Corpus ID: 199001081

EnclaveDom: Privilege Separation for Large-TCB Applications in Trusted Execution Environments

@article{Melara2019EnclaveDomPS,
  title={EnclaveDom: Privilege Separation for Large-TCB Applications in Trusted Execution Environments},
  author={M. Melara and M. Freedman and M. Bowman},
  journal={ArXiv},
  year={2019},
  volume={abs/1907.13245}
}
Trusted executions environments (TEEs) such as Intel(R) SGX provide hardware-isolated execution areas in memory, called enclaves. By running only the most trusted application components in the enclave, TEEs enable developers to minimize the TCB of their applications thereby helping to protect sensitive application data. However, porting existing applications to TEEs often requires considerable refactoring efforts, as TEEs provide a restricted interface to standard OS features. To ease… Expand
Sirius: Enabling System-Wide Isolation for Trusted Execution Environments
Nested Enclave: Supporting Fine-grained Hierarchical Isolation with SGX
Donky: Domain Keys - Efficient In-Process Isolation for RISC-V and x86
$μ$Tiles: Efficient Intra-Process Privilege Enforcement of Memory Regions
Enclave-Aware Compartmentalization and Secure Sharing with Sirius

References

SHOWING 1-10 OF 58 REFERENCES
Glamdring: Automatic Application Partitioning for Intel SGX
Panoply: Low-TCB Linux Applications With SGX Enclaves
To Isolate, or to Share?: That is a Question for Intel SGX
Enforcing Least Privilege Memory Views for Multithreaded Applications
SGXKernel: A Library Operating System Optimized for Intel SGX
Automating Isolation and Least Privilege in Web Services
SCONE: Secure Linux Containers with Intel SGX
ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK)
Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks
...
1
2
3
4
5
...