sgx-papers
A curated list of system papers using/about Intel SGX. I'll try to keep this list updated. I gladly accept PRs.
We are actively looking for motivated PhD students to join our group in a new FNS project. Get in Touch !
Title | Venue | |
---|---|---|
Using Innovative Instructions to Create Trustworthy Software Solutions | HASP@ISCA'13 | link |
Cooperation and Security Isolation of Library OSes for Multi-Process Applications | EuroSys'14 | link |
Shielding Applications from an Untrusted Cloud with Haven | TOCS'15 | link |
VC3: trustworthy data analytics in the cloud using SGX | S&P'15 | link |
Moat: Verifying Confidentiality of Enclave Programs | CCS'15 | link |
Applying the Trustworthy Remote Entity to Privacy-Preserving Multiparty Computation: Requirements and Criteria for Large-Scale Applications | ATC'16 | link |
Exploring the use of Intel SGX for Secure Many-Party Applications | SysTEX'16 | link |
SCONE: Secure Linux Containers with Intel SGX | OSDI'16 | link |
Ryoan: a distributed sandbox for untrusted computation on secret data. | OSDI'16 | link |
SGX Support for Dynamic Memory Management Inside an Enclave | HASP'16 | link |
Secure Content-Based Routing Using Intel Software Guard Extensions | Middleware'16 | link |
SecureKeeper: Confidential ZooKeeper using Intel SGX | Middleware'16 | link |
AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves | ESORICS'16 | link |
Eleos: ExitLess OS Services for SGX Enclaves | EuroSys'17 | link |
SGXBounds: Memory Safety for Shielded Execution | EuroSys'17 | link |
Hybrids on Steroids: SGX-Based High Performance BFT | EuroSys'17 | link |
PANOPLY: Low-TCB Linux Applications with SGX Enclaves | NDSS'17 | link |
Teechan: Payment Channels Using Trusted Execution Environments | BITCOIN'17 | link |
SGXIO: Generic Trusted I/O Path for Intel SGX | CODASPY'17 | link |
TrustJS: Trusted Client-side Execution of JavaScript | EuroSec'17 | link |
SGX-Log: Securing System Logs With SGX | Asia CCS'17 | link |
Secure Live Migration of SGX Enclaves on Untrusted Cloud | DSN'17 | link |
Rollback and Forking Detection for Trusted Execution Environments using Lightweight Collective Memory | DSN'17 | link |
SecureStreams: Reactive Middleware for Secure Data Stream | DEBS'17 | link |
Regaining Lost Cycles with HotCalls: A Fast Interface for SGX Secure Enclaves | ISCA'17 | link |
Glamdring: Automatic Application Partitioning for Intel SGX | ATC'17 | link |
Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing | Usenix Security'17 | link |
S-NFV: Securing NFV states by using SGX | CODASPY'17 | link |
Enhancing Security and Privacy of Tor's Ecosystem by Using Trusted Execution Environments | NSDI'17 | link |
Securing Data Analytics on SGX With Randomization | ESORICS'17 | link |
Software Grand Exposure: SGX Cache Attacks Are Practical | WooT'17 | link |
Komodo: Using verification to disentangle secure-enclave hardware from software | SOSP'17 | link |
POSTER: Rust SGX SDK: Towards Memory Safety in Intel SGX Enclave | CCS'17 | link |
Iron: Functional Encryption using Intel SGX | CCS'17 | link |
A Formal Foundation for Secure Remote Execution of Enclaves | CCS'17 | link |
SGX-Bomb: Locking Down the Processor via Rowhammer Attack | SysTEX'17 | link |
X-Search: Revisiting Private Web Search using Intel SGX | Middleware'17 | link |
Cache Attacks on Intel SGX | EuroSec'17 | link |
SGXKernel: A Library Operating System Optimized for Intel SGX | CF'17 | link |
Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX | ATC'17 | link |
HardIDX: Practical and Secure Index with SGX | DBSec'17 | link |
Opaque: An Oblivious and Encrypted Distributed Analytics Platform | NSDI'17 | link |
VAULT: Reducing Paging Overheads in SGX with Efficient Integrity Verification Structures | ASPLOS'18 | link |
STANlite - a database engine for secure data processing at rack-scale level | IC2E'18 | link |
EnclaveDB: A Secure Database using SGX | SP'18 | link |
Oblix: An Efficient Oblivious Search Index | S&P'18 | link |
ZeroTrace: Oblivious Memory Primitives from Intel SGX | NDSS'18 | link |
OBLIVIATE: A Data Oblivious Filesystem for Intel SGX | NDSS'18 | link |
EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution | DSN'18 | link |
Troxy: Transparent Access to Byzantine Fault-Tolerant Systems | DSN'18 | link |
LibSEAL: Revealing Service Integrity Violations Using Trusted Execution | EuroSys'18 | link |
PESOS: Policy Enhanced Secure Object Store | EuroSys'18 | link |
Bring the Missing Jigsaw Back: TrustedClock for SGX Enclaves | EuroSec'18 | link |
Migrating SGX Enclaves with Persistent State | DSN'18 | link |
SafeBricks: Shielding Network Functions in the Cloud | NSDI'18 | link |
ShieldBox: Secure Middleboxes using Shielded Execution | SOSR'18 | link |
CYCLOSA: Decentralizing Private Web Search Through SGX-Based Browser Extensions | ICDCS'18 | link |
SGX-Aware Container Orchestration for Heterogeneous Clusters | ICDCS'18 | link |
Varys: Protecting SGX enclaves from practical side-channel attacks | ATC'18 | link |
Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization | SysTEX'18 | link |
Security, Performance and Energy Trade-offs of Hardware-assisted Memory Protection Mechanisms | SRDS'18 | link |
PubSub-SGX: exploiting Trusted Execution Environments for privacy-preserving publish/subscribe systems | SRDS'18 | link |
sgx-perf: A Performance Analysis Tool for Intel SGX Enclaves | Middleware'18 | link |
EActors: Fast and flexible trusted computing using SGX | Middleware'18 | link |
DelegaTEE: Brokered Delegation Using Trusted Execution Environments | USENIX Security'18 | link |
Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution | USENIX Security'18 | link |
Achieving Data Dissemination with Security using FIWARE and Intel Software Guard Extensions (SGX) | ISCC'18 | link |
Scaling Intel® Software Guard Extensions Applications with Intel® SGX Card | HASP@ISCA'19 | link |
A Practical Intel SGX Setting for Linux Containers in the Cloud | CODASPY'19 | link |
Careful-Packing: A Practical and Scalable Anti-Tampering Software Protection enforced by Trusted Computing | CODASPY'19 | link |
Everything you should know about Intel SGX performance on virtualized systems | SIGMETRICS'19 | link |
ShieldStore: Shielded In-memory Key-value Storage with SGX | EuroSys'19 | link |
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware | ICLR'19 | link |
OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX | NDSS‘19 | link |
Trust more, serverless | SysTor'19 | link |
Clemmys: Towards Secure Remote Execution in FaaS | SysTor'19 | link |
Using Trusted Execution Environments for Secure Stream Processing of Medical Data | DAIS'19 | link |
A Hybrid Approach to Secure Function Evaluation using SGX | AsiaCCS'19 | link |
Secured Routines: Language-based Construction of Trusted Execution Environments | ATC'19 | link |
NeXUS: Practical and Secure Access Control on Untrusted Storage Platforms using Client-Side SGX | DSN'19 | link |
Forward and Backward Private Searchable Encryption with SGX | EuroSec'19 | link |
TEE-Perf: A Profiler for Trusted Execution Environments | DSN'19 | link |
SgxPectre Attacks: Stealing Intel Secrets from SGX Enclaves via Speculative Execution | EuroS&P'19 | link |
Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves: Minimised TCB on secret-code execution with Early Private Mode (EPM) | EURASIP Journal on Information Security | link |
BITE: Bitcoin Lightweight Client Privacy using Trusted Execution | SEC'19 | link |
Towards Memory Safe Enclave Programming with Rust-SGX | CCS'19 | link |
A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes | CCS'19 | link |
OPERA: Open Remote Attestation for Intel’s Secure Enclaves | CCS'19 | link |
LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed | CCS'19 | link |
BLOXY: Providing Transparent and Generic BFT-Based Ordering Services for Blockchains | SRDS'19 | link |
AccTEE: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting | Middleware'19 | link |
EnclaveCache: A Secure and Scalable Key-value Cache in Multi-tenant Clouds using Intel SGX | Middleware'19 | link |
PrivaTube: Privacy-Preserving Edge-Assisted Video Streaming | Middleware'19 | link |
Teechain: a secure payment network with asynchronous blockchain access | SOSP'19 | link |
Plundervolt: Software-based Fault Injection Attacks against Intel SGX | Oakland '20 | link |
ObliDB: Oblivious Query Processing using Secure Enclaves | VLDB'19 | link |
CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves | USENIX ATC'19 | link |
Computation on Encrypted Data using Dataflow Authentication | PETS'20 | link |
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution | NDSS'20 | link |
COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX | ASPLOS'20 | link |
Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX | ASPLOS'20 | link |
MPTEE: Bringing Flexible and Efficient Memory Protection to Intel SGX | EuroSys'20 | link |
Autarky: Closing controlled channels with self-paging enclaves | EuroSys'20 | link |
Trust management as a service: Enabling trusted execution in the face of Byzantine stakeholders | DSN'20 | link |
SeGShare: Secure Group File Sharing in the Cloud using Enclaves | DSN'20 | link |
Civet: An Efficient Java Partitioning Framework for Hardware Enclaves | SEC'20 | link |
BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof | SEC'20 | link |
TEEMon: A continuous performance monitoring framework for TEEs | Middleware'20 | link |
secureTF: A Secure TensorFlow Framework | Middleware'20 | link |
Vessels: Efficient and Scalable Deep Learning Prediction on Trusted Processors | SoCC'20 | link |
PROXIMITEE: Hardened SGX Attestation and Trusted Path through Proximity Verification | CODASPY'20 | link |
Towards Formalization of Enhanced Privacy ID (EPID)-based Remote Attestation in Intel SGX | DSD'20 | link |
Formal Foundations for Intel SGX Data Center Attestation Primitives | ICFEM'20 | link |
EnclavePDP: A General Framework to Verify Data Integrity in Cloud Using Intel SGX | RAID'20 | link |
TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA | CCS'20 | link |
Spons & Shields: Practical Isolation for Trusted Execution | VEE'21 | link |
Aria: Tolerating Skewed Workloads in Secure In-memory Key-value Stores | ICDE'21 | link |
TWINE: An Embedded Trusted Runtime for WebAssembly | ICDE'21 | link |
CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs | NDSS'21 | link |
VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface | USENIX Security'21 | link |
SGXoMeter: Open and Modular Benchmarking for Intel SGX | EuroSec'21 | link |
Building enclave-native storage engines for practical encrypted databases | VLDB'21 | link |
MigSGX: A Migration Mechanism for Containers Including SGX Applications | UCC'21 | link |
Accelerating Encrypted Deduplication via SGX | USENIX ATC'21 | link |
SGX-Stream: A Secure Stream Analytics Framework In SGX-enabled Edge Cloud | JISA'23 | link |
SGX Switchless Calls Made Configless | DSN'23 | TBA |
Do you use or are you familiar with Intel SGX? If yes, we’d appreciate you could fill in this anonymous survey, it takes less than 60 seconds https://forms.gle/HdHqXiBdRp98CU6y7
Unpublished, tech-reports, or open-access:
Title | |
---|---|
Intel SGX Explained | link |
A Blockchain Based on Gossip? – a Position Paper | link |
Proof of Luck: an Efficient Blockchain Consensus Protocol | link |
Malware Guard Extension: Using SGX to Conceal Cache Attacks | link |
Blockchain and Trusted Computing: Problems, Pitfalls, and a Solution for Hyperledger Fabric | link |
DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization | link |
Practical Enclave Malware with Intel SGX | link |
Secure Network Interface with SGX | link |
TaLoS: Secure and Transparent TLS Termination inside SGX Enclaves | link |
Practical Enclave Malware with Intel SGX | link |
EncDBDB: Searchable Encrypted, Fast, Compressed, In-Memory Database using Enclaves | link |
HardIDX: Practical and Secure Index with SGX | link |
SGAxe: How SGX Fails in Practice | link |
Secure Processors | Part 1, Part 2 |
Edgar: Offloading Function Execution to the Ultimate Edge | link |