• Publications
  • Influence
Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX
TLDR
This paper presents a port of Graphene to SGX, as well as a number of improvements to make the security benefits of SGX more usable, such as integrity support for dynamically-loaded libraries, and secure multiprocess support.
Intel® Software Guard Extensions (Intel® SGX) Architecture for Oversubscription of Secure Memory in a Virtualized Environment
TLDR
This paper introduces SGX Oversubscription Extensions that add additional instructions and virtualization support to the SGX architecture so that cloud service providers can oversubscribe secure memory in a less complex and more performant manner.
Intel SGX Enabled Key Manager Service with OpenStack Barbican
TLDR
OpenStack Barbican API is extended to support attestation of an Intel SGX crypto plugin, to allow clients higher confidence in the software they are using for storing keys, and offers security similar to an HSM with the low cost and scalability of a software based solution.
Integrating Remote Attestation with Transport Layer Security
TLDR
This work seamlessly combine Intel SGX remote attestation with the establishment of a standard Transport Layer Security (TLS) connection, and has prototype implementations for three widely used open-source TLS libraries: OpenSSL, wolfSSL and mbedTLS.
Snort Intrusion Detection System with Intel Software Guard Extension (Intel SGX)
TLDR
This paper describes the experiences with hardening the king of middleboxes - Intrusion Detection Systems (IDS) - using Intel Software Guard Extensions (Intel SGX) technology, and develops SEC-IDS, an unmodified Snort 3 with a DPDK network layer that achieves 10Gbps line rate.
User-Guided Device Driver Synthesis
TLDR
Tmite-2 is the first tool to combine the power of automation with the flexibility of conventional development, and is also the first practical synthesis tool based on abstraction refinement, to support automated debugging of input specifications.
Improved Device Driver Reliability Through Verification Reuse
TLDR
It is claimed that the two tasks: device verification and driver development can and should be unified, and this will result in drastic improvement of device-driver quality and reduction in the development cost and time to market.
Scaling Intel® Software Guard Extensions Applications with Intel® SGX Card
TLDR
This paper describes how the Intel SGX Card makes the IntelSGX technology available on dual-socket server platforms today and easily integrated into existing data center infrastructure and proposes four software architectures to efficiently utilize the card's resources.
Improved device driver reliability through hardware verification reuse
TLDR
This paper proposes a device driver design and verification workflow that achieves unification and applies it to develop and test drivers for four different I/O devices and demonstrates that it improves the driver test coverage and allows detecting driver defects that are extremely hard to find using conventional testing techniques.
Trusted execution environment with Intel SGX
TLDR
This chapter describes the abstractions and properties offered by TEEs, explains the realization of the TEE abstraction in Intel SGX, explores the deployment of SGX in the Cloud to realize secure multiparty applications, and finishes with an Outlook on challenges and opportunities ahead.
...
1
2
...