Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
166 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Aster: Fixing the Android TEE Ecosystem with Arm CCA (2407.16694v1)

Published 23 Jul 2024 in cs.CR

Abstract: The Android ecosystem relies on either TrustZone (e.g., OP-TEE, QTEE, Trusty) or trusted hypervisors (pKVM, Gunyah) to isolate security-sensitive services from malicious apps and Android bugs. TrustZone allows any secure world code to access the normal world that runs Android. Similarly, a trusted hypervisor has full access to Android running in one VM and security services in other VMs. In this paper, we motivate the need for mutual isolation, wherein Android, hypervisors, and the secure world are isolated from each other. Then, we propose a sandboxed service abstraction, such that a sandboxed execution cannot access any other sandbox, Android, hypervisor, or secure world memory. We present Aster which achieves these goals while ensuring that sandboxed execution can still communicate with Android to get inputs and provide outputs securely. Our main insight is to leverage the hardware isolation offered by Arm Confidential Computing Architecture (CCA). However, since CCA does not satisfy our sandboxing and mutual isolation requirements, Aster repurposes its hardware enforcement to meet its goals while addressing challenges such as secure interfaces, virtio, and protection against interrupts. We implement Aster to demonstrate its feasibility and assess its compatibility. We take three case studies, including one currently deployed on Android phones and insufficiently secured using a trusted hypervisor, to demonstrate that they can be protected by Aster.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (91)
  1. Ahmed Sherif, “Market share of mobile operating systems worldwide from 2009 to 2024, by quarter,” May 2024, (2024). Accessed: Jun 6, 2024. [Online]. Available: https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009/.
  2. Google, “Android Security,” (2024). Accessed: Jun 6, 2024. [Online]. Available: https://source.android.com/docs/security.
  3. D. Cerdeira, N. Santos, P. Fonseca, and S. Pinto, “Sok: Understanding the prevailing security vulnerabilities in trustzone-assisted tee systems,” in 2020 IEEE Symposium on Security and Privacy (SP), 2020, pp. 1416–1432.
  4. P. Jiang, Q. Wang, J. Cheng, C. Wang, L. Xu, X. Wang, Y. Wu, X. Li, and K. Ren, “Boomerang: Metadata-Private messaging under hardware trust,” in 20th USENIX Symposium on Networked Systems Design and Implementation (NSDI 23).   Boston, MA: USENIX Association, Apr. 2023, pp. 877–899. [Online]. Available: https://www.usenix.org/conference/nsdi23/presentation/jiang
  5. Android, “AVF architecture,” (2024). Accessed: Jun 6, 2024. [Online]. Available: https://source.android.com/docs/core/virtualization/architecture.
  6. ARM, “Arm Confidential Compute Architecture (ARM-CCA),” https://www.arm.com/why-arm/architecture/security-features/arm-confidential-compute-architecture.
  7. Z. Ma, X. Tan, L. Ziarek, N. Zhang, H. Hu, and Z. Zhao, “Return-to-non-secure vulnerabilities on arm cortex-m trustzone: Attack and defense,” in 2023 60th ACM/IEEE Design Automation Conference (DAC).   IEEE, 2023, pp. 1–6.
  8. GlobalPlatform, “TEE Client API Specification v1.0 — GPD_SPE_007,” (2024). Accessed: Jun 6, 2024. [Online]. Available: https://globalplatform.org/specs-library/tee-client-api-specification/.
  9. Y. Chen, Y. Zhang, Z. Wang, and T. Wei, “Downgrade attack on trustzone,” arXiv preprint arXiv:1707.05082, 2017.
  10. F. Brasser, D. Gens, P. Jauernig, A.-R. Sadeghi, and E. Stapf, “Sanctuary: Arming trustzone with user-space enclaves.” in NDSS.   NDSS, 2019.
  11. W. Li, Y. Xia, L. Lu, H. Chen, and B. Zang, “Teev: Virtualizing trusted execution environments on mobile platforms,” in Proceedings of the 15th ACM SIGPLAN/SIGOPS international conference on virtual execution environments, 2019, pp. 2–16.
  12. D. Cerdeira, J. Martins, N. Santos, and S. Pinto, “ReZone: Disarming TrustZone with TEE privilege reduction,” in 31st USENIX Security Symposium (USENIX Security 22), 2022, pp. 2261–2279.
  13. Z. Hua, J. Gu, Y. Xia, H. Chen, B. Zang, and H. Guan, “vtz: Virtualizing arm trustzone,” in USENIX Security, 2017.
  14. Qualcomm Innovation Center, Inc., “Gunyah Hypervisor,” (2024). Accessed: Jun 6, 2024. [Online]. Available: https://github.com/quic/gunyah-hypervisor?tab=readme-ov-file.
  15. D. Li, Z. Mi, Y. Xia, B. Zang, H. Chen, and H. Guan, “Twinvisor: Hardware-isolated confidential virtual machines for arm,” in Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles, 2021, pp. 638–654.
  16. Google, “Hafnium,” (2024). Accessed: Jun 6, 2024. [Online]. Available: https://hafnium.googlesource.com/hafnium/+/HEAD/docs/Architecture.md.
  17. D. Kwon, J. Seo, Y. Cho, B. Lee, and Y. Paek, “Pros: Light-weight privatized se cure oses in arm trustzone,” IEEE Transactions on Mobile Computing, vol. 19, no. 6, pp. 1434–1447, 2019.
  18. Y. Zhang, Y. Hu, Z. Ning, F. Zhang, X. Luo, H. Huang, S. Yan, and Z. He, “SHELTER: Extending arm CCA with isolation in user space,” in 32nd USENIX Security Symposium (USENIX Security 23).   Anaheim, CA: USENIX Association, Aug. 2023, pp. 6257–6274. [Online]. Available: https://www.usenix.org/conference/usenixsecurity23/presentation/zhang-yiming
  19. J. Z. Yu, S. Shinde, T. E. Carlson, and P. Saxena, “Elasticlave: An efficient memory model for enclaves,” in 31st USENIX Security Symposium (USENIX Security 22), 2022, pp. 4111–4128.
  20. H. Feng and K. G. Shin, “Bindercracker: Assessing the robustness of android system services,” arXiv preprint arXiv:1604.06964, 2016.
  21. ——, “Understanding and defending the binder attack surface in android,” in Proceedings of the 32nd Annual Conference on Computer Security Applications, 2016, pp. 398–409.
  22. B. Liu, C. Zhang, G. Gong, Y. Zeng, H. Ruan, and J. Zhuge, “{{\{{FANS}}\}}: Fuzzing android native system services via automated interface analysis,” in 29th USENIX Security Symposium (USENIX Security 20), 2020, pp. 307–323.
  23. Jason Parker, “Introducing Arm’s Dynamic TrustZone technology,” (2024). Accessed: Jun 6, 2024. [Online]. Available: https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/introducing-arms-dynamic-trustzone-technology.
  24. Linaro, “OP-TEE,” (2024). Accessed: Jun 6, 2024. [Online]. Available: https://www.trustedfirmware.org/projects/op-tee/.
  25. D. Lee, D. Kohlbrenner, S. Shinde, K. Asanović, and D. Song, “Keystone: An open framework for architecting trusted execution environments,” in EuroSys, 2020.
  26. B. Schlüter, S. Sridhara, A. Bertschi, and S. Shinde, “WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP,” in IEEE S&P, 2024.
  27. B. Schlüter, S. Sridhara, M. Kuhne, A. Bertschi, and S. Shinde, “Heckler: Breaking Confidential VMs with Malicious Interrupts,” in USENIX Security, 2024.
  28. A. Holdings, “Arm architecture reference manual for a-profile architecture,” https://developer.arm.com/documentation/ddi0487/latest/, 2023.
  29. Linaro, “Building an RME stack for QEMU,” (2024). Accessed: Jun 5, 2024. [Online]. Available: https://linaro.atlassian.net/wiki/pages/viewpage.action?pageId=29051027459&pageVersion=40.
  30. ARM and Linaro, “Realm Management Monitor for Qemu, v1.0-eac5,” (2023). Accessed: Jun 5, 2024. [Online]. Available: https://git.codelinaro.org/linaro/dcap/rmm/-/tree/rmm-v1.0-eac5.
  31. ——, “Trusted Firmware for Qemu with CCA, v2.10,” (2023). Accessed: Jun 5, 2024. [Online]. Available: https://git.codelinaro.org/linaro/dcap/tf-a/trusted-firmware-a/-/tree/v1.0-eac5.
  32. Linux and Linaro, “Linux Kernel for Qemu with CCA, v6.7-rc4 ,” (2023). Accessed: Jun 5, 2024. [Online]. Available: https://gitlab.arm.com/linux-arm/linux-cca/-/tree/cca-full/rmm-v1.0-eac5.
  33. Google, “Manifest for Android 13.0.0 Release 12,” (2022). Accessed: Jun 5, 2024. [Online]. Available: https://android.googlesource.com/platform/manifest/+/refs/heads/android-13.0.0_r12.
  34. ——, “Manifest for Android Kernel 15-6.6,” (2024). Accessed: Jun 5, 2024. [Online]. Available: https://android.googlesource.com/kernel/manifest/+/refs/heads/common-android15-6.6.
  35. Android, “Build and run an Android system image targeting the ARM Fixed Virtual Platform or QEMU.” (2024). Accessed: Jun 6, 2024. [Online]. Available: https://cs.android.com/android/platform/superproject/main/+/main:device/generic/goldfish/fvpbase/.
  36. C. Wang, F. Zhang, Y. Deng, K. Leach, J. Cao, Z. Ning, S. Yan, and Z. He, “Cage: Complementing arm cca with gpu extensions.”   ISOC, 2024.
  37. S. Sridhara, A. Bertschi, B. Schlüter, M. Kuhne, F. Aliberti, and S. Shinde, “Acai: Protecting Accelerator Execution with Arm Confidential Computing Architecture,” in USENIX Security, 2024.
  38. Google, “Android Private Compute Services,” (2024). Accessed: Jun 6, 2024. [Online]. Available: https://github.com/google/private-compute-services.
  39. S. Siby, S. Abdollahi, M. Maheri, M. Kogias, and H. Haddadi, “Guarantee: Towards attestable and private ml with cca,” in Proceedings of the 4th Workshop on Machine Learning and Systems, ser. EuroMLSys ’24.   New York, NY, USA: Association for Computing Machinery, 2024, p. 1–9. [Online]. Available: https://doi.org/10.1145/3642970.3655845
  40. Samsung, “Islet,” (2024). Accessed: Jun 6, 2024. [Online]. Available: https://islet-project.github.io/islet/.
  41. Huawei, “Huawei_CCA_QEMU,” (2024). Accessed: Jun 6, 2024. [Online]. Available: https://github.com/Huawei/Huawei_CCA_QEMU.
  42. X. Li, X. Li, C. Dall, R. Gu, J. Nieh, Y. Sait, and G. Stockwell, “Design and verification of the arm confidential compute architecture,” in 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22), 2022, pp. 465–484.
  43. A. C. Fox, G. Stockwell, S. Xiong, H. Becker, D. P. Mulligan, G. Petri, and N. Chong, “A verification methodology for the arm® confidential computing architecture: From a secure specification to safe implementations,” Proceedings of the ACM on Programming Languages, vol. 7, no. OOPSLA1, pp. 376–405, 2023.
  44. X. Li, X. Li, C. Dall, R. Gu, J. Nieh, Y. Sait, G. Stockwell, M. Knight, and C. Garcia-Tobin, “Enabling realms with the arm confidential compute architecture.”
  45. Android, “Trusty TEE,” (2024). Accessed: Jun 6, 2024. [Online]. Available: https://source.android.com/docs/security/features/trusty.
  46. H. Sun, K. Sun, Y. Wang, J. Jing, and H. Wang, “Trustice: Hardware-assisted isolated computing environments on mobile devices,” in 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.   IEEE, 2015, pp. 367–378.
  47. Qualcomm, “Guard your data with the qualcomm snapdragon mobile platform,” (2024). Accessed: Jun 6, 2024. [Online]. Available: https://www.qualcomm.com/content/dam/qcomm-martech/dm-assets/documents/guard_your_data_with_the_qualcomm_snapdragon_mobile_platform2.pdf.
  48. N. Santos, H. Raj, S. Saroiu, and A. Wolman, “Using arm trustzone to build a trusted language runtime for mobile applications,” SIGARCH Comput. Archit. News, vol. 42, no. 1, p. 67–80, feb 2014. [Online]. Available: https://doi.org/10.1145/2654822.2541949
  49. X. Li, H. Hu, G. Bai, Y. Jia, Z. Liang, and P. Saxena, “Droidvault: A trusted data vault for android devices,” in 2014 19th International Conference on Engineering of Complex Computer Systems.   IEEE, 2014, pp. 29–38.
  50. D. Suciu, S. McLaughlin, L. Simon, and R. Sion, “Horizontal privilege escalation in trusted applications,” in 29th USENIX Security Symposium (USENIX Security 20).   USENIX Association, Aug. 2020. [Online]. Available: https://www.usenix.org/conference/usenixsecurity20/presentation/suciu
  51. M. Lentz, R. Sen, P. Druschel, and B. Bhattacharjee, “Secloak: Arm trustzone-based mobile peripheral control,” in Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services, 2018, pp. 1–13.
  52. H. Liu, S. Saroiu, A. Wolman, and H. Raj, “Software abstractions for trusted sensors,” in Proceedings of the 10th international conference on Mobile systems, applications, and services, 2012, pp. 365–378.
  53. W. Li, M. Ma, J. Han, Y. Xia, B. Zang, C.-K. Chu, and T. Li, “Building trusted path on untrusted device drivers for mobile devices,” in Proceedings of 5th Asia-Pacific Workshop on Systems, ser. APSys ’14.   New York, NY, USA: Association for Computing Machinery, 2014.
  54. C. M. Park, D. Kim, D. V. Sidhwani, A. Fuchs, A. Paul, S.-J. Lee, K. Dantu, and S. Y. Ko, “Rushmore: securely displaying static and animated images using trustzone,” in Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services, 2021, pp. 122–135.
  55. Y. Deng, C. Wang, S. Yu, S. Liu, Z. Ning, K. Leach, J. Li, S. Yan, Z. He, J. Cao et al., “Strongbox: A gpu tee on arm endpoints,” in Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022, pp. 769–783.
  56. H. Park and F. X. Lin, “Safe and practical gpu computation in trustzone,” in Proceedings of the Eighteenth European Conference on Computer Systems, 2023, pp. 505–520.
  57. Z. Yao, S. M. Seyed Talebi, M. Chen, A. Amiri Sani, and T. Anderson, “Minimizing a smartphone’s tcb for security-critical programs with exclusively-used, physically-isolated, statically-partitioned hardware,” in Proceedings of the 21st Annual International Conference on Mobile Systems, Applications and Services, 2023, pp. 233–246.
  58. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry, “Towards taming privilege-escalation attacks on android.” in NDSS, vol. 17, 2012, p. 19.
  59. M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach, “Quire: Lightweight provenance for smart phone operating systems,” in USENIX security symposium, vol. 31.   San Francisco, CA;, 2011, p. 3.
  60. M. Busch, A. Machiry, C. Spensky, G. Vigna, C. Kruegel, and M. Payer, “Teezz: Fuzzing trusted applications on cots android devices,” in 2023 IEEE Symposium on Security and Privacy (SP).   IEEE, 2023, pp. 1204–1219.
  61. L. Harrison, H. Vijayakumar, R. Padhye, K. Sen, and M. Grace, “PARTEMU: Enabling dynamic analysis of Real-World TrustZone software using emulation,” in 29th USENIX Security Symposium (USENIX Security 20).   USENIX Association, Aug. 2020, pp. 789–806. [Online]. Available: https://www.usenix.org/conference/usenixsecurity20/presentation/harrison
  62. N. Weichbrodt, A. Kurmus, P. Pietzuch, and R. Kapitza, “Asyncshock: Exploiting synchronisation bugs in intel sgx enclaves,” in Computer Security–ESORICS 2016: 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26-30, 2016, Proceedings, Part I 21.   Springer, 2016, pp. 440–457.
  63. J. R. Sanchez Vicarte, B. Schreiber, R. Paccagnella, and C. W. Fletcher, “Game of threads: Enabling asynchronous poisoning attacks,” in Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems, ser. ASPLOS ’20.   New York, NY, USA: Association for Computing Machinery, 2020, p. 35–52. [Online]. Available: https://doi.org/10.1145/3373376.3378462
  64. J. Van Bulck, D. Oswald, E. Marin, A. Aldoseri, F. D. Garcia, and F. Piessens, “A tale of two worlds: Assessing the vulnerability of enclave shielding runtimes,” in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’19.   New York, NY, USA: Association for Computing Machinery, 2019, p. 1741–1758. [Online]. Available: https://doi.org/10.1145/3319535.3363206
  65. J. Cui, J. Z. Yu, S. Shinde, P. Saxena, and Z. Cai, “Smashex: Smashing sgx enclaves using exceptions,” in Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’21, 2021.
  66. O. S. Hofmann, S. Kim, A. M. Dunn, M. Z. Lee, and E. Witchel, “Inktag: Secure applications on an untrusted operating system,” SIGPLAN Not., vol. 48, no. 4, p. 265–278, Mar. 2013.
  67. M. R. Khandaker, Y. Cheng, Z. Wang, and T. Wei, “Coin attacks: On insecurity of enclave untrusted interfaces in sgx,” in Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems, ser. ASPLOS ’20.   New York, NY, USA: Association for Computing Machinery, 2020, p. 971–985. [Online]. Available: https://doi.org/10.1145/3373376.3378486
  68. F. Alder, L.-A. Daniel, D. Oswald, F. Piessens, and J. Van Bulck, “Pandora: Principled symbolic validation of intel sgx enclave runtimes.”
  69. S. Checkoway and H. Shacham, “Iago attacks: why the system call api is a bad untrusted rpc interface,” ACM SIGARCH Computer Architecture News, vol. 41, no. 1, pp. 253–264, 2013.
  70. T. Cloosters, J. Willbold, T. Holz, and L. Davi, “SGXFuzz: Efficiently synthesizing nested structures for SGX enclave fuzzing,” in 31st USENIX Security Symposium (USENIX Security 22).   Boston, MA: USENIX Association, Aug. 2022, pp. 3147–3164. [Online]. Available: https://www.usenix.org/conference/usenixsecurity22/presentation/cloosters
  71. A. Khan, M. Zou, K. Kim, D. Xu, A. Bianchi, and D. J. Tian, “Fuzzing sgx enclaves via host program mutations,” in 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P), 2023, pp. 472–488.
  72. T. Cloosters, M. Rodler, and L. Davi, “TeeRex: Discovery and exploitation of memory corruption vulnerabilities in SGX enclaves,” in 29th USENIX Security Symposium (USENIX Security 20).   USENIX Association, Aug. 2020, pp. 841–858. [Online]. Available: https://www.usenix.org/conference/usenixsecurity20/presentation/cloosters
  73. Y. Wang, Z. Zhang, N. He, Z. Zhong, S. Guo, Q. Bao, D. Li, Y. Guo, and X. Chen, “Symgx: Detecting cross-boundary pointer vulnerabilities of sgx applications via static symbolic execution,” in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’23.   New York, NY, USA: Association for Computing Machinery, 2023, p. 2710–2724. [Online]. Available: https://doi.org/10.1145/3576915.3623213
  74. J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki, “Flicker: An execution infrastructure for tcb minimization,” in Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, 2008, pp. 315–328.
  75. J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig, “Trustvisor: Efficient tcb reduction and attestation,” in 2010 IEEE Symposium on Security and Privacy.   IEEE, 2010, pp. 143–158.
  76. R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham, “Efficient software-based fault isolation,” in Proceedings of the fourteenth ACM symposium on Operating systems principles, 1993, pp. 203–216.
  77. U. Erlingsson, M. Abadi, M. Vrable, M. Budiu, and G. C. Necula, “Xfi: Software guards for system address spaces,” in Proceedings of the 7th symposium on Operating systems design and implementation, 2006, pp. 75–88.
  78. S. McCamant and G. Morrisett, “Efficient, verifiable binary sandboxing for a cisc architecture,” 2005.
  79. ——, “Evaluating sfi for a cisc architecture.” in USENIX Security Symposium, vol. 10, 2006, pp. 209–224.
  80. Z. Yedidia, “Lightweight fault isolation: Practical, efficient, and secure software sandboxing,” in Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2, 2024, pp. 649–665.
  81. B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar, “Native client: A sandbox for portable, untrusted x86 native code,” Communications of the ACM, vol. 53, no. 1, pp. 91–99, 2010.
  82. D. Sehr, R. Muth, C. Biffle, V. Khimenko, E. Pasko, K. Schimpf, B. Yee, and B. Chen, “Adapting software fault isolation to contemporary {{\{{CPU}}\}} architectures,” in 19th USENIX Security Symposium (USENIX Security 10), 2010.
  83. A. Haas, A. Rossberg, D. L. Schuff, B. L. Titzer, M. Holman, D. Gohman, L. Wagner, A. Zakai, and J. Bastien, “Bringing the web up to speed with webassembly,” in Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, 2017, pp. 185–200.
  84. K. Bhargavan, J. Protzenko, A. Rossberg, and D. Stefan, “Foundations of webassembly,” 2023.
  85. E. Johnson, E. Laufer, Z. Zhao, D. Gohman, S. Narayan, S. Savage, D. Stefan, and F. Brown, “Wave: a verifiably secure webassembly sandboxing runtime,” in 2023 IEEE Symposium on Security and Privacy (SP).   IEEE, 2023, pp. 2940–2955.
  86. S. van Schaik, A. Seto, T. Yurek, A. Batori, B. AlBassam, C. Garman, D. Genkin, A. Miller, E. Ronen, and Y. Yarom, “Sok: Sgx. fail: How stuff get exposed,” 2022.
  87. A. Ahmad, J. Kim, J. Seo, I. Shin, P. Fonseca, and B. Lee, “Chancel: Efficient multi-client isolation under adversarial programs.” in NDSS, 2021.
  88. J. Seo, B. Lee, S. M. Kim, M.-W. Shih, I. Shin, D. Han, and T. Kim, “Sgx-shield: Enabling address space layout randomization for sgx programs.” in NDSS, 2017.
  89. S. Constable, J. V. Bulck, X. Cheng, Y. Xiao, C. Xing, I. Alexandrovich, T. Kim, F. Piessens, M. Vij, and M. Silberstein, “AEX-Notify: Thwarting precise Single-Stepping attacks through interrupt awareness for intel SGX enclaves,” in 32nd USENIX Security Symposium (USENIX Security 23).   Anaheim, CA: USENIX Association, Aug. 2023, pp. 4051–4068. [Online]. Available: https://www.usenix.org/conference/usenixsecurity23/presentation/constable
  90. J. Van Bulck, D. Oswald, E. Marin, A. Aldoseri, F. D. Garcia, and F. Piessens, “A tale of two worlds: Assessing the vulnerability of enclave shielding runtimes,” in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019, pp. 1741–1758.
  91. A. Ahmad, B. Ou, C. Liu, X. Zhang, and P. Fonseca, “Veil: A protected services framework for confidential virtual machines,” in Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 4, 2023, pp. 378–393.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now