Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
167 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Confidential Consortium Framework: Secure Multiparty Applications with Confidentiality, Integrity, and High Availability (2310.11559v1)

Published 17 Oct 2023 in cs.CR and cs.DC

Abstract: Confidentiality, integrity protection, and high availability, abbreviated to CIA, are essential properties for trustworthy data systems. The rise of cloud computing and the growing demand for multiparty applications however means that building modern CIA systems is more challenging than ever. In response, we present the Confidential Consortium Framework (CCF), a general-purpose foundation for developing secure stateful CIA applications. CCF combines centralized compute with decentralized trust, supporting deployment on untrusted cloud infrastructure and transparent governance by mutually untrusted parties. CCF leverages hardware-based trusted execution environments for remotely verifiable confidentiality and code integrity. This is coupled with state machine replication backed by an auditable immutable ledger for data integrity and high availability. CCF enables each service to bring its own application logic, custom multiparty governance model, and deployment scenario, decoupling the operators of nodes from the consortium that governs them. CCF is open-source and available now at https://github.com/microsoft/CCF.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (132)
  1. S-FaaS: Trustworthy and Accountable Function-as-a-Service Using Intel SGX. In Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop (London, United Kingdom) (CCSW’19). Association for Computing Machinery, New York, NY, USA, 185–199. https://doi.org/10.1145/3338466.3358916
  2. Enterprise Ethereum Alliance. 2021. Enterprise Ethereum Alliance Off-Chain Trusted Compute Specification v1.1. https://entethalliance.github.io/trusted-computing/spec.html [Last accessed: 2023-Oct-06].
  3. AMD. 2021. Microsoft Azure Confidential Computing Powered by 3rd Gen EPYC CPUs. https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796 [Last accessed: 2023-Oct-06].
  4. Nimble: Rollback Protection for Confidential Cloud Services. In 17th USENIX Symposium on Operating Systems Design and Implementation (OSDI 23). USENIX Association, Boston, MA, 193–208. https://www.usenix.org/system/files/osdi23-angel.pdf
  5. Azure SQL Database Always Encrypted. In Proceedings of the 2020 International Conference on Management of Data (Portland, OR, USA) (SIGMOD ’20). Association for Computing Machinery, New York, NY, USA, 1511–1525. https://doi.org/10.1145/3318464.3386141
  6. FastVer: Making Data Integrity a Commodity. In Proceedings of the 2021 International Conference on Management of Data (Virtual Event, China) (SIGMOD ’21). Association for Computing Machinery, New York, NY, USA, 89–101. https://doi.org/10.1145/3448016.3457312
  7. ARM. 2013. GlobalPlatform based Trusted Execution Environment and TrustZone Ready - The foundations for trusted services. https://community.arm.com/cfs-file/__key/telligent-evolution-components-attachments/01-2142-00-00-00-00-51-36/GlobalPlatform-based-Trusted-Execution-Environment-and-TrustZone-R.pdf [Last accessed: 2023-Oct-06].
  8. ARM. 2023. Learn the architecture - Introducing Arm Confidential Compute Architecture - Issue 2.0. https://developer.arm.com/documentation/den0125/latest [Last accessed: 2023-Oct-06].
  9. A View of Cloud Computing. Commun. ACM 53, 4 (apr 2010), 50–58. https://doi.org/10.1145/1721654.1721672
  10. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (Savannah, GA, USA) (OSDI’16). USENIX Association, USA, 689–703. https://www.usenix.org/system/files/conference/osdi16/osdi16-arnautov.pdf
  11. Avocado: A Secure In-Memory Distributed Storage System. In 2021 USENIX Annual Technical Conference (USENIX ATC 21). USENIX Association, USA, 65–79. https://www.usenix.org/system/files/atc21-bailleu.pdf
  12. Speicher: Securing LSM-Based Key-Value Stores Using Shielded Execution. In Proceedings of the 17th USENIX Conference on File and Storage Technologies (Boston, MA, USA) (FAST’19). USENIX Association, USA, 173–190. https://www.usenix.org/system/files/fast19-bailleu.pdf
  13. Shielding Applications from an Untrusted Cloud with Haven. ACM Trans. Comput. Syst. 33, 3, Article 8 (aug 2015), 26 pages. https://doi.org/10.1145/2799647
  14. Hybrids on Steroids: SGX-Based High Performance BFT. In Proceedings of the Twelfth European Conference on Computer Systems (Belgrade, Serbia) (EuroSys ’17). Association for Computing Machinery, New York, NY, USA, 222–237. https://doi.org/10.1145/3064176.3064213
  15. bellard. 2021. QuickJS. https://bellard.org/quickjs/ [Last accessed: 2023-Oct-06].
  16. Mihir Bellare and Phillip Rogaway. 1995. Optimal asymmetric encryption - How to Encrypt with RSA. In Advances in Cryptology — EUROCRYPT’94, Alfredo De Santis (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 92–111. https://doi.org/10.1007/BFb0053428
  17. Move: A Language With Programmable Resources. Technical Report. Calibra. https://developers.diem.com/papers/diem-move-a-language-with-programmable-resources/2019-06-18.pdf [Last accessed: 2023-Oct-06].
  18. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280. https://doi.org/10.17487/RFC5280
  19. ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 3917–3934. https://www.usenix.org/system/files/sec22-borrello.pdf
  20. Blockchain and Trusted Computing: Problems, Pitfalls, and a Solution for Hyperledger Fabric. arXiv:1805.08541 [cs.DC] https://arxiv.org/abs/1805.08541
  21. Rollback and Forking Detection for Trusted Execution Environments Using Lightweight Collective Memory. In 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE Computer Society, USA, 157–168. https://doi.org/10.1109/DSN.2017.45
  22. SecureKeeper: Confidential ZooKeeper Using Intel SGX. In Proceedings of the 17th International Middleware Conference (Trento, Italy) (Middleware ’16). Association for Computing Machinery, New York, NY, USA, Article 14, 13 pages. https://doi.org/10.1145/2988336.2988350
  23. Mark Cavage and Manu Sporny. 2019. Signing HTTP Messages. Internet-Draft draft-cavage-http-signatures-12. Internet Engineering Task Force. https://datatracker.ietf.org/doc/draft-cavage-http-signatures/12/ Work in Progress.
  24. Shanwei Cen and Bo Zhang. 2017. Trusted Time and Monotonic Counters with Intel Software Guard Extensions Platform Services. Technical Report. Intel. https://community.intel.com/legacyfs/online/drupal_files/managed/1b/a2/Intel-SGX-Platform-Services.pdf [Last accessed: 2023-Oct-06].
  25. FASTER: A Concurrent Key-Value Store with In-Place Updates. In Proceedings of the 2018 International Conference on Management of Data (Houston, TX, USA) (SIGMOD ’18). Association for Computing Machinery, New York, NY, USA, 275–290. https://doi.org/10.1145/3183713.3196898
  26. Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE Computer Society, USA, 185–200. https://doi.org/10.1109/EuroSP.2019.00023
  27. ConsenSys. 2022. Quorum. https://github.com/ConsenSys/quorum [Last accessed: 2023-Oct-06].
  28. Kata Containers. 2021. [RFC] [WIP] Confidential Computing Enablement. https://github.com/kata-containers/kata-containers/issues/1332 [Last accessed: 2023-Oct-06].
  29. Kata Containers. 2022. Kata Containers. https://github.com/kata-containers [Last accessed: 2023-Oct-06].
  30. Corda. 2022. Corda. https://github.com/corda/corda [Last accessed: 2023-Oct-06].
  31. Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. Cryptology ePrint Archive, Paper 2016/086. https://eprint.iacr.org/2016/086
  32. Dynamic Binary Translation for SGX Enclaves. ACM Trans. Priv. Secur. 25, 4, Article 32 (jul 2022), 40 pages. https://doi.org/10.1145/3532862
  33. DAMYSUS: Streamlined BFT Consensus Leveraging Trusted Components. In Proceedings of the Seventeenth European Conference on Computer Systems (Rennes, France) (EuroSys ’22). Association for Computing Machinery, New York, NY, USA, 1–16. https://doi.org/10.1145/3492321.3519568
  34. Why Should I Trust Your Code? Confidential Computing Enables Users to Authenticate Code Running in TEEs, but Users Also Need Evidence This Code is Trustworthy. Queue 21, 4 (sep 2023), 94–122. https://doi.org/10.1145/3623460
  35. W. Diffie and M. Hellman. 1976. New directions in cryptography. IEEE Transactions on Information Theory 22, 6 (1976), 644–654. https://doi.org/10.1109/TIT.1976.1055638
  36. Benchmarking the Second Generation of Intel SGX Hardware. In Data Management on New Hardware (Philadelphia, PA, USA) (DaMoN’22). Association for Computing Machinery, New York, NY, USA, Article 5, 8 pages. https://doi.org/10.1145/3533737.3535098
  37. Open Enclave. 2022. Open Enclave SDK. https://github.com/openenclave/openenclave [Last accessed: 2023-Oct-06].
  38. etcd v3.5. 2021. Operations Guide: Runtime reconfiguration - Cluster reconfiguration operations. https://etcd.io/docs/v3.1/op-guide/runtime-configuration/#cluster-reconfiguration-operations [Last accessed: 2023-Oct-06].
  39. Treaty: Secure Distributed Transactions. In 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE Computer Society, USA, 14–27. https://doi.org/10.1109/DSN53405.2022.00015
  40. The Knowledge Complexity of Interactive Proof Systems. SIAM J. Comput. 18, 1 (feb 1989), 186–208. https://doi.org/10.1137/0218012
  41. Diablo: A Benchmark Suite for Blockchains. In Proceedings of the Eighteenth European Conference on Computer Systems (Rome, Italy) (EuroSys ’23). Association for Computing Machinery, New York, NY, USA, 540–556. https://doi.org/10.1145/3552326.3567482
  42. Strong and Efficient Cache Side-Channel Protection Using Hardware Transactional Memory. In Proceedings of the 26th USENIX Conference on Security Symposium (Vancouver, BC, Canada) (SEC’17). USENIX Association, USA, 217–233. https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-gruss.pdf
  43. Dissecting BFT Consensus: In Trusted Components We Trust!. In Proceedings of the Eighteenth European Conference on Computer Systems (Rome, Italy) (EuroSys ’23). Association for Computing Machinery, New York, NY, USA, 521–539. https://doi.org/10.1145/3552326.3587455
  44. Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (Savannah, GA, USA) (OSDI’16). USENIX Association, USA, 533–549. https://www.usenix.org/system/files/conference/osdi16/osdi16-hunt.pdf
  45. Hyperledger. 2021. Fabric Private Chaincode RPC 1.0. https://github.com/hyperledger/fabric-rfcs/blob/main/text/0000-fabric-private-chaincode-1.0.md [Last accessed: 2023-Oct-06].
  46. Hyperledger. 2022a. Hyperledger Fabric. https://github.com/hyperledger/fabric [Last accessed: 2023-Oct-06].
  47. Hyperledger. 2022b. Hyperledger Fabric Private Chaincode. https://github.com/hyperledger/fabric-private-chaincode [Last accessed: 2023-Oct-06].
  48. Intel. 2016. Introduction to Intel SGX Sealing. https://www.intel.com/content/www/us/en/developer/articles/technical/introduction-to-intel-sgx-sealing.html [Last accessed: 2023-Oct-06].
  49. Intel. 2018. Performance Considerations for Intel Software Guard Extensions (Intel SGX) Applications. https://community.intel.com/legacyfs/online/drupal_files/managed/09/37/Intel-SGX-Performance-Considerations.pdf [Last accessed: 2023-Oct-06].
  50. Intel. 2020. AMD SEV-SNP: Strengthening VM isolation with integrity protection and more. https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf [Last accessed: 2023-Oct-06].
  51. Intel. 2021a. Intel Trust Domain Extensions - White Paper. https://cdrdv2.intel.com/v1/dl/getContent/690419 [Last accessed: 2023-Oct-06].
  52. Intel. 2021b. Product Brief: 3rd Gen Intel Xeon Scalable Processors. https://www.intel.com/content/www/us/en/products/docs/processors/xeon/3rd-gen-xeon-scalable-processors-brief.html [Last accessed: 2023-Oct-06].
  53. Intel. 2021c. Unable to find Alternatives to Monotonic Counter Application Programming Interfaces (APIs) in Intel Software Guard Extensions (Intel SGX) for Linux* to Prevent Sealing Rollback Attacks. https://www.intel.com/content/www/us/en/support/articles/000057968/software/intel-security-products.html Article ID: 000057968 [Last accessed: 2023-Oct-06].
  54. Intel. 2022a. Intel Software Guard Extensions (Intel SGX) SDK for Linux OS - Developer Reference. https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Reference_Linux_2.17_Open_Source.pdf Revision 2.17 [Last accessed: 2023-Oct-06].
  55. Intel. 2022b. Which Platforms Support Intel Software Guard Extensions (Intel SGX) SGX2? https://www.intel.com/content/www/us/en/support/articles/000058764/software/intel-security-products.html Article ID: 000058764 [Last accessed: 2023-Oct-06].
  56. Parma: Confidential Containers via Attested Execution Policies. arXiv:2302.03976 [cs.CR] https://arxiv.org/abs/2302.03976
  57. JSON Web Token (JWT). RFC 7519. https://doi.org/10.17487/RFC7519
  58. Zab: High-Performance Broadcast for Primary-Backup Systems. In Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN ’11). IEEE Computer Society, USA, 245 – 256. https://doi.org/10.1109/DSN.2011.5958223
  59. Datacenter RPCs Can Be General and Fast. In Proceedings of the 16th USENIX Conference on Networked Systems Design and Implementation (Boston, MA, USA) (NSDI’19). USENIX Association, USA, 1–16. https://www.usenix.org/system/files/nsdi19-kalia.pdf
  60. David Kaplan. 2017. Protecting VM Register State with SEV-ES. https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/Protecting-VM-Register-State-with-SEV-ES.pdf [Last accessed: 2023-Oct-06].
  61. AMD Memory Encryption. https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/memory-encryption-white-paper.pdf [Last accessed: 2023-Oct-06].
  62. Hermes: A Fast, Fault-Tolerant and Linearizable Replication Protocol. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems (Lausanne, Switzerland) (ASPLOS ’20). Association for Computing Machinery, New York, NY, USA, 201–217. https://doi.org/10.1145/3373376.3378496
  63. ShieldStore: Shielded In-Memory Key-Value Storage with SGX. In Proceedings of the Fourteenth EuroSys Conference 2019 (Dresden, Germany) (EuroSys ’19). Association for Computing Machinery, New York, NY, USA, Article 14, 15 pages. https://doi.org/10.1145/3302424.3303951
  64. Pesos: Policy Enhanced Secure Object Store. In Proceedings of the Thirteenth EuroSys Conference (Porto, Portugal) (EuroSys ’18). Association for Computing Machinery, New York, NY, USA, Article 25, 17 pages. https://doi.org/10.1145/3190508.3190518
  65. Sandeep Kumar and Smruti R. Sarangi. 2021. SecureFS: A Secure File System for Intel SGX. In Proceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses (San Sebastian, Spain) (RAID ’21). Association for Computing Machinery, New York, NY, USA, 91–102. https://doi.org/10.1145/3471621.3471840
  66. Hyperledger Labs. 2022. Hyperledger Private Data Objects. https://github.com/hyperledger-labs/private-data-objects
  67. Leslie Lamport. 1998. The Part-Time Parliament. ACM Trans. Comput. Syst. 16, 2 (may 1998), 133 – 169. https://doi.org/10.1145/279227.279229
  68. Leslie Lamport. 2002. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley Professional, Pearson Education, USA. https://lamport.azurewebsites.net/tla/book.html [Last accessed: 2023-Oct-06].
  69. Keystone: An Open Framework for Architecting Trusted Execution Environments. In Proceedings of the Fifteenth European Conference on Computer Systems (Heraklion, Greece) (EuroSys ’20). Association for Computing Machinery, New York, NY, USA, Article 38, 16 pages. https://doi.org/10.1145/3342195.3387532
  70. Bringing Decentralized Search to Decentralized Services. In 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI 21). USENIX Association, USA, 331–347. https://www.usenix.org/system/files/osdi21-li.pdf
  71. Design and Verification of the Arm Confidential Compute Architecture. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22). USENIX Association, Carlsbad, CA, 465–484. https://www.usenix.org/system/files/osdi22-li.pdf
  72. Snmalloc: A Message Passing Allocator. In Proceedings of the 2019 ACM SIGPLAN International Symposium on Memory Management (Phoenix, AZ, USA) (ISMM 2019). Association for Computing Machinery, New York, NY, USA, 122–135. https://doi.org/10.1145/3315573.3329980
  73. Glamdring: Automatic Application Partitioning for Intel SGX. In Proceedings of the 2017 USENIX Conference on Usenix Annual Technical Conference (Santa Clara, CA, USA) (USENIX ATC ’17). USENIX Association, USA, 285–298. https://www.usenix.org/system/files/conference/atc17/atc17-lind.pdf
  74. N. A. Lynch and A. A. Shvartsman. 1997. Robust Emulation of Shared Memory Using Dynamic Quorum-Acknowledged Broadcasts. In Proceedings of the 27th International Symposium on Fault-Tolerant Computing (FTCS ’97) (FTCS ’97). IEEE Computer Society, USA, 272. https://doi.org/10.1109/FTCS.1997.614100
  75. ADAM-CS: Advanced Asynchronous Monotonic Counter Service. In 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE Computer Society, USA, 426–437. https://doi.org/10.1109/DSN48987.2021.00053
  76. A Survey on Fully Homomorphic Encryption: An Engineering Perspective. ACM Comput. Surv. 50, 6, Article 83 (dec 2017), 33 pages. https://doi.org/10.1145/3124441
  77. ROTE: Rollback Protection for Trusted Execution. In Proceedings of the 26th USENIX Conference on Security Symposium (Vancouver, BC, Canada) (SEC’17). USENIX Association, USA, 1289–1306. https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-matetic.pdf
  78. Ralph C. Merkle. 1987. A Digital Signature Based on a Conventional Encryption Function. In A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology (CRYPTO ’87). Springer-Verlag, Berlin, Heidelberg, 369–378. https://doi.org/10.1007/3-540-48184-2_32
  79. Precursor: A Fast, Client-Centric and Trusted Key-Value Store Using RDMA and Intel SGX. In Proceedings of the 22nd International Middleware Conference (Québec city, Canada) (Middleware ’21). Association for Computing Machinery, New York, NY, USA, 1–13. https://doi.org/10.1145/3464298.3476129
  80. Microsoft. 2022a. LSKV. https://github.com/microsoft/LSKV [Last accessed: 2023-Oct-06].
  81. Microsoft. 2022b. Merklecpp. https://github.com/microsoft/merklecpp [Last accessed: 2023-Oct-06].
  82. Microsoft. 2022c. Microsoft Azure confidential ledger. https://learn.microsoft.com/en-us/azure/confidential-ledger/overview [Last accessed: 2023-Oct-06].
  83. Microsoft. 2022d. scitt-ccf-ledger. https://github.com/microsoft/scitt-ccf-ledger [Last accessed: 2023-Oct-06].
  84. Microsoft. 2022e. W3C DID for Confidential Consortium Framework. https://github.com/microsoft/did-ccf [Last accessed: 2023-Oct-06].
  85. Microsoft. 2023a. Confidential Consortium Framework Documentation. https://microsoft.github.io/CCF/main/ [Last accessed: 2023-Oct-06].
  86. Microsoft. 2023b. DCsv3 and DCdsv3-series. https://learn.microsoft.com/en-us/azure/virtual-machines/dcv3-series [Last accessed: 2023-Oct-06].
  87. Microsoft. 2023c. Default constitution for CCF. https://github.com/microsoft/CCF/tree/main/samples/constitutions/default [Last accessed: 2023-Oct-06].
  88. Microsoft. 2023d. TLA+ Specifications for the Confidential Consortium Framework. https://github.com/microsoft/CCF/tree/main/tla [Last accessed: 2023-Oct-06].
  89. Plundervolt: Software-based Fault Injection Attacks against Intel SGX. In Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P’20). IEEE Computer Society, USA, 1466–1482. https://doi.org/10.1109/SP40000.2020.00057
  90. NARRATOR: Secure and Practical State Continuity for Trusted Execution in the Cloud. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (Los Angeles, CA, USA) (CCS ’22). Association for Computing Machinery, New York, NY, USA, 2385–2399. https://doi.org/10.1145/3548606.3560620
  91. National Institute of Standards and Technology (NIST). 2015. FIPS 180-4: Secure Hash Standard. http://dx.doi.org/10.6028/NIST.FIPS.180-4
  92. Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In Proceedings of the 2018 USENIX Conference on Usenix Annual Technical Conference (Boston, MA, USA) (USENIX ATC ’18). USENIX Association, USA, 227–239. https://www.usenix.org/system/files/conference/atc18/atc18-oleksenko.pdf
  93. Diego Ongaro. 2014. Consensus: Bridging Theory and Practice. Ph. D. Dissertation. Stanford. https://web.stanford.edu/~ouster/cgi-bin/papers/OngaroPhD.pdf [Last accessed: 2023-Oct-06].
  94. Diego Ongaro and John Ousterhout. 2014. In Search of an Understandable Consensus Algorithm. In Proceedings of the 2014 USENIX Conference on USENIX Annual Technical Conference (Philadelphia, PA) (USENIX ATC’14). USENIX Association, USA, 305 – 320. https://www.usenix.org/system/files/conference/atc14/atc14-paper-ongaro.pdf
  95. OpenSSL. 2023. OpenSSL homepage. https://www.openssl.org/ [Last accessed: 2023-Oct-06].
  96. Eleos: ExitLess OS Services for SGX Enclaves. In Proceedings of the Twelfth European Conference on Computer Systems (Belgrade, Serbia) (EuroSys ’17). Association for Computing Machinery, New York, NY, USA, 238–253. https://doi.org/10.1145/3064176.3064219
  97. European Parliament. 2016. General Data Protection Regulation (GDPR) 2016/679. https://eur-lex.europa.eu/eli/reg/2016/679/oj [Last accessed: 2023-Oct-06].
  98. The Energy Footprint of Blockchain Consensus Mechanisms Beyond Proof-of-Work. In 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE Computer Society, USA, 1135–1144. https://doi.org/10.1109/QRS-C55045.2021.00168
  99. Peter Pogorski. 2023. Announcing public preview of confidential containers on Azure Container Instances. https://techcommunity.microsoft.com/t5/apps-on-azure-blog/announcing-public-preview-of-confidential-containers-on-azure/ba-p/3755623 [Last accessed: 2023-Oct-06].
  100. EnclaveDB: A Secure Database Using SGX. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, USA, 264–278. https://doi.org/10.1109/SP.2018.00025
  101. Anil Rao. 2022. Rising to the Challenge - Data Security with Intel Confidential Computing. https://community.intel.com/t5/Blogs/Products-and-Solutions/Security/Rising-to-the-Challenge-Data-Security-with-Intel-Confidential/post/1353141 [Last accessed: 2023-Oct-06].
  102. CCF: A Framework for Building Confidential Verifiable Replicated Services. Technical Report MSR-TR-2019-16. Microsoft. https://www.microsoft.com/en-us/research/publication/ccf-a-framework-for-building-confidential-verifiable-replicated-services/ [Last accessed: 2023-Oct-06].
  103. Toward Confidential Cloud Computing. Commun. ACM 64, 6 (May 2021), 54–61. https://doi.org/10.1145/3453930
  104. AES Galois Counter Mode (GCM) Cipher Suites for TLS. RFC 5288. https://doi.org/10.17487/RFC5288
  105. J. Schaad. 2017. CBOR Object Signing and Encryption (COSE). RFC 8852. RFC Editor. https://doi.org/10.17487/RFC8152
  106. VC3: Trustworthy Data Analytics in the Cloud Using SGX. In Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP ’15). IEEE Computer Society, USA, 38–54. https://doi.org/10.1109/SP.2015.10
  107. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment, Michalis Polychronakis and Michael Meier (Eds.). Springer International Publishing, Cham, 3–24. https://doi.org/10.1007/978-3-319-60876-1_1
  108. Adi Shamir. 1979. How to Share a Secret. Commun. ACM 22, 11 (nov 1979), 612–613. https://doi.org/10.1145/359168.359176
  109. IA-CCF: Individual Accountability for Permissioned Ledgers. In 19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22). USENIX Association, Renton, WA, 467–491. https://www.usenix.org/system/files/nsdi22-paper-shamis.pdf
  110. Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems (Lausanne, Switzerland) (ASPLOS ’20). Association for Computing Machinery, New York, NY, USA, 955–970. https://doi.org/10.1145/3373376.3378469
  111. Signal. 2022. Private Contact Discovery Service (Public Archive). https://github.com/signalapp/ContactDiscoveryService/ [Last accessed: 2023-Oct-06].
  112. Enclaves in the Clouds: Legal Considerations and Broader Implications. Commun. ACM 64, 5 (apr 2021), 42–51. https://doi.org/10.1145/3447543
  113. Rohit Sinha and Mihai Christodorescu. 2018. VeritasDB: High Throughput Key-Value Store with Integrity. Cryptology ePrint Archive, Paper 2018/251. https://eprint.iacr.org/2018/251
  114. Shubhra Sinha. 2022. Microsoft introduces preview of Azure Managed Confidential Consortium Framework. https://techcommunity.microsoft.com/t5/azure-confidential-computing/microsoft-introduces-preview-of-azure-managed-confidential/ba-p/3648986 [Last accessed: 2023-Oct-06].
  115. MicroScope: Enabling Microarchitectural Replay Attacks. In Proceedings of the 46th International Symposium on Computer Architecture (Phoenix, Arizona) (ISCA ’19). Association for Computing Machinery, New York, NY, USA, 318–331. https://doi.org/10.1145/3307650.3322228
  116. Michael J. Steindorfer and Jurgen J. Vinju. 2016. Fast and Lean Immutable Multi-Maps on the JVM based on Heterogeneous Hash-Array Mapped Tries. CoRR abs/1608.01036 (2016). arXiv:1608.01036 http://arxiv.org/abs/1608.01036
  117. Building Enclave-Native Storage Engines for Practical Encrypted Databases. Proc. VLDB Endow. 14, 6 (apr 2021), 1019–1032. https://doi.org/10.14778/3447689.3447705
  118. Edgeless Systems. 2022a. Constellation: Always Encrypted Kubernetes. https://github.com/edgelesssys/constellation [Last accessed: 2023-Oct-06].
  119. Edgeless Systems. 2022b. EGo. https://github.com/edgelesssys/ego [Last accessed: 2023-Oct-06].
  120. Cooperation and Security Isolation of Library OSes for Multi-Process Applications. In Proceedings of the Ninth European Conference on Computer Systems (Amsterdam, The Netherlands) (EuroSys ’14). Association for Computing Machinery, New York, NY, USA, Article 9, 14 pages. https://doi.org/10.1145/2592798.2592812
  121. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (Santa Clara, CA, USA) (USENIX ATC ’17). USENIX Association, USA, 645–658. https://www.usenix.org/system/files/conference/atc17/atc17-tsai.pdf
  122. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient out-of-Order Execution. In Proceedings of the 27th USENIX Conference on Security Symposium (Baltimore, MD, USA) (SEC’18). USENIX Association, USA, 991–1008. https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-van_bulck.pdf
  123. LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, USA, 54–72. https://doi.org/10.1109/SP40000.2020.00089
  124. SGAxe: How SGX Fails in Practice. https://sgaxe.com/files/SGAxe.pdf [Last accessed: 2023-Oct-06].
  125. SoK: SGX.Fail: How Stuff Get eXposed. https://sgx.fail.
  126. ENGRAFT: Enclave-Guarded Raft on Byzantine Faulty Nodes. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (Los Angeles, CA, USA) (CCS ’22). Association for Computing Machinery, New York, NY, USA, 2841–2855. https://doi.org/10.1145/3548606.3560639
  127. Global-Scale Secure Multiparty Computation. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (Dallas, Texas, USA) (CCS ’17). Association for Computing Machinery, New York, NY, USA, 39–56. https://doi.org/10.1145/3133956.3133979
  128. Regaining Lost Cycles with HotCalls: A Fast Interface for SGX Secure Enclaves. SIGARCH Comput. Archit. News 45, 2 (jun 2017), 81–93. https://doi.org/10.1145/3140659.3080208
  129. Michael E Whitman and Herbert J Mattord. 2011. Principles of information security, 4th edition. Course Technology Inc, USA.
  130. Data Station: Delegated, Trustworthy, and Auditable Computation to Enable Data-Sharing Consortia with a Data Escrow. Proc. VLDB Endow. 15, 11 (sep 2022), 3172–3185. https://doi.org/10.14778/3551793.3551861
  131. PrivacyGuard: Enforcing Private Data Usage Control with Blockchain and Attested Off-Chain Contract Execution. In Computer Security - ESORICS 2020: 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14-18, 2020, Proceedings, Part II (Guildford, United Kingdom). Springer-Verlag, Berlin, Heidelberg, 610–629. https://doi.org/10.1007/978-3-030-59013-0_30
  132. Brief Announcement: Communication-Efficient BFT Using Small Trusted Hardware to Tolerate Minority Corruption. In 35th International Symposium on Distributed Computing (DISC 2021) (Leibniz International Proceedings in Informatics (LIPIcs), Vol. 209), Seth Gilbert (Ed.). Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl, Germany, 62:1–62:4. https://doi.org/10.4230/LIPIcs.DISC.2021.62
Citations (9)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now