COMP5900 COMP4900 2024F: Reading list: Difference between revisions

From Soma-notes
mNo edit summary
mNo edit summary
Line 10: Line 10:
** [https://dl.acm.org/citation.cfm?id=3186101 SafeKeeper: Protecting Web Passwords using Trusted Execution Environments]
** [https://dl.acm.org/citation.cfm?id=3186101 SafeKeeper: Protecting Web Passwords using Trusted Execution Environments]
* Application of TC technologies
* Application of TC technologies
** SCONE: Secure Linux Containers with Intel SGX (*)
** [https://www.usenix.org/system/files/conference/osdi16/osdi16-arnautov.pdf SCONE: Secure Linux Containers with Intel SGX] (*)
** SGX-Tor: A Secure and Practical Tor Anonymity Network with SGX Enclaves (*)
** [https://ieeexplore.ieee.org/document/8464097 SGX-Tor: A Secure and Practical Tor Anonymity Network with SGX Enclaves] (*)
** EnclaveDB: A Secure Database using SGX (*)
** [https://ieeexplore.ieee.org/document/8418608 EnclaveDB: A Secure Database using SGX] (*)
** SGX-Log: Securing System Logs with SGX (*)
** [https://dl.acm.org/doi/10.1145/3052973.3053034 SGX-Log: Securing System Logs with SGX] (*)
** OS integrity: Nighthawk: Transparent System Introspection from Ring -3 (*)
** OS integrity: [https://link.springer.com/chapter/10.1007/978-3-030-29962-0_11 Nighthawk: Transparent System Introspection from Ring -3] (*)
** Hypervisor integrity: HyperCheck: A Hardware-Assisted Integrity Monitor (*)
** Hypervisor integrity: [https://ieeexplore.ieee.org/abstract/document/6682894 HyperCheck: A Hardware-Assisted Integrity Monitor] (*)
** Data protection: Pesos: Policy Enhanced Secure Object Store (*)
** Data protection: [https://dl.acm.org/doi/abs/10.1145/3190508.3190518 Pesos: Policy Enhanced Secure Object Store] (*)
* Making TC technologies more adoptable/usable
* Making TC technologies more adoptable/usable
** Flicker: An Execution Infrastructure for TCB Minimization (*)
** Flicker: An Execution Infrastructure for TCB Minimization (*)

Revision as of 04:11, 29 August 2024

You can only sign up for papers with an asterisk (*) at the end of their title.

  • Introduction to the course and trusted computing
  • Trust
  • Application of TC technologies
  • Making TC technologies more adoptable/usable
    • Flicker: An Execution Infrastructure for TCB Minimization (*)
    • Glamdring: Automatic Application Partitioning for Intel SGX (*)
    • Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX (*)
    • Civet: An Efficient Java Partitioning Framework for Hardware Enclaves (*)
    • vTZ: Virtualizing ARM TrustZone (*)
    • Towards Memory Safe Enclave Programming with Rust-SGX [Rust + SGX] (*)
    • RusTEE: Developing Memory-Safe ARM TrustZone Applications [Rust + ARM] (*)
    • SGXPy: Protecting integrity of Python applications with Intel SGX [Python + SGX] (*)
    • Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications [.NET + SGX] (*)
  • Side-channel attacks
    • Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices
    • Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution (*)
    • Meltdown: Reading Kernel Memory from User Space (*)
    • Spectre Attacks: Exploiting Speculative Execution (*)
    • Latest: Downfall: Exploiting Speculative Data Gathering (*)
  • Internal misbehavior: memory attacks
    • SoK: Eternal War in Memory (*)
    • Memory Errors: The Past, the Present, and the Future
    • Defense: C-FLAT: Control-Flow Attestation for Embedded Systems Software (*)
    • Defense: PTAuth: Temporal Memory Safety via Robust Points-to Authentication (*)
    • Attacking the defense: PACMAN: Attacking ARM Pointer Authentication with Speculative Execution (*)
  • Human authenticating machine
    • Turtles All The Way Down: Research Challenges in User-Based Attestation
    • Stark: Tamperproof Authentication to Resist Keylogging (*)
    • Evil maid goes after PGP whole disk encryption
    • PRISM/ Human-Verifiable Code Execution (*)
  • State continuity
    • Memoir: Practical state continuity for protected modules (*)
    • ROTE: Rollback Protection for Trusted Execution (*)
    • Ariadne: A Minimal Approach to State Continuity (*)
  • Secure input/output
    • SeCloak: ARM TrustZone-based Mobile Peripheral Control
    • Building trusted path on untrusted device drivers for mobile devices (*)
    • TruZ-Droid: Integrating TrustZone with Mobile Operating System (*)
    • Establishing Trusted I/O Paths for SGX Client Systems with Aurora (*)
    • VButton: Practical Attestation of User-driven Operations in Mobile Apps (*)
    • ProtectIOn: Root-of-Trust for IO in Compromised Platforms (*)
    • Fidelius: Protecting User Secrets from Compromised Browsers (*)
  • Proposed hardware improvements
    • Fine-grained isolation: IMIX: In-Process Memory Isolation EXtension (*)
    • Memory safety: HAFIX: Hardware-Assisted Flow Integrity Extension (*)
    • Integrity monitoring: Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode (*)
    • Integrity monitoring: CPU Transparent Protection of OS Kernel and Hypervisor Integrity with Programmable DRAM (*)
  • Proposals based on existing (non-security) hardware support
    • PixelVault: Using GPUs for Securing Cryptographic Operations (*)
    • Graviton: Trusted Execution Environments on GPUs (*)
    • GRIFFIN: Guarding Control Flows Using Intel Processor Trace (*)
    • T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs (*)