COMP5900 COMP4900 2024F: Reading list: Difference between revisions

From Soma-notes
mNo edit summary
mNo edit summary
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
You can only sign up for papers with an asterisk (*) at the end of their title.
You can only sign up for papers with an asterisk (*) at the end of their title.
If you are looking for more papers (from which you consider choosing to present):
[https://github.com/vschiavoni/sgx-papers Papers about/using Intel SGX]
You can also check out these [https://github.com/Maxul/Awesome-SGX-Open-Source SGX Open Source Projects] (with or without papers).


* Introduction to the course and trusted computing
* Introduction to the course and trusted computing
Line 5: Line 11:
** [https://ieeexplore.ieee.org/document/7807249 Hardware-Based Trusted Computing Architectures for Isolation and Attestation]
** [https://ieeexplore.ieee.org/document/7807249 Hardware-Based Trusted Computing Architectures for Isolation and Attestation]
** [https://ieeexplore.ieee.org/document/7345265 Trusted Execution Environment: What It is, and What It is Not]
** [https://ieeexplore.ieee.org/document/7345265 Trusted Execution Environment: What It is, and What It is Not]
**  [https://dl.acm.org/doi/abs/10.1145/3672392 A Survey of Hardware Improvements to Secure Program Execution]
* Trust  
* Trust  
** [https://dl.acm.org/citation.cfm?id=1849988 Bootstrapping Trust in Commodity Computers]
** [https://dl.acm.org/citation.cfm?id=1849988 Bootstrapping Trust in Commodity Computers]
Line 10: Line 17:
** [https://dl.acm.org/citation.cfm?id=3186101 SafeKeeper: Protecting Web Passwords using Trusted Execution Environments]
** [https://dl.acm.org/citation.cfm?id=3186101 SafeKeeper: Protecting Web Passwords using Trusted Execution Environments]
* Application of TC technologies
* Application of TC technologies
** [https://www.usenix.org/system/files/conference/osdi16/osdi16-arnautov.pdf SCONE: Secure Linux Containers with Intel SGX] (*)
** [https://www.usenix.org/system/files/conference/osdi16/osdi16-arnautov.pdf SCONE: Secure Linux Containers with Intel SGX] (*) <span style="color:#0000ff;font-weight:bold"> Recommended </span>
** [https://ieeexplore.ieee.org/document/8464097 SGX-Tor: A Secure and Practical Tor Anonymity Network with SGX Enclaves] (*)
** [https://ieeexplore.ieee.org/document/8464097 SGX-Tor: A Secure and Practical Tor Anonymity Network with SGX Enclaves] (*)
** [https://ieeexplore.ieee.org/document/8418608 EnclaveDB: A Secure Database using SGX] (*)
** [https://ieeexplore.ieee.org/document/8418608 EnclaveDB: A Secure Database using SGX] (*)
Line 18: Line 25:
** Data protection: [https://dl.acm.org/doi/abs/10.1145/3190508.3190518 Pesos: Policy Enhanced Secure Object Store] (*)
** Data protection: [https://dl.acm.org/doi/abs/10.1145/3190508.3190518 Pesos: Policy Enhanced Secure Object Store] (*)
* Making TC technologies more adoptable/usable
* Making TC technologies more adoptable/usable
** Flicker: An Execution Infrastructure for TCB Minimization (*)
** [https://dl.acm.org/citation.cfm?id=1352625 Flicker: An Execution Infrastructure for TCB Minimization] (*)
** Glamdring: Automatic Application Partitioning for Intel SGX (*)
** [https://www.usenix.org/system/files/conference/atc17/atc17-lind.pdf Glamdring: Automatic Application Partitioning for Intel SGX] (*)
** Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX (*)
**  [https://www.usenix.org/conference/atc17/technical-sessions/presentation/tsai Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX] (*)   <span style="color:#0000ff;font-weight:bold"> Recommended </span>
** Civet: An Efficient Java Partitioning Framework for Hardware Enclaves (*)
** [https://dl.acm.org/doi/pdf/10.1145/3373376.3378469 Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX] (*)
** vTZ: Virtualizing ARM TrustZone (*)
** [https://www.usenix.org/system/files/sec20spring_tsai_prepub.pdf Civet: An Efficient Java Partitioning Framework for Hardware Enclaves] (*)
** Towards Memory Safe Enclave Programming with Rust-SGX [Rust + SGX] (*)
** [https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-hua.pdf vTZ: Virtualizing ARM TrustZone] (*)
** RusTEE: Developing Memory-Safe ARM TrustZone Applications [Rust + ARM] (*)
** [https://dl.acm.org/doi/abs/10.1145/3319535.3354241 Towards Memory Safe Enclave Programming with Rust-SGX] [Rust + SGX] (*)
** SGXPy: Protecting integrity of Python applications with Intel SGX [Python + SGX] (*)
** [https://dl.acm.org/doi/abs/10.1145/3427228.3427262 RusTEE: Developing Memory-Safe ARM TrustZone Applications] [Rust + ARM] (*)
** Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications [.NET + SGX] (*)
** [https://ieeexplore.ieee.org/abstract/document/8945648 SGXPy: Protecting integrity of Python applications with Intel SGX] [Python + SGX] (*)
** [https://dl.acm.org/doi/abs/10.1145/2541940.2541949 Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications] [.NET + SGX] (*)
* Side-channel attacks
* Side-channel attacks
** Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices
** [https://ieeexplore.ieee.org/document/8141882 Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices]
** Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution (*)
** [https://www.usenix.org/conference/usenixsecurity18/presentation/bulck Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution] (*)
** Meltdown: Reading Kernel Memory from User Space (*)
** [https://www.usenix.org/conference/usenixsecurity18/presentation/lipp Meltdown: Reading Kernel Memory from User Space] (*)
** Spectre Attacks: Exploiting Speculative Execution (*)
** [https://ieeexplore.ieee.org/abstract/document/8835233 Spectre Attacks: Exploiting Speculative Execution] (*)
** Latest: Downfall: Exploiting Speculative Data Gathering (*)
** Latest: [https://www.usenix.org/system/files/usenixsecurity23-moghimi.pdf Downfall: Exploiting Speculative Data Gathering] (*)
* Internal misbehavior: memory attacks  
* Internal misbehavior: memory attacks  
** SoK: Eternal War in Memory (*)
** [https://ieeexplore.ieee.org/document/6547101 SoK: Eternal War in Memory] (*)
** Memory Errors: The Past, the Present, and the Future
** [https://link.springer.com/chapter/10.1007/978-3-642-33338-5_5 Memory Errors: The Past, the Present, and the Future]
** Defense: C-FLAT: Control-Flow Attestation for Embedded Systems Software (*)
** Defense: [https://dl.acm.org/doi/abs/10.1145/2976749.2978358 C-FLAT: Control-Flow Attestation for Embedded Systems Software] (*)
** Defense: PTAuth: Temporal Memory Safety via Robust Points-to Authentication (*)
** Defense: [https://www.usenix.org/system/files/sec21summer_mirzazade.pdf PTAuth: Temporal Memory Safety via Robust Points-to Authentication] (*)
** Attacking the defense: PACMAN: Attacking ARM Pointer Authentication with Speculative Execution (*)
** Attacking the defense: [https://dl.acm.org/doi/abs/10.1145/3470496.3527429 PACMAN: Attacking ARM Pointer Authentication with Speculative Execution] (*)
** Attacking the defense: [https://arxiv.org/pdf/2406.08719 TIKTAG: Breaking ARM’s Memory Tagging Extension with Speculative Execution] (*)
* Human authenticating machine
* Human authenticating machine
** Turtles All The Way Down: Research Challenges in User-Based Attestation
** [https://www.usenix.org/legacy/event/hotsec07/tech/full_papers/mccune/mccune.pdf Turtles All The Way Down: Research Challenges in User-Based Attestation]
** Stark: Tamperproof Authentication to Resist Keylogging (*)
** [https://fc13.ifca.ai/proc/9-1.pdf Stark: Tamperproof Authentication to Resist Keylogging] (*)
** Evil maid goes after PGP whole disk encryption
** [https://dl.acm.org/citation.cfm?id=1854103 Evil maid goes after PGP whole disk encryption]
** PRISM/ Human-Verifiable Code Execution (*)
** [https://netsec.ethz.ch/publications/papers/PRISM-2007.pdf PRISM/ Human-Verifiable Code Execution] (*)
* State continuity
* State continuity
** Memoir: Practical state continuity for protected modules (*)
** [https://www.microsoft.com/en-us/research/publication/memoir-practical-state-continuity-for-protected-modules/ Memoir: Practical state continuity for protected modules] (*)
** ROTE: Rollback Protection for Trusted Execution (*)
** [https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-matetic.pdf ROTE: Rollback Protection for Trusted Execution] (*)
** Ariadne: A Minimal Approach to State Continuity (*)
** [https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_strackx.pdf Ariadne: A Minimal Approach to State Continuity] (*)
* Secure input/output
* Secure input/output
** SeCloak: ARM TrustZone-based Mobile Peripheral Control
** [https://dl.acm.org/doi/10.1145/3210240.3210334 SeCloak: ARM TrustZone-based Mobile Peripheral Control]
** Building trusted path on untrusted device drivers for mobile devices (*)  
** [https://dl.acm.org/citation.cfm?id=2637225 Building trusted path on untrusted device drivers for mobile devices] (*)  
** TruZ-Droid: Integrating TrustZone with Mobile Operating System (*)
** [https://dl.acm.org/citation.cfm?id=3210338 TruZ-Droid: Integrating TrustZone with Mobile Operating System] (*)
** Establishing Trusted I/O Paths for SGX Client Systems with Aurora (*)
** [https://ieeexplore.ieee.org/document/8859293 Establishing Trusted I/O Paths for SGX Client Systems with Aurora] (*)
** VButton: Practical Attestation of User-driven Operations in Mobile Apps (*)
** [https://dl.acm.org/doi/10.1145/3210240.3210330 VButton: Practical Attestation of User-driven Operations in Mobile Apps] (*)
** ProtectIOn: Root-of-Trust for IO in Compromised Platforms (*)
** [https://www.ndss-symposium.org/ndss-paper/protection-root-of-trust-for-io-in-compromised-platforms/ ProtectIOn: Root-of-Trust for IO in Compromised Platforms] (*)
** Fidelius: Protecting User Secrets from Compromised Browsers (*)
** [https://ieeexplore-ieee-org.ezproxy.u-pec.fr/iel7/8826229/8835208/08835331.pdf Fidelius: Protecting User Secrets from Compromised Browsers] (*)
* Proposed hardware improvements
* Proposed hardware improvements
** Fine-grained isolation: IMIX: In-Process Memory Isolation EXtension (*)
** Fine-grained isolation: [https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-frassetto.pdf IMIX: In-Process Memory Isolation EXtension] (*)
** Memory safety: HAFIX: Hardware-Assisted Flow Integrity Extension (*)
** Memory safety: [https://ieeexplore.ieee.org/abstract/document/7167258 HAFIX: Hardware-Assisted Flow Integrity Extension] (*)
** Integrity monitoring: Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode (*)
** Integrity monitoring: [https://dl.acm.org/doi/10.1145/3134600.3134622 Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode] (*)
** Integrity monitoring: CPU Transparent Protection of OS Kernel and Hypervisor Integrity with Programmable DRAM (*)
** Integrity monitoring: [https://dl.acm.org/doi/abs/10.1145/2508148.2485956 CPU Transparent Protection of OS Kernel and Hypervisor Integrity with Programmable DRAM] (*)
* Proposals based on existing (non-security) hardware support  
* Proposals based on existing (non-security) hardware support  
** PixelVault: Using GPUs for Securing Cryptographic Operations (*)
** [https://dl.acm.org/citation.cfm?id=2660316&dl=ACM&coll=DL PixelVault: Using GPUs for Securing Cryptographic Operations] (*)
** Graviton: Trusted Execution Environments on GPUs (*)
** [https://www.usenix.org/system/files/osdi18-volos.pdf Graviton: Trusted Execution Environments on GPUs] (*)
** GRIFFIN: Guarding Control Flows Using Intel Processor Trace (*)
** [https://dl.acm.org/doi/10.1145/3093337.3037716 GRIFFIN: Guarding Control Flows Using Intel Processor Trace] (*)
** T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs (*)
** [https://www.ndss-symposium.org/wp-content/uploads/2017/09/ndss2017_07-2_Shih_paper.pdf T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs] (*)

Latest revision as of 00:40, 8 October 2024

You can only sign up for papers with an asterisk (*) at the end of their title.

If you are looking for more papers (from which you consider choosing to present):

Papers about/using Intel SGX

You can also check out these SGX Open Source Projects (with or without papers).