COMP5900 COMP4900 2024F: Reading list: Difference between revisions

You can only sign up for papers with an asterisk (*) at the end of their title.

If you are looking for more papers (from which you consider choosing to present): Papers about/using Intel SGX You can also check out these SGX Open Source Projects (with or without papers).

• Introduction to the course and trusted computing
  • The ten-page introduction to Trusted Computing
  • Hardware-Based Trusted Computing Architectures for Isolation and Attestation
  • Trusted Execution Environment: What It is, and What It is Not
  • A Survey of Hardware Improvements to Secure Program Execution
• Trust
  • Bootstrapping Trust in Commodity Computers
  • Reflections on Trusting Trust (Turing Award lecture, 1984)
  • SafeKeeper: Protecting Web Passwords using Trusted Execution Environments
• Application of TC technologies
  • SCONE: Secure Linux Containers with Intel SGX (*)
  • SGX-Tor: A Secure and Practical Tor Anonymity Network with SGX Enclaves (*)
  • EnclaveDB: A Secure Database using SGX (*)
  • SGX-Log: Securing System Logs with SGX (*)
  • OS integrity: Nighthawk: Transparent System Introspection from Ring -3 (*)
  • Hypervisor integrity: HyperCheck: A Hardware-Assisted Integrity Monitor (*)
  • Data protection: Pesos: Policy Enhanced Secure Object Store (*)
• Making TC technologies more adoptable/usable
  • Flicker: An Execution Infrastructure for TCB Minimization (*)
  • Glamdring: Automatic Application Partitioning for Intel SGX (*)
  • Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX (*)
  • Civet: An Efficient Java Partitioning Framework for Hardware Enclaves (*)
  • vTZ: Virtualizing ARM TrustZone (*)
  • Towards Memory Safe Enclave Programming with Rust-SGX [Rust + SGX] (*)
  • RusTEE: Developing Memory-Safe ARM TrustZone Applications [Rust + ARM] (*)
  • SGXPy: Protecting integrity of Python applications with Intel SGX [Python + SGX] (*)
  • Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications [.NET + SGX] (*)
• Side-channel attacks
  • Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices
  • Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution (*)
  • Meltdown: Reading Kernel Memory from User Space (*)
  • Spectre Attacks: Exploiting Speculative Execution (*)
  • Latest: Downfall: Exploiting Speculative Data Gathering (*)
• Internal misbehavior: memory attacks
  • SoK: Eternal War in Memory (*)
  • Memory Errors: The Past, the Present, and the Future
  • Defense: C-FLAT: Control-Flow Attestation for Embedded Systems Software (*)
  • Defense: PTAuth: Temporal Memory Safety via Robust Points-to Authentication (*)
  • Attacking the defense: PACMAN: Attacking ARM Pointer Authentication with Speculative Execution (*)
• Human authenticating machine
  • Turtles All The Way Down: Research Challenges in User-Based Attestation
  • Stark: Tamperproof Authentication to Resist Keylogging (*)
  • Evil maid goes after PGP whole disk encryption
  • PRISM/ Human-Verifiable Code Execution (*)
• State continuity
  • Memoir: Practical state continuity for protected modules (*)
  • ROTE: Rollback Protection for Trusted Execution (*)
  • Ariadne: A Minimal Approach to State Continuity (*)
• Secure input/output
  • SeCloak: ARM TrustZone-based Mobile Peripheral Control
  • Building trusted path on untrusted device drivers for mobile devices (*)
  • TruZ-Droid: Integrating TrustZone with Mobile Operating System (*)
  • Establishing Trusted I/O Paths for SGX Client Systems with Aurora (*)
  • VButton: Practical Attestation of User-driven Operations in Mobile Apps (*)
  • ProtectIOn: Root-of-Trust for IO in Compromised Platforms (*)
  • Fidelius: Protecting User Secrets from Compromised Browsers (*)
• Proposed hardware improvements
  • Fine-grained isolation: IMIX: In-Process Memory Isolation EXtension (*)
  • Memory safety: HAFIX: Hardware-Assisted Flow Integrity Extension (*)
  • Integrity monitoring: Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode (*)
  • Integrity monitoring: CPU Transparent Protection of OS Kernel and Hypervisor Integrity with Programmable DRAM (*)
• Proposals based on existing (non-security) hardware support
  • PixelVault: Using GPUs for Securing Cryptographic Operations (*)
  • Graviton: Trusted Execution Environments on GPUs (*)
  • GRIFFIN: Guarding Control Flows Using Intel Processor Trace (*)
  • T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs (*)