Affiliation:
1. Microsoft Research, Redmond, WA
Abstract
Today’s cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider’s staff and its globally distributed software/hardware platform not to expose any of their private data.
We introduce the notion of shielded execution, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (i.e., the cloud operator’s OS, VM, and firmware). Our prototype, Haven, is the first system to achieve shielded execution of unmodified legacy applications, including SQL Server and Apache, on a commodity OS (Windows) and commodity hardware. Haven leverages the hardware protection of Intel SGX to defend against privileged code and physical attacks such as memory probes, and also addresses the dual challenges of executing unmodified legacy binaries and protecting them from a malicious host. This work motivated recent changes in the SGX specification.
Publisher
Association for Computing Machinery (ACM)
Reference68 articles.
1. Scheduler activations
2. ARM Limited. 2009. Building a Secure System Using TrustZone Technology. Ref. PRD29-GENC-009492C. ARM Limited. ARM Limited. 2009. Building a Secure System Using TrustZone Technology. Ref. PRD29-GENC-009492C. ARM Limited.
Cited by
355 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Efficient and anonymous password-hardened encryption services;Information Sciences;2024-01
2. Evaluating the applicability of hardware trust anchors for automotive applications;Computers & Security;2023-12
3. eSilo: Making Silo Secure with SGX;2023 Eleventh International Symposium on Computing and Networking (CANDAR);2023-11-28
4. Building GPU TEEs using CPU Secure Enclaves with GEVisor;Proceedings of the 2023 ACM Symposium on Cloud Computing;2023-10-30
5. Dynamic Linkers Are the Narrow Waist of Operating Systems;Proceedings of the 12th Workshop on Programming Languages and Operating Systems;2023-10-23