Intel SGX, a new security capability in emerging CPUs, allows user-level application code to
execute in hardwareisolated enclaves. Enclave memory is isolated from all other software …

New hardware primitives such as Intel SGX secure a user-level process in presence of an
untrusted or compromised OS. Such" enclaved execution" systems are vulnerable to several …

Recent research on transient execution vulnerabilities shows that current processors exceed
our levels of understanding. The prominent Meltdown and Spectre attacks abruptly revealed …

The growing complexity of modern computing platforms and the need for strong isolation
protections among their software components has led to the increased adoption of Trusted …

New big-data analysis platforms can enable distributed computation on encrypted data by
utilizing trusted computing primitives available in commodity server hardware. We study …

Trusted execution environments (TEEs) isolate user-space applications into secure
enclaves without trusting the OS. Existing TEE memory models are rigid — they do …

Protected-module architectures (PMAs) have been proposed to provide strong isolation
guarantees, even on top of a compromised system. Unfortunately, Intel SGX--the only …

New trusted computing primitives such as Intel SGX have shown the feasibility of running
user-level applications in enclaves on a commodity trusted processor without trusting a large …

Enclaves, such as those enabled by Intel SGX, offer a hardware primitive for shielding user-
level applications from the OS. While enclaves are a useful starting point, code running in …

Privilege separation is a widely used technique to secure complex software systems. With
privilege separation, software components are divided into several partitions and these …