Corpus ID: 199001081

EnclaveDom: Privilege Separation for Large-TCB Applications in Trusted Execution Environments

@article{Melara2019EnclaveDomPS,
  title={EnclaveDom: Privilege Separation for Large-TCB Applications in Trusted Execution Environments},
  author={M. Melara and M. Freedman and M. Bowman},
  journal={ArXiv},
  year={2019},
  volume={abs/1907.13245}
}
Trusted executions environments (TEEs) such as Intel(R) SGX provide hardware-isolated execution areas in memory, called enclaves. By running only the most trusted application components in the enclave, TEEs enable developers to minimize the TCB of their applications thereby helping to protect sensitive application data. However, porting existing applications to TEEs often requires considerable refactoring efforts, as TEEs provide a restricted interface to standard OS features. To ease… Expand
8 Citations
Sirius: Enabling System-Wide Isolation for Trusted Execution Environments
  • 1
  • PDF
CubicleOS: a library OS with software componentisation for practical isolation
  • 1
  • PDF
Nested Enclave: Supporting Fine-grained Hierarchical Isolation with SGX
  • 6
  • PDF
Donky: Domain Keys - Efficient In-Process Isolation for RISC-V and x86
  • 7
  • PDF
$μ$Tiles: Efficient Intra-Process Privilege Enforcement of Memory Regions
  • 2
  • PDF
Enclave-Aware Compartmentalization and Secure Sharing with Sirius
Mir: Automated Quantifiable Privilege Reduction Against Dynamic Library Compromise in JavaScript
  • PDF

References

SHOWING 1-10 OF 58 REFERENCES
Glamdring: Automatic Application Partitioning for Intel SGX
  • 88
  • Highly Influential
  • PDF
Panoply: Low-TCB Linux Applications With SGX Enclaves
  • 164
  • Highly Influential
  • PDF
To Isolate, or to Share?: That is a Question for Intel SGX
  • 7
Enforcing Least Privilege Memory Views for Multithreaded Applications
  • 31
  • PDF
SGXKernel: A Library Operating System Optimized for Intel SGX
  • 13
Automating Isolation and Least Privilege in Web Services
  • 25
  • PDF
SCONE: Secure Linux Containers with Intel SGX
  • 467
  • PDF
ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK)
  • 45
  • PDF
Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks
  • 86
  • PDF
...
1
2
3
4
5
...