Building applications that ensure confidentiality of sensitive data is a non-trivial task. Such applications constantly face threats due to vulnerabilities in the application's code, or infrastructure attacks due to malicious datacenter insiders and exploits in the lower computing layers (i.e. OS, hypervisor, BIOS, firmware) that the application relies upon.This dissertation presents a novel approach for developing and verifying applications with provable confidentiality guarantees, even in the presence of such privileged adversaries. Our primary defense against infrastructure attacks is the use of trusted primitives such as Intel SGX enclaves, for isolating sensitive code and data within protected memory regions; enclaves are inaccessible ...
In today’s world, cloud machines store an ever-increasing amount of sensitive user data, but it rema...
Trusted execution support in modern CPUs, as offered by Intel SGX enclaves , can protect application...
International audienceA variety of applications are executing on a large untrusted computing base, w...
Many applications are built upon private algorithms, and executing them in untrusted, remote enviro...
Security-critical applications constantly face threats from exploits in lower computing layers such ...
Recent proposals for trusted hardware platforms, such as Intel SGX and the MIT Sanctum processor, of...
Hardware support for isolated execution (such as Intel SGX) enables development of applications that...
Recent developments on hardware-based trusted execution environments, such as the Software Guard Ext...
Hardware-assisted security solutions, and the isolation guarantees they provide, constitute the basi...
Increases in data production and growing demands for more computing power leads to the current trend...
This paper analyzes the vulnerability space arising in Trusted Execution Environments (TEEs) when in...
Trusted hardware primitives such as Intel’s SGX instructions provide applications with a protected a...
Security controls (such as encryption endpoints, payment gateways, and firewalls) rely on correct pr...
Software guard extensions (SGX) allow an application to instantiate within memory a protected contai...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
In today’s world, cloud machines store an ever-increasing amount of sensitive user data, but it rema...
Trusted execution support in modern CPUs, as offered by Intel SGX enclaves , can protect application...
International audienceA variety of applications are executing on a large untrusted computing base, w...
Many applications are built upon private algorithms, and executing them in untrusted, remote enviro...
Security-critical applications constantly face threats from exploits in lower computing layers such ...
Recent proposals for trusted hardware platforms, such as Intel SGX and the MIT Sanctum processor, of...
Hardware support for isolated execution (such as Intel SGX) enables development of applications that...
Recent developments on hardware-based trusted execution environments, such as the Software Guard Ext...
Hardware-assisted security solutions, and the isolation guarantees they provide, constitute the basi...
Increases in data production and growing demands for more computing power leads to the current trend...
This paper analyzes the vulnerability space arising in Trusted Execution Environments (TEEs) when in...
Trusted hardware primitives such as Intel’s SGX instructions provide applications with a protected a...
Security controls (such as encryption endpoints, payment gateways, and firewalls) rely on correct pr...
Software guard extensions (SGX) allow an application to instantiate within memory a protected contai...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
In today’s world, cloud machines store an ever-increasing amount of sensitive user data, but it rema...
Trusted execution support in modern CPUs, as offered by Intel SGX enclaves , can protect application...
International audienceA variety of applications are executing on a large untrusted computing base, w...