various security properties for assisting computation and data management. TEEs are concerned with the confidentiality and integrity of data, code, and the corresponding computation. Because the main security properties come from hardware, certain protections and guarantees can be offered even if the host privileged software stack is vulnerable.
8
Maliszewski, Kajetan, Jorge-Arnulfo Quiané-Ruiz, Jonas Traub, and Volker Markl. "What is the price for joining securely?" Proceedings of the VLDB Endowment 15, no. 3 (2021): 659–72. http://dx.doi.org/10.14778/3494124.3494146.
Full textAbstract:
Protection of personal data has been raised to be among the top requirements of modern systems. At the same time, it is now frequent that the owner of the data and the owner of the computing infrastructure are two entities with limited trust between them (e. g., volunteer computing or the hybrid-cloud). Recently, trusted execution environments (TEEs) became a viable solution to ensure the security of systems in such environments. However, the performance of relational operators in TEEs remains an open problem. We conduct a comprehensive experimental study to identify the main bottlenecks and challenges when executing relational equi-joins in TEEs. For this, we introduce TEEbench, a framework for unified benchmarking of relational operators in TEEs, and use it for conducting our experimental evaluation. In a nutshell, we perform the following experimental analysis for eight core join algorithms: off-the-shelf performance; the performance implications of data sealing and obliviousness; sensitivity and scalability. The results show that all eight join algorithms significantly suffer from different performance bottlenecks in TEEs. They can be up to three orders of magnitude slower in TEEs than on plain CPUs. Our study also indicates that existing join algorithms need a complete, hardware-aware redesign to be efficient in TEEs, and that, in secure query plans, managing TEE features is equally important to join selection.
9
Crocetti, Luca, Pietro Nannipieri, Stefano Di Matteo, and Sergio Saponara. "Design Methodology and Metrics for Robust and Highly Qualified Security Modules in Trusted Environments." Electronics 12, no. 23 (2023): 4843. http://dx.doi.org/10.3390/electronics12234843.
Full textAbstract:
Cyberattacks and cybercriminal activities constitute one of the biggest threats in the modern digital era, and the frequency, efficiency, and severity of attacks have grown over the years. Designers and producers of digital systems try to counteract such issues by exploiting increasingly robust and advanced security mechanisms to provide secure execution environments aimed at preventing cyberattacks or, in the worst case, at containing intrusions by isolation. One of the most significative examples comes from General Purpose Processor (GPP) manufacturers such as Intel, AMD, and ARM, which in the last years adopted the integration of dedicated resources to provide Trusted Execution Environments (TEEs) or secure zones. TEEs are built layer by layer on top of an implicitly trusted component, the Root-of-Trust (RoT). Since each security chain is only as strong as its weakest link, each element involved in the construction of a TEE starting from the RoT must be bulletproof as much as possible. In this work, we revise and propose a design methodology to implement in both hardware (HW) and software (SW) highly featured and robust security blocks by highlighting the key points that designers should take care of, and the key metrics that should be used to evaluate the security level of the developed modules. We also include an analysis of the state of the art concerning RoT-based TEEs, and we illustrate a case study that documents the implementation of a cryptographic coprocessor for the secure subsystem of the Rhea GPP from the European Processor Initiative (EPI) project, according to the presented methodology. This work can be used by HW/SW security module designers as a cutting-edge guideline.
10
Khurshid, Anum, Sileshi Demesie Yalew, Mudassar Aslam, and Shahid Raza. "TEE-Watchdog: Mitigating Unauthorized Activities within Trusted Execution Environments in ARM-Based Low-Power IoT Devices." Security and Communication Networks 2022 (May 25, 2022): 1–21. http://dx.doi.org/10.1155/2022/8033799.
Full textAbstract:
Trusted execution environments (TEEs) are on the rise in devices all around us ranging from large-scale cloud-based solutions to resource-constrained embedded devices. With the introduction of ARM TrustZone-M, hardware-assisted trusted execution is now supported in IoT nodes. TrustZone-M provides isolated execution of security-critical operations and sensitive data-generating peripherals. However, TrustZone-M, like all other TEEs, does not provide a mechanism to monitor operations in the trusted areas of the device and software in the secure areas of an IoT device has access to the entire secure and nonsecure software stack. This is crucial due to the diversity of device manufacturers and component suppliers in the market, which manifests trust issues, especially when third-party peripherals are incorporated into a TEE. Compromised TEEs can be misused for industrial espionage, data exfiltration through system backdoors, and illegal data sharing. It is of utmost importance here that system peripheral behaviour in terms of resource access is in accordance with their intended usage that is specified during integration. We propose TEE-Watchdog, a lightweight framework that establishes MPU protections for secure system peripherals in TrustZone-enabled low-end IoT devices. TEE-Watchdog ensures blocking unauthorized peripheral accesses and logging of application misbehaviour running in the TEE based on a manifest file. We define lightweight specifications and structure for the application manifest file enlisting permissions for critical system peripherals using concise binary object representation (CBOR). We implement and evaluate TEE-Watchdog using a Musca-A2 test chipboard. Our microbenchmark evaluations on CPU time and RAM usage demonstrated the practicality of TEE-Watchdog. Securing the system peripherals using TEE-Watchdog protections induced a 1.4% overhead on the latency of peripheral accesses, which was 61 microseconds on our test board. Our optimized CBOR-encoded manifest file template also showed a decrease in manifest file size by 40% as compared to the standard file formats, e.g., JSON.
11
Niu, Yue, Ramy E. Ali, and Salman Avestimehr. "3LegRace: Privacy-Preserving DNN Training over TEEs and GPUs." Proceedings on Privacy Enhancing Technologies 2022, no. 4 (2022): 183–203. http://dx.doi.org/10.56553/popets-2022-0105.
Full textAbstract:
Leveraging parallel hardware (e.g. GPUs) for deep neural network (DNN) training brings high computing performance. However, it raises data privacy concerns as GPUs lack a trusted environment to protect the data. Trusted execution environments (TEEs) have emerged as a promising solution to achieve privacypreserving learning. Unfortunately, TEEs’ limited computing power renders them not comparable to GPUs in performance. To improve the trade-off among privacy, computing performance, and model accuracy, we propose an asymmetric model decomposition framework, AsymML, to (1) accelerate training using parallel hardware; and (2) achieve a strong privacy guarantee using TEEs and differential privacy (DP) with much less accuracy compromised compared to DP-only methods. By exploiting the low-rank characteristics in training data and intermediate features, AsymML asymmetrically decomposes inputs and intermediate activations into low-rank and residual parts. With the decomposed data, the target DNN model is accordingly split into a trusted and an untrusted part. The trusted part performs computations on low-rank data, with low compute and memory costs. The untrusted part is fed with residuals perturbed by very small noise. Privacy, computing performance, and model accuracy are well managed by respectively delegating the trusted and the untrusted part to TEEs and GPUs. We provide a formal DP guarantee that demonstrates that, for the same privacy guarantee, combining asymmetric data decomposition and DP requires much smaller noise compared to solely using DP without decomposition. This improves the privacy-utility trade-off significantly compared to using only DP methods without decomposition. Furthermore, we present a rank bound analysis showing that the low-rank structure is preserved after each layer across the entire model. Our extensive evaluations on DNN models show that AsymML delivers 7.6× speedup in training compared to the TEE-only executions while ensuring privacy. We also demonstrate that AsymML is effective in protecting data under common attacks such as model inversion and gradient attacks.
12
Bocci, Alessandro, Stefano Forti, Roberto Guanciale, Gian-Luigi Ferrari, and Antonio Brogi. "Secure Partitioning of Cloud Applications, with Cost Look-Ahead." Future Internet 15, no. 7 (2023): 224. http://dx.doi.org/10.3390/fi15070224.
Full textAbstract:
The security of Cloud applications is a major concern for application developers and operators. Protecting users’ data confidentiality requires methods to avoid leakage from vulnerable software and unreliable Cloud providers. Recently, trusted execution environments (TEEs) emerged in Cloud settings to isolate applications from the privileged access of Cloud providers. Such hardware-based technologies exploit separation kernels, which aim at safely isolating the software components of applications. In this article, we propose a methodology to determine safe partitionings of Cloud applications to be deployed on TEEs. Through a probabilistic cost model, we enable application operators to select the best trade-off partitioning in terms of future re-partitioning costs and the number of domains. To the best of our knowledge, no previous proposal exists addressing such a problem. We exploit information-flow security techniques to protect the data confidentiality of applications by relying on declarative methods to model applications and their data flow. The proposed solution is assessed by executing a proof-of-concept implementation that shows the relationship among the future partitioning costs, number of domains and execution times.
13
Liu, Songran, Nan Guan, Zhishan Guo, and Wang Yi. "MiniTEE—A Lightweight TrustZone-Assisted TEE for Real-Time Systems." Electronics 9, no. 7 (2020): 1130. http://dx.doi.org/10.3390/electronics9071130.
Full textAbstract:
While trusted execution environments (TEEs) provide industry standard security and isolation, TEE requests through secure monitor calls (SMCs) attribute to large time overhead and weakened temporal predictability. Moreover, as current available TEE solutions are designed for Linux and/or Android initially, it will encounter many constraints (e.g., driver libraries incompatible, large memory footprint, etc.) when integrating with low-end Real-Time Operating Systems, RTOSs. In this paper, we present MiniTEE to understand, evaluate and discuss the benefits and limitations when integrating TrustZone-assisted TEEs with RTOSs. We demonstrate how MiniTEE can be adequately exploited for meeting the real-time needs, while presenting a low performance overhead to the rich OSs (i.e., low-end RTOSs).
14
Dr., Harish Joshi, Ashok Bawge Prof., Uzma Kausar Prof., et al. "SARA: Safe Remote Authorization for Android." Research and Applications: Emerging Technologies 7, no. 2 (2025): 28–38. https://doi.org/10.5281/zenodo.15590555.
Full textAbstract:
<em>Modern smartphones now come equipped with Trusted Execution Environments (TEEs), which provide robust security even against attackers with full control over the standard operating system, such as Linux on Android. While both researchers and manufacturers have proposed using TEEs to enhance authorization security, these approaches often fall short due to practical limitations and incomplete security guarantees. To overcome these challenges, this paper introduces SARA (Secure Android Remote Authorization), an Android library that leverages existing TEE-supported Android APIs to provide secure, end-to-end remote authorization. SARA is practical because it uses pre-existing features in modern Android devices without requiring changes to the OS or the TEE's TrustZone code. As a result, it can be seamlessly integrated into current apps on existing smartphones. Additionally, SARA is designed for ease of use, enabling developers even those without a background in security to implement strong authorization protocols. To validate its effectiveness, we conducted a user study to evaluate SARA’s usability and formally verified its security guarantees using the Pro Verif tool.</em>
15
Pereira, Sérgio, Tiago Gomes, Jorge Cabral, and Sandro Pinto. "TREE: Bridging the gap between reconfigurable computing and secure execution." IACR Transactions on Cryptographic Hardware and Embedded Systems 2025, no. 3 (2025): 115–38. https://doi.org/10.46586/tches.v2025.i3.115-138.
Full textAbstract:
Trusted Execution Environments (TEEs) have become a pivotal technology for securing a wide spectrum of security-sensitive applications. With modern computing systems shifting to heterogeneous architectures, integrating TEE support into these systems is paramount. One promising line of research has proposed leveraging FPGA technology to provide promising TEE solutions. Despite their potential, current implementations of FPGA-based TEEs have a set of drawbacks. Some solutions (i.e., MeetGo and ShEF) prioritize the secure loading of reconfigurable modules but lack compatibility with established legacy TEE specifications and services. On the other hand, those that aim to establish legacy compatibility (i.e., TEEOD and BYOTee) fail to fully utilize the dynamic reconfigurability and parallel processing capabilities inherent in FPGAs. In this context, we introduce Trusted Reconfigurable Execution Environments (TREE), a novel framework that fulfills the gaps existing in current FPGA-based TEE approaches. TREE enables system designers to fully leverage the reconfigurability capabilities of FPGAs without compromising compatibility with existing TEE specifications. Our reference TREE implementation ensures secure execution of user-customized hardware, legacy software trusted applications (TAs), and TAs that combine both custom hardware and software components, by fully exploiting the FPGA’s dynamic partial reconfiguration capabilities. TREE’s root of trust relies on conventional SoC-FPGA mechanisms including secure initial reconfiguration and memory protection, to ensure the initial bitstream integrity is kept after loaded and that reconfiguration access is restricted to the FPGA fabric after boot. Additionally, TREE provides essential TEE services within the FPGA fabric, including secure storage and cryptographic functions, enabling TAs to securely store sensitive data and perform critical operations in an isolated environment. Our evaluation on an entry-level FPGA, involved assessing TREE using microbenchmarks and real-world applications to compare its hardware costs and performance speedups against OP-TEE. The results showed that TREE’s hardware costs are minimal, while it achieves significant performance speedups, especially when compared to hardware TAs. For empirical demonstrations, we assess two real-world TA examples on TREE: an access control authenticator and a Bitcoin wallet.
16
Choi, Joseph I., and Kevin R. B. Butler. "Secure Multiparty Computation and Trusted Hardware: Examining Adoption Challenges and Opportunities." Security and Communication Networks 2019 (April 2, 2019): 1–28. http://dx.doi.org/10.1155/2019/1368905.
Full textAbstract:
When two or more parties need to compute a common result while safeguarding their sensitive inputs, they use secure multiparty computation (SMC) techniques such as garbled circuits. The traditional enabler of SMC is cryptography, but the significant number of cryptographic operations required results in these techniques being impractical for most real-time, online computations. Trusted execution environments (TEEs) provide hardware-enforced isolation of code and data in use, making them promising candidates for making SMC more tractable. This paper revisits the history of improvements to SMC over the years and considers the possibility of coupling trusted hardware with SMC. This paper also addresses three open challenges: (1) defeating malicious adversaries, (2) mobile-friendly TEE-supported SMC, and (3) a more general coupling of trusted hardware and privacy-preserving computation.
17
Ritesh, Kumar. "Confidential Computing in Public Cloud: Architectures for Privacy-Preserving Workloads." INTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH AND CREATIVE TECHNOLOGY 11, no. 3 (2025): 1–11. https://doi.org/10.5281/zenodo.15437185.
Full textAbstract:
Confidential computing is rapidly emerging as a critical technology for enabling privacy-preserving workloads in public cloud environments. By leveraging hardware-based trusted execution environments (TEEs), sensitive data can remain encrypted in memory during processing, significantly mitigating risks associated with cloud provider access, malicious insiders, and advanced persistent threats. This paper explores architectural patterns and design considerations for deploying privacy-sensitive applications utilizing confidential computing capabilities offered by major public cloud providers. We analyze various approaches for integrating TEEs into cloud-native frameworks, addressing key challenges related to data ingress/egress, attestation, key management, and the orchestration of confidential workloads. Furthermore, we discuss the trade-offs associated with performance, compatibility, and application lifecycle management. The proposed architectural blueprints aim to provide a practical foundation for technical architects designing systems that demand strong data confidentiality guarantees while harnessing the scalability and flexibility of the public cloud.
18
Ravindar, Reddy Gopireddy. "Confidential Computing: The Key to Secure Data Collaboration in the Cloud." Journal of Scientific and Engineering Research 10, no. 6 (2023): 271–76. https://doi.org/10.5281/zenodo.13348618.
Full textAbstract:
Data security and privacy are becoming particularly Read more... While most traditional security mechanisms address data at rest and in transit, they rarely help protect data during use. Confidential computing eliminates this key barrier by using hardware-based Trusted Execution Environments (TEEs) and secure enclaves to guard data at every stage of its journey. This research article decodes the principles and technology on which confining computing is founded, lately its utilization for augmenting cloud security, complications with solutions. Using some real-life cases and current trend analysis this post demonstrates that confidential computing is a step forward for cloud data collaboration.
19
Li, Xiang, Fabing Li, and Mingyu Gao. "Flare: A Fast, Secure, and Memory-Efficient Distributed Analytics Framework." Proceedings of the VLDB Endowment 16, no. 6 (2023): 1439–52. http://dx.doi.org/10.14778/3583140.3583158.
Full textAbstract:
As big data processing in the cloud becomes prevalent today, data privacy on such public platforms raises critical concerns. Hardware-based trusted execution environments (TEEs) provide promising and practical platforms for low-cost privacy-preserving data processing. However, using TEEs to enhance the security of data analytics frameworks like Apache Spark involves challenging issues when separating various framework components into trusted and untrusted domains, demanding meticulous considerations for programmability, performance, and security. Based on Intel SGX, we build Flare, a fast, secure, and memory-efficient data analytics framework with a familiar user programming interface and useful functionalities similar to Apache Spark. Flare ensures confidentiality and integrity by keeping sensitive data and computations encrypted and authenticated. It also supports oblivious processing to protect against access pattern side channels. The main innovations of Flare include a novel abstraction paradigm of shadow operators and shadow tasks to minimize trusted components and reduce domain switch overheads, memory-efficient data processing with proper granularities for different operators, and adaptive parallelization based on memory allocation intensity for better scalability. Flare outperforms the state-of-the-art secure framework by 3.0× to 176.1×, and is also 2.8× to 28.3× faster than a monolithic libOS-based integration approach.
20
Fei, Shufan, Zheng Yan, Wenxiu Ding, and Haomeng Xie. "Security Vulnerabilities of SGX and Countermeasures." ACM Computing Surveys 54, no. 6 (2021): 1–36. http://dx.doi.org/10.1145/3456631.
Full textAbstract:
Trusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of the most representative TEEs that creates an isolated environment on an untrusted operating system, thus providing run-time protection for the execution of security-critical code and data. However, Intel SGX is far from the acme of perfection. It has become a target of various attacks due to its security vulnerabilities. Researchers and practitioners have paid attention to the security vulnerabilities of SGX and investigated optimization solutions in real applications. Unfortunately, existing literature lacks a thorough review of security vulnerabilities of SGX and their countermeasures. In this article, we fill this gap. Specifically, we propose two sets of criteria for estimating security risks of existing attacks and evaluating defense effects brought by attack countermeasures. Furthermore, we propose a taxonomy of SGX security vulnerabilities and shed light on corresponding attack vectors. After that, we review published attacks and existing countermeasures, as well as evaluate them by employing our proposed criteria. At last, on the strength of our survey, we propose some open challenges and future directions in the research of SGX security.
21
Janak Bharat Bhalla. "Safeguarding sensitive data with confidential computing." World Journal of Advanced Engineering Technology and Sciences 15, no. 2 (2025): 421–27. https://doi.org/10.30574/wjaets.2025.15.2.0505.
Full textAbstract:
Confidential computing emerges as a transformative solution in modern data protection, addressing critical vulnerabilities in cloud environments and digital infrastructure. By implementing hardware-based security mechanisms through Trusted Execution Environments (TEEs), organizations can now protect sensitive information throughout their entire computational lifecycle. The technology revolutionizes secure data processing across healthcare, financial services, government, and IoT sectors, enabling unprecedented levels of privacy and security. With innovations in homomorphic encryption, confidential virtual machines, and secure AI processing, organizations can harness the power of cloud computing while maintaining stringent data protection standards. The integration of these advanced security measures creates new possibilities for secure collaboration, data sharing, and privacy-preserving computation in an increasingly interconnected digital landscape.
22
Ashwini B N and Yashodha H R. "Optimizing data privacy and security in heterogeneous edge-to-cloud architectures: Leveraging confidential computing to enable secure distributed computations in decentralized environments." World Journal of Advanced Research and Reviews 6, no. 2 (2020): 275–80. https://doi.org/10.30574/wjarr.2020.6.2.0125.
Full textAbstract:
Data privacy and security in heterogeneous edge-to-cloud architectures have become increasingly critical due to the distributed nature of modern computing environments. Confidential computing techniques, such as trusted execution environments (TEEs) and homomorphic encryption, provide a promising approach to secure sensitive data while it is being processed across edge and cloud systems. However, challenges persist in achieving efficient and secure computations due to the dynamic and decentralized characteristics of these environments. This research proposes a novel framework that leverages confidential computing technologies to optimize data privacy and security across heterogeneous edge-to-cloud architectures. The framework integrates TEEs with advanced encryption methods to ensure secure processing of sensitive data while maintaining low latency and high throughput. The proposed model is evaluated using several real-world edge-to-cloud datasets and scenarios, focusing on the performance in terms of data confidentiality, computational efficiency, and scalability. Experimental results demonstrate that the proposed framework outperforms existing solutions, achieving enhanced security without compromising system performance. The findings highlight the potential of confidential computing in enabling secure, distributed computations across edge-to-cloud environments, ensuring both privacy and security in emerging decentralized computing paradigms.
23
Aliyu, Ahmed Abubakar, Mohammed Ibrahim, and Sa’adatu Abdulkadir. "A Blockchain‑Enhanced Deep Learning Approach for Intrusion Detection in Trusted Execution Environments." Digital Technologies Research and Applications 4, no. 1 (2025): 135–57. https://doi.org/10.54963/dtra.v4i1.962.
Full textAbstract:
Traditional Intrusion Detection Systems (IDSs) face significant challenges in keeping pace with the rapidly evolving landscape of cyber threats, primarily due to limitations in continuous learning and the accuracy of data classification and analysis. This often results in delayed detection and leaves networks susceptible to severe attacks. This paper introduces an innovative IDS empowered by blockchain technology to mitigate these shortcomings, leveraging continuous learning and self‑adaptive neural networks. The proposed system adopts a proactive approach by continuously assimilating intrusion logs, utilizing a Long Short‑Term Memory (LSTM) core to discern patterns and enhance its real‑time threat detection capabilities, removing a major bottleneck in traditional IDS models by eliminating the need for manual tagging. To further strengthen the security measures, self‑updating neural networks are embedded in each block of the blockchain, forming a decentralized “brain” that evolves defences against even the most sophisticated adversaries. These networks are securely housed in Trusted Execution Environments (TEEs) to maintain operational integrity, enabling tamper‑proof operation and effective threat detection. Real‑world evaluations conducted on the Binance Smart Chain and Ethereum Classic datasets demonstrate the system’s superior performance. With an impressive accuracy rate of 98.50% and a minimal false positive rate of 1.50%, the model demonstrates a remarkable ability to distinguish legitimate network activity from malicious intrusions.
24
Reddy, Annapureddy Venkata Sai Kumar, and Gourinath Banda. "ElasticPay: Instant Peer-to-Peer Offline Extended Digital Payment System." Sensors 24, no. 24 (2024): 8034. https://doi.org/10.3390/s24248034.
Full textAbstract:
The widespread reliance on paper-based currency poses significant drawbacks, such as counterfeiting, lack of transparency, and environmental impacts. While Central Bank Digital Currencies (CBDCs) address many of these issues, their dependence on continuous internet connectivity limits their usability in scenarios with poor or no network access. To overcome such limitations, this paper introduces ElasticPay, a novel Peer-to-Peer (P2P) Offline Digital Payment System that leverages advanced hardware security measures realised through Trusted Platform Modules (TPMs), Trusted Execution Environments (TEEs), and Secure Elements (SEs). ElasticPay ensures transaction privacy, unforgeability, and immediate settlement while preventing double spending. Our approach integrates robust recovery mechanisms and provides a scalable solution for diverse environments. Extensive experimentation validates the system’s reliability and practicality, highlighting its potential to advance secure and inclusive CBDC ecosystems. We demonstrate the proposed solution implementation on the iPhone mobilephone because it has an inbuilt Secure Enclave, which is an integrated implementation of the necessary TPM, TEE, and SE functionalities.
25
Gao, Haotian, Cong Yue, Tien Tuan Anh Dinh, Zhiyong Huang, and Beng Chin Ooi. "Enabling Secure and Efficient Data Analytics Pipeline Evolution with Trusted Execution Environment." Proceedings of the VLDB Endowment 16, no. 10 (2023): 2485–98. http://dx.doi.org/10.14778/3603581.3603589.
Full textAbstract:
Modern data analytics pipelines are highly dynamic, as they are constantly monitored and fine-tuned by both data engineers and scientists. Recent systems managing pipelines ease creating, deploying, and tracking their evolution. However, privacy concerns emerge as many of them are deployed on the public cloud with less or no trust. Unfortunately, the unique nature of pipelines prevents the adoption of existing confidential computing techniques with different computational patterns and large performance overhead. Being a potential approach, trusted execution environments (TEEs) are efficient in protecting the confidentiality and integrity of data and computation. However, fast-changing pipelines with latency requirements bring the challenge of reducing the cold start overhead --- the main bottleneck in the latest TEE. To support end-to-end private pipeline evolution, we present SecCask, a TEE-based data analytics pipeline management system. SecCask overcomes the problems of a naive design that isolates complete pipeline execution in one enclave by administering enclaves and runtimes. To reduce cold start overheads, our approach consists of reusing trusted runtimes for different pipeline components and caching them to avoid the cost of initialization. We leverage the latest Intel SGX to conduct experiments on representative workloads. The results demonstrate that SecCask reduces the total execution time by 68.4% compared to not reusing, is faster than running all components in one enclave, and incurs a modest average performance overhead of 29.9% over insecure baselines.
26
Koutroumpouchos, Nikolaos, Christoforos Ntantogian, and Christos Xenakis. "Building Trust for Smart Connected Devices: The Challenges and Pitfalls of TrustZone." Sensors 21, no. 2 (2021): 520. http://dx.doi.org/10.3390/s21020520.
Full textAbstract:
TrustZone-based Trusted Execution Environments (TEEs) have been utilized extensively for the implementation of security-oriented solutions for several smart intra and inter-connected devices. Although TEEs have been promoted as the starting point for establishing a device root of trust, a number of published attacks against the most broadly utilized TEE implementations request a second view on their security. The aim of this research is to provide an analytical and educational exploration of TrustZone-based TEE vulnerabilities with the goal of pinpointing design and implementation flaws. To this end, we provide a taxonomy of TrustZone attacks, analyze them, and more importantly derive a set of critical observations regarding their nature. We perform a critical appraisal of the vulnerabilities to shed light on their underlying causes and we deduce that their manifestation is the joint effect of several parameters that lead to this situation. The most important ones are the closed implementations, the lack of security mechanisms, the shared resource architecture, and the absence of tools to audit trusted applications. Finally, given the severity of the identified issues, we propose possible improvements that could be adopted by TEE implementers to remedy and improve the security posture of TrustZone and future research directions.
27
Peringanji, Deepika. "Unlocking the Future: Privacy-Preserving ML Experimentation." International Journal for Research in Applied Science and Engineering Technology 12, no. 5 (2024): 350–56. http://dx.doi.org/10.22214/ijraset.2024.60969.
Full textAbstract:
Abstract: Experiments with machine learning (ML) have become a key source of new ideas in many fields. However, growing worries about data privacy have made it clear that we need ML testing methods that protect privacy. There are new technologies in this piece that let you play around with machine learning without putting your data at risk. Differential privacy, secure multiparty computation (SMPC), homomorphic encryption, federated learning, trusted execution environments (TEEs), making fake data, and using temporary and nameless IDs are some of these technologies. By using these privacy-protecting solutions, businesses can utilize the full potential of machine learning experiments while protecting individuals' privacy rights and staying in line with strict rules.
28
Jones, Michael, Matthew Johnson, Mark Shervey, Joel T. Dudley, and Noah Zimmerman. "Privacy-Preserving Methods for Feature Engineering Using Blockchain: Review, Evaluation, and Proof of Concept." Journal of Medical Internet Research 21, no. 8 (2019): e13600. http://dx.doi.org/10.2196/13600.
Full textAbstract:
Background The protection of private data is a key responsibility for research studies that collect identifiable information from study participants. Limiting the scope of data collection and preventing secondary use of the data are effective strategies for managing these risks. An ideal framework for data collection would incorporate feature engineering, a process where secondary features are derived from sensitive raw data in a secure environment without a trusted third party. Objective This study aimed to compare current approaches based on how they maintain data privacy and the practicality of their implementations. These approaches include traditional approaches that rely on trusted third parties, and cryptographic, secure hardware, and blockchain-based techniques. Methods A set of properties were defined for evaluating each approach. A qualitative comparison was presented based on these properties. The evaluation of each approach was framed with a use case of sharing geolocation data for biomedical research. Results We found that approaches that rely on a trusted third party for preserving participant privacy do not provide sufficiently strong guarantees that sensitive data will not be exposed in modern data ecosystems. Cryptographic techniques incorporate strong privacy-preserving paradigms but are appropriate only for select use cases or are currently limited because of computational complexity. Blockchain smart contracts alone are insufficient to provide data privacy because transactional data are public. Trusted execution environments (TEEs) may have hardware vulnerabilities and lack visibility into how data are processed. Hybrid approaches combining blockchain and cryptographic techniques or blockchain and TEEs provide promising frameworks for privacy preservation. For reference, we provide a software implementation where users can privately share features of their geolocation data using the hybrid approach combining blockchain with TEEs as a supplement. Conclusions Blockchain technology and smart contracts enable the development of new privacy-preserving feature engineering methods by obviating dependence on trusted parties and providing immutable, auditable data processing workflows. The overlap between blockchain and cryptographic techniques or blockchain and secure hardware technologies are promising fields for addressing important data privacy needs. Hybrid blockchain and TEE frameworks currently provide practical tools for implementing experimental privacy-preserving applications.
29
KUM BERTRAND KUM, Dr. Austin Oguejiofor Amaechi, and Prof Tonye Emmanuel. "Securing National Cloud and Edge Infrastructure: A Case Study Inspired by Camtel (Cameroon)." International Journal of Latest Technology in Engineering Management & Applied Science 14, no. 5 (2025): 514–27. https://doi.org/10.51583/ijltemas.2025.140500054.
Full textAbstract:
Abstract: As cloud and edge computing evolve into foundational elements of national digital infrastructure, security concerns remain at the forefront, particularly in emerging markets like Cameroon. This study examines the security challenges within Camtel’s cloud-edge ecosystem, identifying critical vulnerabilities, evaluating mitigation strategies, and proposing a multi-layered security framework. We integrate AI-enhanced Intrusion Detection Systems (AI-IDS), Trusted Execution Environments (TEEs), and Blockchain-based audit logging to strengthen authentication, data integrity, and threat detection. Through STRIDE-based threat modeling and experimental validation, we assess security-performance trade-offs, quantifying latency, throughput, and power consumption impacts across various configurations. Results indicate that while TEEs and AI-IDS significantly enhance system resilience, they introduce resource overhead that requires careful optimization. The study provides strategic recommendations for secure cloud-edge adoption, contributing to Cameroon’s national cybersecurity framework while offering insights applicable to broader edge computing deployments. The study also highlights current threats, evaluates Camtel’s evolving infrastructure, and proposes actionable security frameworks to ensure resilience, data sovereignty, and trust in public services.
30
Samarth Shah and Neil Choksi. "Confidential computing for serverless workloads: Secure and scalable data processing in untrusted environments." World Journal of Advanced Engineering Technology and Sciences 14, no. 3 (2025): 086–104. https://doi.org/10.30574/wjaets.2025.14.3.0067.
Full textAbstract:
Confidential Computing for Serverless Workloads: Secure and Scalable Data Processing in Untrusted Environments As the adoption of serverless architectures grows, the need to address data privacy and security concerns in cloud-based environments becomes critical. Serverless workloads, by design, allow developers to focus on code without managing infrastructure, leading to operational efficiency and scalability. However, this model introduces challenges related to the trustworthiness of the cloud provider, where sensitive data may be exposed to malicious actors within the system. Confidential computing, a new paradigm that leverages hardware-based trusted execution environments (TEEs), offers a solution by enabling secure processing of sensitive data even in untrusted environments. This paper explores the integration of confidential computing with serverless workloads to provide secure data processing while maintaining scalability and performance. By utilizing TEEs such as Intel SGX, confidential computing ensures that data remains encrypted during processing, mitigating risks of data leaks and attacks such as side-channel and privilege escalation. The paper investigates how serverless platforms can leverage confidential computing to safeguard both user data and application logic while enabling the flexibility and elasticity inherent in serverless architectures. We discuss the challenges of implementing confidential computing in serverless environments, including compatibility with existing frameworks, performance overhead, and regulatory concerns. The potential for improved data privacy and compliance in industries such as finance, healthcare, and government is also highlighted, showcasing how this technology can address the growing need for secure cloud computing solutions.
31
Stavrakakis, Dimitrios, Dimitra Giantsidi, Maurice Bailleu, Philip Sändig, Shady Issa, and Pramod Bhatotia. "Anchor: A Library for Building Secure Persistent Memory Systems." Proceedings of the ACM on Management of Data 1, no. 4 (2023): 1–31. http://dx.doi.org/10.1145/3626718.
Full textAbstract:
Cloud infrastructure is experiencing a shift towards disaggregated setups, especially with the introduction of the Compute Express Link (CXL) technology, where byte-addressable ersistent memory (PM) is becoming prominent. To fully utilize the potential of such devices, it is a necessity to access them through network stacks with equivalently high levels of performance (e.g., kernel-bypass, RDMA). While, these advancements are enabling the development of high-performance data management systems, their deployment on untrusted cloud environments also increases the security threats. To this end, we present Anchor, a library for building secure PM systems. Anchor provides strong hardware-assisted security properties, while ensuring crash consistency. Anchor exposes APIs for secure data management within the realms of the established PM programming model, targeting byte-addressable storage devices. Anchor leverages trusted execution environments (TEE) and extends their security properties on PM. While TEE's protected memory region provides a strong foundation for building secure systems, the key challenge is that: TEEs are fundamentally incompatible with PM and kernel-bypass networking approaches-in particular, TEEs are neither designed to protect untrusted non-volatile PM, nor the protected region can be accessed via an untrusted DMA connection. To overcome this challenge, we design a PM engine that ensures strong security properties for the PM data, using confidential and authenticated PM data structures, while preserving crash consistency through a secure logging protocol. We further extend the PM engine to provide remote PM data operations via a secure network stack and a formally verified remote attestation protocol to form an end-to-end system. Our evaluation shows that Anchor incurs reasonable overheads, while providing strong security properties.
32
Kapsoulis, Nikolaos, Alexandros Psychas, Antonios Litke, and Theodora Varvarigou. "Reinforcing SLA Consensus on Blockchain." Computers 10, no. 12 (2021): 159. http://dx.doi.org/10.3390/computers10120159.
Full textAbstract:
Cloud Infrastructure as a Service (IaaS) Service Level Agreements (SLAs) assessment constitutes the de facto area of interest and applications in the public cloud infrastructure. However, the domination of colossal corporations tends to monopolize the way metrics and Key Performance Indicators (KPIs) are measured and determined, leading to governed environments where the clientele is unable to obtain accurate and unbiased assessment of SLAs. Leaning toward SLA self-assessment, this paper provides a fair SLA consensus approach with innate transparency and privacy by leveraging permissioned blockchains that are equipped with Trusted Execution Environments (TEEs). The SLA assessment intelligence is performed inside enclaved smart contracts isolated from the on-chain entities views. The result constitutes a permissioned blockchain ecosystem where the IaaS and their clientele commonly agree on all the respective SLA monitoring and computation rules beforehand, as defined in any SLA assessment process, while the SLA consensus scheme constantly audits the SLA metrics based on these pre-approved regulations.
33
Sabbani, Goutham. "Confidential Computing in the Cloud: An Overview." International Journal of Computing and Engineering 6, no. 3 (2024): 43–48. http://dx.doi.org/10.47941/ijce.2179.
Full textAbstract:
Major financial institutions like Goldman Sachs and JP Morgan have employed these hardware-based trusted execution environments (TEEs) and reported a 50% reduction in data breaches and a 40% increase in customer trust. Daily, these companies do billions of transactions in the cloud, leveraging confidentiality computing to ensure the privacy and integrity of their sensitive data. Over the years, confidential computing has evolved significantly, and the emergence of technology to safeguard sensitive information from malicious insiders and external threats now encompasses advanced and complex cryptographic techniques and hardware innovations, offering robust security assurances for cloud-based operations. In this paper, we will talk about foundational technologies and implementation strategies for the core of confidential computing. We will explore benefits, including performance trade-offs and integration complexities. Furthermore, the paper will highlight real-world applications and use cases, showcasing how industries such as finance, healthcare, and government leverage confidential computing to enhance data security and complicate cloud environments.
34
Kato, Fumiyuki, Yang Cao, and Masatoshi Yoshikawa. "Olive: Oblivious Federated Learning on Trusted Execution Environment against the Risk of Sparsification." Proceedings of the VLDB Endowment 16, no. 10 (2023): 2404–17. http://dx.doi.org/10.14778/3603581.3603583.
Full textAbstract:
Combining Federated Learning (FL) with a Trusted Execution Environment (TEE) is a promising approach for realizing privacy-preserving FL, which has garnered significant academic attention in recent years. Implementing the TEE on the server side enables each round of FL to proceed without exposing the client's gradient information to untrusted servers. This addresses usability gaps in existing secure aggregation schemes as well as utility gaps in differentially private FL. However, to address the issue using a TEE, the vulnerabilities of server-side TEEs need to be considered---this has not been sufficiently investigated in the context of FL. The main technical contribution of this study is the analysis of the vulnerabilities of TEE in FL and the defense. First, we theoretically analyze the leakage of memory access patterns, revealing the risk of sparsified gradients, which are commonly used in FL to enhance communication efficiency and model accuracy. Second, we devise an inference attack to link memory access patterns to sensitive information in the training dataset. Finally, we propose an oblivious yet efficient aggregation algorithm to prevent memory access pattern leakage. Our experiments on real-world data demonstrate that the proposed method functions efficiently in practical scales.
35
Cabrera-Gutiérrez, Antonio J., Encarnación Castillo, Antonio Escobar-Molero, Juan Cruz-Cozar, Diego P. Morales, and Luis Parrilla. "Secure Sensor Prototype Using Hardware Security Modules and Trusted Execution Environments in a Blockchain Application: Wine Logistic Use Case." Electronics 12, no. 13 (2023): 2987. http://dx.doi.org/10.3390/electronics12132987.
Full textAbstract:
The security of Industrial Internet of Things (IIoT) systems is a challenge that needs to be addressed immediately, as the increasing use of new communication paradigms and the abundant use of sensors opens up new opportunities to compromise these types of systems. In this sense, technologies such as Trusted Execution Environments (TEEs) and Hardware Security Modules (HSMs) become crucial for adding new layers of security to IIoT systems, especially to edge nodes that incorporate sensors and perform continuous measurements. These technologies, coupled with new communication paradigms such as Blockchain, offer a high reliability, robustness and good interoperability between them. This paper proposes the design of a secure sensor incorporating the above mentioned technologies—HSMs and a TEE—in a hardware device based on a dual-core architecture. Through this combination of technologies, one of the cores collects the data extracted by the sensors and implements the security mechanisms to guarantee the integrity of these data, while the remaining core is responsible for sending these data through the appropriate communication protocol. This proposed approach fits into the Blockchain networks, which act as an Oracle. Finally, to illustrate the application of this concept, a use case applied to wine logistics is described, where this secure sensor is integrated into a Blockchain that collects data from the storage and transport of barrels, and a performance evaluation of the implemented prototype is provided.
36
Gaud, Prof V. Y. "SeGShare: Secure Group File Sharing in the Cloud using Enclaves." International Journal for Research in Applied Science and Engineering Technology 13, no. 5 (2025): 1047–52. https://doi.org/10.22214/ijraset.2025.70327.
Full textAbstract:
File sharing applications using cloud storage are in- creasingly popular for personal and business use. Due to data pro- tection concerns, end-to-end encryption is often a desired feature of these applications. Many attempts at designing cryptographic solutions fail to be adopted due to missing relevant features. We present SeGShare, a new architecture for end-toend encrypted, group-based file sharing using trusted execution environments (TEE), e.g., Intel SGX. SeGShare is the first solution to protect the confidentiality and integrity of all data and management files; enforce immediate permission and membership revocations; support deduplication; and mitigate rollback attacks. Next to authentication, authorization and file system management, our implementation features an optimized TLS layer that enables high throughput and low latency. The encryption overhead of our implementation is extremely small in computation and storage resources. Our enclave code comprises less than 8500 lines of code enabling efficient mitigation of common pitfalls in deploying code to TEEs.
37
Malkoochi, Ramchander. "Confidential Computing for Privacy-Preserving Fraud Analytics." European Journal of Computer Science and Information Technology 13, no. 24 (2025): 115–228. https://doi.org/10.37745/ejcsit.2013/vol13n24115228.
Full textAbstract:
Confidential computing represents a transformative paradigm in fraud analytics, providing robust protection for sensitive financial data throughout the processing lifecycle. By leveraging Trusted Execution Environments (TEEs) such as Intel SGX and AMD SEV, financial institutions can analyze transaction patterns, detect anomalies, and collaborate across organizational boundaries while maintaining data confidentiality. The technology addresses the fundamental tension between effective fraud detection and privacy protection through hardware-based isolation mechanisms that secure data even during computation. This comprehensive overview explores how confidential computing enhances fraud analytics through privacy-preserving machine learning, secure multi-party computation, and cryptographic integrity guarantees. The implementation pathways through cloud platforms enable financial organizations to deploy these solutions within existing infrastructure while acknowledging the challenges related to performance, scalability, and hardware constraints as these technologies mature alongside complementary approaches like homomorphic encryption and blockchain integration, confidential computing positions itself as the cornerstone of privacy-preserving fraud analytics in an increasingly data-sensitive financial ecosystem.
38
Mahbub, Khaled, Antonio Nehme, Mohammad Patwary, Marc Lacoste, and Sylvain Allio. "FIVADMI: A Framework for In-Vehicle Anomaly Detection by Monitoring and Isolation." Future Internet 16, no. 8 (2024): 288. http://dx.doi.org/10.3390/fi16080288.
Full textAbstract:
Self-driving vehicles have attracted significant attention in the automotive industry that is heavily investing to reach the level of reliability needed from these safety critical systems. Security of in-vehicle communications is mandatory to achieve this goal. Most of the existing research to detect anomalies for in-vehicle communication does not take into account the low processing power of the in-vehicle Network and ECUs (Electronic Control Units). Also, these approaches do not consider system level isolation challenges such as side-channel vulnerabilities, that may arise due to adoption of new technologies in the automotive domain. This paper introduces and discusses the design of a framework to detect anomalies in in-vehicle communications, including side channel attacks. The proposed framework supports real time monitoring of data exchanges among the components of in-vehicle communication network and ensures the isolation of the components in in-vehicle network by deploying them in Trusted Execution Environments (TEEs). The framework is designed based on the AUTOSAR open standard for automotive software architecture and framework. The paper also discusses the implementation and evaluation of the proposed framework.
39
Qiu, Lina, Georgios Kellaris, Nikos Mamoulis, Kobbi Nissim, and George Kollios. "Doquet: Differentially Oblivious Range and Join Queries with Private Data Structures." Proceedings of the VLDB Endowment 16, no. 13 (2023): 4160–73. http://dx.doi.org/10.14778/3625054.3625055.
Full textAbstract:
Most cloud service providers offer limited data privacy guarantees, discouraging clients from using them for managing their sensitive data. Cloud providers may use servers with Trusted Execution Environments (TEEs) to protect outsourced data, while supporting remote querying. However, TEEs may leak access patterns and allow communication volume attacks, enabling an honest-but-curious cloud provider to learn sensitive information. Oblivious algorithms can be used to completely hide data access patterns, but their high overhead could render them impractical. To alleviate the latter, the notion of Differential Obliviousness (DO) has been recently proposed. DO applies differential privacy (DP) on access patterns while hiding the communication volume of intermediate and final results; it does so by trading some level of privacy for efficiency. We present Doquet: D ifferentially O blivious Range and Join Que ries with Private Data Struc t ures, a framework for DO outsourced database systems. Doquet is the first approach that supports private data structures, indices, selection, foreign key join, many-to-many join, and their composition select-join in a realistic TEE setting, even when the accesses to the private memory can be eavesdropped on by the adversary. We prove that the algorithms in Doquet satisfy differential obliviousness. Furthermore, we implemented Doquet and tested it on a machine having a second generation of Intel SGX (TEE); the results show that Doquet offers up to an order of magnitude speedup in comparison with other fully oblivious and differentially oblivious approaches.
40
Wilke, Luca, Jan Wichelmann, Anja Rabich, and Thomas Eisenbarth. "SEV-Step A Single-Stepping Framework for AMD-SEV." IACR Transactions on Cryptographic Hardware and Embedded Systems 2024, no. 1 (2023): 180–206. http://dx.doi.org/10.46586/tches.v2024.i1.180-206.
Full textAbstract:
The ever increasing popularity and availability of Trusted Execution Environments (TEEs) had a stark influence on microarchitectural attack research in academia, as their strong attacker model both boosts existing attack vectors and introduces several new ones. While many works have focused on Intel SGX, other TEEs like AMD SEV have recently also started to receive more attention. A common technique when attacking SGX enclaves is single-stepping, where the system’s APIC timer is used to interrupt the enclave after every instruction. Single-stepping increases the temporal resolution of subsequent microarchitectural attacks to a maximum. A key driver in the proliferation of this complex attack technique was the SGX-Step framework, which offered a stable reference implementation for single-stepping and a relatively easy setup. In this paper, we demonstrate that SEV VMs can also be reliably single-stepped. To lay the foundation for further microarchitectural attack research against SEV, we introduce the reusable SEV-Step framework. Besides reliable single-stepping, SEV-Step provides easy access to common attack primitives like page fault tracking and cache attacks against SEV. All features can be used interactively from user space. We demonstrate SEV-Step’s capabilities by carrying out an end-toend cache attack against SEV that leaks the volume key of a LUKS2-encrypted disk. Finally, we show for the first time that SEV is vulnerable to Nemesis-style attacks, which allow to extract information about the type and operands of single-stepped instructions from SEV-protected VMs.
41
Muñoz, Antonio. "Cracking the Core: Hardware Vulnerabilities in Android Devices Unveiled." Electronics 13, no. 21 (2024): 4269. http://dx.doi.org/10.3390/electronics13214269.
Full textAbstract:
As Android devices become more prevalent, their security risks extend beyond software vulnerabilities to include critical hardware weaknesses. This paper provides a comprehensive and systematic review of hardware-related vulnerabilities in Android systems, which can bypass even the most sophisticated software defenses. We compile and analyze an extensive range of reported vulnerabilities, introducing a novel categorization framework to facilitate a deeper understanding of these risks, classified by affected hardware components, vulnerability type, and the potential impact on system security. The paper addresses key areas such as memory management flaws, side-channel attacks, insecure system-on-chip (SoC) resource allocation, and cryptographic vulnerabilities. In addition, it examines feasible countermeasures, including hardware-backed encryption, secure boot mechanisms, and trusted execution environments (TEEs), to mitigate the risks posed by these hardware threats. By contextualizing hardware vulnerabilities within the broader security architecture of Android devices, this review emphasizes the importance of hardware security in ensuring system integrity and resilience. The findings serve as a valuable resource for both researchers and security professionals, offering insights into the development of more robust defenses against the emerging hardware-based threats faced by Android devices.
42
Wang, Yanping, Xiaosong Zhang, Xiaofen Wang, Teng Hu, Peng Lu, and Mingyong Yin. "Security Enhancements for Data-Driven Systems: A Blockchain-Based Trustworthy Data Sharing Scheme." Security and Communication Networks 2022 (October 11, 2022): 1–11. http://dx.doi.org/10.1155/2022/1317626.
Full textAbstract:
With the increasingly prominent value of big data, data sharing within enterprises and organizations has become increasingly popular, and many institutions have established data centers to achieve effective data storage and sharing. Meanwhile, cyberspace data security and privacy have become the most critical issue that people are concerned about since shared data often involves commercial secrets and sensitive information. At present, data encryption techniques have been applied to protect the security of the sensitive data stored in and shared by the data centers. However, the challenges of efficient data sharing, secure management of decryption keys, deduplication of the plaintext, and transparency and auditability of the data access arise. These challenges may obstruct the development of data sharing in data-driven systems. To meet these challenges, we propose a secure and trustworthy data sharing scheme and introduce blockchain, proxy re-encryption (PRE), and trusted execution environments (TEEs) into the data-driven systems. Our scheme mainly enables (1) automatic distribution and management of the decryption keys, (2) reduction of the reduplicative data, and (3) trustworthy data sharing and recording. Finally, we implement the proposed scheme and compare it with other existing schemes. It is demonstrated that our scheme reduces the computation and communication overhead.
43
Köhler, Jens, and Henry Förster. "Trusted Execution Environments im Fahrzeug." ATZelektronik 11, no. 5 (2016): 38–43. http://dx.doi.org/10.1007/s35658-016-0080-0.
Full text
44
Köhler, Jens, and Henry Förster. "Trusted Execution Environments in Vehicles." ATZelektronik worldwide 11, no. 5 (2016): 36–41. http://dx.doi.org/10.1007/s38314-016-0074-y.
Full text
45
Kohlbrenner, David, Shweta Shinde, Dayeol Lee, Krste Asanovic, and Dawn Song. "Building Open Trusted Execution Environments." IEEE Security & Privacy 18, no. 5 (2020): 47–56. http://dx.doi.org/10.1109/msec.2020.2990649.
Full text
46
Anciaux, Nicolas, Luc Bouganim, Philippe Pucheral, lulian Sandu Popa, and Guillaume Scerri. "Personal database security and trusted execution environments." Proceedings of the VLDB Endowment 12, no. 12 (2019): 1994–97. http://dx.doi.org/10.14778/3352063.3352118.
Full text
47
Jauernig, Patrick, Ahmad-Reza Sadeghi, and Emmanuel Stapf. "Trusted Execution Environments: Properties, Applications, and Challenges." IEEE Security & Privacy 18, no. 2 (2020): 56–60. http://dx.doi.org/10.1109/msec.2019.2947124.
Full text
48
Witharana, Hasini, Hansika Weerasena, and Prabhat Mishra. "Formal Verification of Virtualization-Based Trusted Execution Environments." IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 43, no. 11 (2024): 4262–73. http://dx.doi.org/10.1109/tcad.2024.3443008.
Full text
49
Zeng, Fanlang, Rui Chang, and Hongjian Liu. "Freesia: Verifying Correctness of TEE Communication with Concurrent Separation Logic." Proceedings of the ACM on Software Engineering 2, ISSTA (2025): 2045–67. https://doi.org/10.1145/3728967.
Full textAbstract:
The Trusted Execution Environment (TEE), a security extension in modern processors, provides a secure runtime environment for sensitive code and data. Although TEEs are designed to protect applications and their private data, their large code bases often harbor vulnerabilities that could compromise data security. Even though some formal verification efforts have been directed toward the functionality and security of TEE standards and implementations, the verification of TEE correctness in concurrent scenarios remains insufficient. This paper introduces an enhancement for ensuring concurrency safety in TEEs, named Freesia, which is formally verified using concurrent separation logic. Through a thorough analysis of the GlobalPlatform TEE standards, Freesia addresses data race issues in the TEE communication interfaces and ensures consistency protection for shared memory between the client and the TEE. A prototype of Freesia is implemented in the open-source TEE platform, OP-TEE. Additionally, the concurrency correctness of Freesia is modeled and verified using the Iris concurrent separation logic framework. The effectiveness and efficiency of Freesia are further demonstrated through real-world case study and performance evaluations.
50
Sasy, Sajin, and Ian Goldberg. "ConsenSGX: Scaling Anonymous Communications Networks with Trusted Execution Environments." Proceedings on Privacy Enhancing Technologies 2019, no. 3 (2019): 331–49. http://dx.doi.org/10.2478/popets-2019-0050.
Full textAbstract:
Abstract Anonymous communications networks enable individuals to maintain their privacy online. The most popular such network is Tor, with about two million daily users; however, Tor is reaching limits of its scalability. One of the main scalability bottlenecks of Tor and similar network designs originates from the requirement of distributing a global view of the servers in the network to all network clients. This requirement is in place to avoid epistemic attacks, in which adversaries who know which parts of the network certain clients do and do not know about can rule in or out those clients from being responsible for particular network traffic. In this work, we introduce a novel solution to this scalability problem by leveraging oblivious RAM constructions and trusted execution environments in order to enable clients to fetch only the parts of the network view they require, without the directory servers learning which parts are being fetched. We compare the performance of our design with the current Tor mechanism and other related works to show one to two orders of magnitude better performance from an end-to-end perspective. We analyse the requirements to actually deploy such a scheme today and conclude that it would only require a small fraction (<2.5%) of the relays to have the required hardware support; moreover, these relays can perform their roles with minimal network bandwidth requirements.