TEE Solutions
Industry solutions
Embedded systems solutions
- Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base (Security 2013) [pdf]
- TyTAN: tiny trust anchor for tiny devices (DAC 2015) [pdf]
- Trustlite: A security architecture for tiny embedded devices (EuroSys 2014) [pdf]
- Timber-V: Tag-isolated memory bringing fine-grained enclaves to RISC-V (NDSS 2019) [pdf]
Academic solutions
- Sanctum: Minimal hardware extensions for strong software isolation (Security 2016) (RISC-V) [pdf]
- Sanctuary: Arming TrustZone with user-space enclaves (NDSS 2019) [pdf]
- Keystone: A framework for architecting tees (EuroSys 2019) (RISC-V) [link][pdf]
- Hex-Five Security: MultiZone Security for RISC-V [link] Free and Open Standard API [pdf]
- Penglai Enclave: Open-sourced secure and scalable TEE system for RISC-V [link] [pdf]
- CURE: A Security Architecture with CUstomizable and Resilient Enclaves (Usenix Security 2021) [pdf]
- Rust SGX SDK [link]
- WolfSSL with Intel SGX [link]
- Fortanix - Data-first Multicloud Security [link] [video]
TEE: Software Modernization for Intel SGX
- Shielding Applications from an Untrusted Cloud with Haven (OSDI 2014) [pdf]
- SCONE: Secure Linux Containers with Intel SGX (OSDI 2016) [link] [website] [link]
- Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX (ATC 2017) [pdf] [GitHub]
- PANOPLY: Low-TCB Linux Applications with SGX Enclaves (NDSS 2017) [pdf]
- Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX (ASPLOS 2020) [pdf] [GitHub] [link]
- An Evaluation of Methods to Port Legacy Code to SGX Enclaves (FSE 2020) [pdf]
- CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs. (NDSS 2021) [pdf]
TEE: Applications
- Running Language Interpreters Inside SGX: A Lightweight, Legacy-Compatible Script Code Hardening Approach (AsiaCCS 2019) [pdf]
- TWINE: An Embedded Trusted Runtime for WebAssembly (ICDE 2021) [pdf]
Attestation Services
- OPERA: Open Remote Attestation for Intel’s Secure Enclaves (CCS 2019) [pdf]
- Insecure Until Proven Updated: Analyzing AMD SEV's Remote Attestation (CCS 2019)[pdf]
Attacks on CPU
- Practical Timing Side-Channel Attacks against Kernel Space ASLR (S&P 2013) [pdf]
- FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack (Security 2014) [link] [pdf]
- Last-Level Cache Side-Channel Attacks are Practical (S&P 2015) [link] [pdf]
- Meltdown: Reading Kernel Memory from User Space (Security 2018) [link] [pdf]
- Spectre Attacks: Exploiting Speculative Execution (S&P 2019) [pdf]
Attacks on SGX
- IAGO Attacks: Why the System CallAPI is a Bad Untrusted RPC Interface (ASPLOS 2013) [pdf]
- SGXIO: Generic Trusted I/O Path for Intel SGX (CODASPY 2017) [pdf]
- Software Grand Exposure: SGX Cache Attacks Are Practical (WOOT 2017) [pdf]
- Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution (Security 2018) [link]
- SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution (EuroS&P 2019) [pdf]
- A Survey of Published Attacks on Intel SGX (arxiv 2020) [pdf]
Attacks on SEV
- SEVered: Subverting AMD’s Virtual Machine Encryption (EuroSec 2018) [pdf] [link]
- CVE-2019-9836 [report] [link] [NVD]
- SEVerity: Code Injection Attacks against Encrypted Virtual Machines (WOOT 2021) [pdf]
- undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation (WOOT 2021) [pdf]
Fuzzing
- The Art, Science, and Engineering of Fuzzing: A Survey (TSE 2018) [pdf]
- A Systematic Review of Fuzzing Techniques (Computers & Security, 2018) [link] [pdf]
- IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing (NDSS 2018) [pdf]
- Fuzzing Intel SGX Enclaves (KUL, 2019) [Github] [Thesis]
- Emilia: Catching Iago in Legacy Code (NDSS 2021) [pdf]
Source Code Security
- How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories (NDSS 2019) [pdf]
Secure Multiparty Computation
- A Pragmatic Introduction to Secure Multi-Party Computation (NOW Publishers, 2021) [pdf]
Hardware Supported Functional Encryption
- Functional Encryption: Definitions and Challenges (TCC 2011) [pdf]
- HOP: Hardware makes Obfuscation Practical (NDSS 2017) [link]
- IRON: Functional Encryption using Intel SGX (CCS 2017) [link] [pdf] [slides]
Indistinguishable Obfuscation
- Candidate Indistinguishability Obfuscation and Functional Encryption for all circuits (FOCS 2013) [link] [pdf]
- Indistinguishability Obfuscation from Well-Founded Assumptions (STOC 2021) [link] [pdf] [report]