The recent development of Trusted Execution Environment has brought unprecedented
opportunities for confidential computing within cloud-based systems. Among various popular …

Least-privilege separation decomposes applications into compartments limited to accessing
only what they need. When compartmentalizing existing software, many approaches neglect …

In the face of escalating security threats in modern computing systems, there is an urgent
need for comprehensive defense mechanisms that can effectively mitigate invasive …

密文检索技术旨在提供密态数据查询服务, 提高密文数据的可用性. 但目前大多数机制仍存在
不同程度的额外信息泄露, 容易被攻击者捕获用于恢复明文信息与查询条件 …

Serverless computing platforms rely on fast container initialization to provide low latency and
high throughput for requests. While hardware enforced trusted execution environments …

Decomposing large systems into smaller components with limited privileges has long been
recognized as an effective means to minimize the impact of exploits. Despite historical roots …

Memory Protection Keys (MPK) offers per-thread memory protection with an affordable
overhead, prompting many new studies. With protection key extension, MPK provides more …

Confidential cloud computing enables cloud tenants to distrust their service provider.
Achieving confidential computing solutions that provide concrete security guarantees …

Confidential virtual machines (CVMs), while providing strong data privacy for cloud tenants,
pose significant challenges to VM maintenance like live migration and snapshotting …

Isolation is a critical mechanism for enhancing the security of computer systems. By
controlling the access privileges of software and hardware resources, isolation mechanisms …