home.social

#trustedexecutionenvironment — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #trustedexecutionenvironment, aggregated by home.social.

  1. @Em0nM4stodon @webhat #Confer sounds like a great step forward on #LLM privacy. But this article does not cover the non-privacy tradeoffs that TEEs introduce, e.g., processing is slower, energy usage is higher, as is water used for cooling, and the inability to train on the user conversations means the LLMs don't improve as fast. Customer support seems like it would be more complicated as well.

    When are these tradeoffs worthwhile? Are users up to choosing?

    #TEE #TrustedExecutionEnvironment

  2. @Em0nM4stodon @webhat #Confer sounds like a great step forward on #LLM privacy. But this article does not cover the non-privacy tradeoffs that TEEs introduce, e.g., processing is slower, energy usage is higher, as is water used for cooling, and the inability to train on the user conversations means the LLMs don't improve as fast. Customer support seems like it would be more complicated as well.

    When are these tradeoffs worthwhile? Are users up to choosing?

    #TEE #TrustedExecutionEnvironment

  3. @Em0nM4stodon @webhat #Confer sounds like a great step forward on #LLM privacy. But this article does not cover the non-privacy tradeoffs that TEEs introduce, e.g., processing is slower, energy usage is higher, as is water used for cooling, and the inability to train on the user conversations means the LLMs don't improve as fast. Customer support seems like it would be more complicated as well.

    When are these tradeoffs worthwhile? Are users up to choosing?

    #TEE #TrustedExecutionEnvironment

  4. @Em0nM4stodon @webhat #Confer sounds like a great step forward on #LLM privacy. But this article does not cover the non-privacy tradeoffs that TEEs introduce, e.g., processing is slower, energy usage is higher, as is water used for cooling, and the inability to train on the user conversations means the LLMs don't improve as fast. Customer support seems like it would be more complicated as well.

    When are these tradeoffs worthwhile? Are users up to choosing?

    #TEE #TrustedExecutionEnvironment

  5. @Em0nM4stodon @webhat #Confer sounds like a great step forward on #LLM privacy. But this article does not cover the non-privacy tradeoffs that TEEs introduce, e.g., processing is slower, energy usage is higher, as is water used for cooling, and the inability to train on the user conversations means the LLMs don't improve as fast. Customer support seems like it would be more complicated as well.

    When are these tradeoffs worthwhile? Are users up to choosing?

    #TEE #TrustedExecutionEnvironment

  6. CW: research review

    Today we have two papers from #arXiv and one blog post which is a departure from my usual standard but I feel is interesting for the questions it raises.

    * "No One-Size-Fits-All Approach To RISC-V Processor Optimization" - a Semiconductor Engineering "Systems & Design" blog post,

    * "ACAI: Extending Arm Confidential Computing Architecture Protection from CPUs to Accelerators"

    * "To Signal or Not to Signal? Layering Traffic Analysis Resistance on Secure Instant Messaging" - an update to a 2022 paper which I had thought interesting (deals with metadata information leakage)

    #arXiv #ResearchPapers #SemiconductorEngineering #RISCV #Arm #Signal #Privacy #Metadata #ConfidentialComputing #TEE #TrustedExecutionEnvironment

  7. CW: research review

    Today we have two papers from #arXiv and one blog post which is a departure from my usual standard but I feel is interesting for the questions it raises.

    * "No One-Size-Fits-All Approach To RISC-V Processor Optimization" - a Semiconductor Engineering "Systems & Design" blog post,

    * "ACAI: Extending Arm Confidential Computing Architecture Protection from CPUs to Accelerators"

    * "To Signal or Not to Signal? Layering Traffic Analysis Resistance on Secure Instant Messaging" - an update to a 2022 paper which I had thought interesting (deals with metadata information leakage)

    #arXiv #ResearchPapers #SemiconductorEngineering #RISCV #Arm #Signal #Privacy #Metadata #ConfidentialComputing #TEE #TrustedExecutionEnvironment

  8. CW: research review

    Today we have two papers from #arXiv and one blog post which is a departure from my usual standard but I feel is interesting for the questions it raises.

    * "No One-Size-Fits-All Approach To RISC-V Processor Optimization" - a Semiconductor Engineering "Systems & Design" blog post,

    * "ACAI: Extending Arm Confidential Computing Architecture Protection from CPUs to Accelerators"

    * "To Signal or Not to Signal? Layering Traffic Analysis Resistance on Secure Instant Messaging" - an update to a 2022 paper which I had thought interesting (deals with metadata information leakage)

    #arXiv #ResearchPapers #SemiconductorEngineering #RISCV #Arm #Signal #Privacy #Metadata #ConfidentialComputing #TEE #TrustedExecutionEnvironment

  9. CW: research review

    Today we have two papers from #arXiv and one blog post which is a departure from my usual standard but I feel is interesting for the questions it raises.

    * "No One-Size-Fits-All Approach To RISC-V Processor Optimization" - a Semiconductor Engineering "Systems & Design" blog post,

    * "ACAI: Extending Arm Confidential Computing Architecture Protection from CPUs to Accelerators"

    * "To Signal or Not to Signal? Layering Traffic Analysis Resistance on Secure Instant Messaging" - an update to a 2022 paper which I had thought interesting (deals with metadata information leakage)

    #arXiv #ResearchPapers #SemiconductorEngineering #RISCV #Arm #Signal #Privacy #Metadata #ConfidentialComputing #TEE #TrustedExecutionEnvironment

  10. CW: research review

    Today we have two papers from #arXiv and one blog post which is a departure from my usual standard but I feel is interesting for the questions it raises.

    * "No One-Size-Fits-All Approach To RISC-V Processor Optimization" - a Semiconductor Engineering "Systems & Design" blog post,

    * "ACAI: Extending Arm Confidential Computing Architecture Protection from CPUs to Accelerators"

    * "To Signal or Not to Signal? Layering Traffic Analysis Resistance on Secure Instant Messaging" - an update to a 2022 paper which I had thought interesting (deals with metadata information leakage)

    #arXiv #ResearchPapers #SemiconductorEngineering #RISCV #Arm #Signal #Privacy #Metadata #ConfidentialComputing #TEE #TrustedExecutionEnvironment

  11. CW: research review

    M. Johnson et al., "COCOAEXPO: Confidential Containers via Attested Execution Policies"¹

    Container-based technologies empower cloud tenants to develop highly portable software and deploy services in the cloud at a rapid pace. Cloud privacy, meanwhile, is important as a large number of container deployments operate on privacy-sensitive data, but challenging due to the increasing frequency and sophistication of attacks. State-of-the-art confidential container-based designs leverage process-based trusted execution environments (TEEs), but face security and compatibility issues that limits their practical deployment.
    We propose COCOAEXPO, an architecture that provides lift-and-shift deployment of unmodified containers while providing strong security protection against a powerful attacker who controls the untrusted host and hypervisor. COCOAEXPO leverages VM-level isolation to execute a container group within a unique VM-based TEE. Besides container integrity and user data confidentiality and integrity, COCOAEXPO also offers container attestation and execution integrity based on an attested execution policy. COCOAEXPO execution policies provide an inductive proof over all future states of the container group. This proof, which is established during initialization, forms a root of trust that can be used for secure operations within the container group without requiring any modifications of the containerized workflow itself (aside from the inclusion of the execution policy.)
    We evaluate COCOAEXPO on AMD SEV-SNP processors by running a diverse set of workloads demonstrating that workflows exhibit 0-26% additional overhead in performance over running outside the enclave, with a mean 13% overhead on SPEC2017, while requiring no modifications to their program code. Adding execution policies introduces less than 1% additional overhead.

    #arXiv #ResearchPapers #Containers #AMD #SEV #TEE #TrustedExecutionEnvironment
    __
    ¹ arxiv.org/abs/2302.03976

  12. CW: research review

    M. Johnson et al., "COCOAEXPO: Confidential Containers via Attested Execution Policies"¹

    Container-based technologies empower cloud tenants to develop highly portable software and deploy services in the cloud at a rapid pace. Cloud privacy, meanwhile, is important as a large number of container deployments operate on privacy-sensitive data, but challenging due to the increasing frequency and sophistication of attacks. State-of-the-art confidential container-based designs leverage process-based trusted execution environments (TEEs), but face security and compatibility issues that limits their practical deployment.
    We propose COCOAEXPO, an architecture that provides lift-and-shift deployment of unmodified containers while providing strong security protection against a powerful attacker who controls the untrusted host and hypervisor. COCOAEXPO leverages VM-level isolation to execute a container group within a unique VM-based TEE. Besides container integrity and user data confidentiality and integrity, COCOAEXPO also offers container attestation and execution integrity based on an attested execution policy. COCOAEXPO execution policies provide an inductive proof over all future states of the container group. This proof, which is established during initialization, forms a root of trust that can be used for secure operations within the container group without requiring any modifications of the containerized workflow itself (aside from the inclusion of the execution policy.)
    We evaluate COCOAEXPO on AMD SEV-SNP processors by running a diverse set of workloads demonstrating that workflows exhibit 0-26% additional overhead in performance over running outside the enclave, with a mean 13% overhead on SPEC2017, while requiring no modifications to their program code. Adding execution policies introduces less than 1% additional overhead.

    #arXiv #ResearchPapers #Containers #AMD #SEV #TEE #TrustedExecutionEnvironment
    __
    ¹ arxiv.org/abs/2302.03976

  13. CW: research review

    M. Johnson et al., "COCOAEXPO: Confidential Containers via Attested Execution Policies"¹

    Container-based technologies empower cloud tenants to develop highly portable software and deploy services in the cloud at a rapid pace. Cloud privacy, meanwhile, is important as a large number of container deployments operate on privacy-sensitive data, but challenging due to the increasing frequency and sophistication of attacks. State-of-the-art confidential container-based designs leverage process-based trusted execution environments (TEEs), but face security and compatibility issues that limits their practical deployment.
    We propose COCOAEXPO, an architecture that provides lift-and-shift deployment of unmodified containers while providing strong security protection against a powerful attacker who controls the untrusted host and hypervisor. COCOAEXPO leverages VM-level isolation to execute a container group within a unique VM-based TEE. Besides container integrity and user data confidentiality and integrity, COCOAEXPO also offers container attestation and execution integrity based on an attested execution policy. COCOAEXPO execution policies provide an inductive proof over all future states of the container group. This proof, which is established during initialization, forms a root of trust that can be used for secure operations within the container group without requiring any modifications of the containerized workflow itself (aside from the inclusion of the execution policy.)
    We evaluate COCOAEXPO on AMD SEV-SNP processors by running a diverse set of workloads demonstrating that workflows exhibit 0-26% additional overhead in performance over running outside the enclave, with a mean 13% overhead on SPEC2017, while requiring no modifications to their program code. Adding execution policies introduces less than 1% additional overhead.

    #arXiv #ResearchPapers #Containers #AMD #SEV #TEE #TrustedExecutionEnvironment
    __
    ¹ arxiv.org/abs/2302.03976

  14. CW: research review

    M. Johnson et al., "COCOAEXPO: Confidential Containers via Attested Execution Policies"¹

    Container-based technologies empower cloud tenants to develop highly portable software and deploy services in the cloud at a rapid pace. Cloud privacy, meanwhile, is important as a large number of container deployments operate on privacy-sensitive data, but challenging due to the increasing frequency and sophistication of attacks. State-of-the-art confidential container-based designs leverage process-based trusted execution environments (TEEs), but face security and compatibility issues that limits their practical deployment.
    We propose COCOAEXPO, an architecture that provides lift-and-shift deployment of unmodified containers while providing strong security protection against a powerful attacker who controls the untrusted host and hypervisor. COCOAEXPO leverages VM-level isolation to execute a container group within a unique VM-based TEE. Besides container integrity and user data confidentiality and integrity, COCOAEXPO also offers container attestation and execution integrity based on an attested execution policy. COCOAEXPO execution policies provide an inductive proof over all future states of the container group. This proof, which is established during initialization, forms a root of trust that can be used for secure operations within the container group without requiring any modifications of the containerized workflow itself (aside from the inclusion of the execution policy.)
    We evaluate COCOAEXPO on AMD SEV-SNP processors by running a diverse set of workloads demonstrating that workflows exhibit 0-26% additional overhead in performance over running outside the enclave, with a mean 13% overhead on SPEC2017, while requiring no modifications to their program code. Adding execution policies introduces less than 1% additional overhead.

    #arXiv #ResearchPapers #Containers #AMD #SEV #TEE #TrustedExecutionEnvironment
    __
    ¹ arxiv.org/abs/2302.03976

  15. CW: research review

    A.-T. Le et al., "A cross-process Spectre attack via cache on RISC-V processor with trusted execution environment"¹

    The trust execution environment (TEE) provides a safe region, also known as a secret enclave, for executing private programs that need protection. This work proposed a cross-process exploitation scheme for conducting the cache side-channel attack, Spectre, on RISC-V processors with a trust execution environment. Practical experiments are provided to verify the protected enclave’s security on RISC-V processors with the TEE. In these experiments, the attacker and victim do not share the same address space as in known implementations but are executed in separate processes. The experimental results show that initial leakage information from the cache memory can be recorded. To the best of our knowledge, no prior research has been conducted on the Spectre attack against RISC-V’s TEE. This implementation will be a critical component for extending further cache side-channel experiments on the security of RISC-V processors.

    #ResearchPapers #RISCV #TEE #TrustedExecutionEnvironment #Spectre #NotJamesBondSpectre

    __
    ¹ sciencedirect.com/science/arti

  16. CW: research review

    A.-T. Le et al., "A cross-process Spectre attack via cache on RISC-V processor with trusted execution environment"¹

    The trust execution environment (TEE) provides a safe region, also known as a secret enclave, for executing private programs that need protection. This work proposed a cross-process exploitation scheme for conducting the cache side-channel attack, Spectre, on RISC-V processors with a trust execution environment. Practical experiments are provided to verify the protected enclave’s security on RISC-V processors with the TEE. In these experiments, the attacker and victim do not share the same address space as in known implementations but are executed in separate processes. The experimental results show that initial leakage information from the cache memory can be recorded. To the best of our knowledge, no prior research has been conducted on the Spectre attack against RISC-V’s TEE. This implementation will be a critical component for extending further cache side-channel experiments on the security of RISC-V processors.

    #ResearchPapers #RISCV #TEE #TrustedExecutionEnvironment #Spectre #NotJamesBondSpectre

    __
    ¹ sciencedirect.com/science/arti

  17. CW: research review

    A.-T. Le et al., "A cross-process Spectre attack via cache on RISC-V processor with trusted execution environment"¹

    The trust execution environment (TEE) provides a safe region, also known as a secret enclave, for executing private programs that need protection. This work proposed a cross-process exploitation scheme for conducting the cache side-channel attack, Spectre, on RISC-V processors with a trust execution environment. Practical experiments are provided to verify the protected enclave’s security on RISC-V processors with the TEE. In these experiments, the attacker and victim do not share the same address space as in known implementations but are executed in separate processes. The experimental results show that initial leakage information from the cache memory can be recorded. To the best of our knowledge, no prior research has been conducted on the Spectre attack against RISC-V’s TEE. This implementation will be a critical component for extending further cache side-channel experiments on the security of RISC-V processors.

    #ResearchPapers #RISCV #TEE #TrustedExecutionEnvironment #Spectre #NotJamesBondSpectre

    __
    ¹ sciencedirect.com/science/arti

  18. CW: research review

    A.-T. Le et al., "A cross-process Spectre attack via cache on RISC-V processor with trusted execution environment"¹

    The trust execution environment (TEE) provides a safe region, also known as a secret enclave, for executing private programs that need protection. This work proposed a cross-process exploitation scheme for conducting the cache side-channel attack, Spectre, on RISC-V processors with a trust execution environment. Practical experiments are provided to verify the protected enclave’s security on RISC-V processors with the TEE. In these experiments, the attacker and victim do not share the same address space as in known implementations but are executed in separate processes. The experimental results show that initial leakage information from the cache memory can be recorded. To the best of our knowledge, no prior research has been conducted on the Spectre attack against RISC-V’s TEE. This implementation will be a critical component for extending further cache side-channel experiments on the security of RISC-V processors.

    #ResearchPapers #RISCV #TEE #TrustedExecutionEnvironment #Spectre #NotJamesBondSpectre

    __
    ¹ sciencedirect.com/science/arti

  19. CW: research review

    A.-T. Le et al., "A cross-process Spectre attack via cache on RISC-V processor with trusted execution environment"¹

    The trust execution environment (TEE) provides a safe region, also known as a secret enclave, for executing private programs that need protection. This work proposed a cross-process exploitation scheme for conducting the cache side-channel attack, Spectre, on RISC-V processors with a trust execution environment. Practical experiments are provided to verify the protected enclave’s security on RISC-V processors with the TEE. In these experiments, the attacker and victim do not share the same address space as in known implementations but are executed in separate processes. The experimental results show that initial leakage information from the cache memory can be recorded. To the best of our knowledge, no prior research has been conducted on the Spectre attack against RISC-V’s TEE. This implementation will be a critical component for extending further cache side-channel experiments on the security of RISC-V processors.

    #ResearchPapers #RISCV #TEE #TrustedExecutionEnvironment #Spectre #NotJamesBondSpectre

    __
    ¹ sciencedirect.com/science/arti

  20. CW: arXiv review

    V. Ushakov et al., "Trusted Hart for Mobile RISC-V Security"¹

    The majority of mobile devices today are based on Arm architecture that supports the hosting of trusted applications in Trusted Execution Environment (TEE). RISC-V is a relatively new open-source instruction set architecture that was engineered to fit many uses. In one potential RISC-V usage scenario, mobile devices could be based on RISC-V hardware.
    We consider the implications of porting the mobile security stack on top of a RISC-V system on a chip, identify the gaps in the open-source Keystone framework for building custom TEEs, and propose a security architecture that, among other things, supports the GlobalPlatform TEE API specification for trusted applications. In addition to Keystone enclaves the architecture includes a Trusted Hart -- a normal core that runs a trusted operating system and is dedicated for security functions, like control of the device's keystore and the management of secure peripherals.
    The proposed security architecture for RISC-V platform is verified experimentally using the HiFive Unleashed RISC-V development board.

    #arXiv #researchpapers #RISC-V #TrustedExecutionEnvironment

    __
    ¹ arxiv.org/abs/2211.10299

  21. CW: arXiv review

    V. Ushakov et al., "Trusted Hart for Mobile RISC-V Security"¹

    The majority of mobile devices today are based on Arm architecture that supports the hosting of trusted applications in Trusted Execution Environment (TEE). RISC-V is a relatively new open-source instruction set architecture that was engineered to fit many uses. In one potential RISC-V usage scenario, mobile devices could be based on RISC-V hardware.
    We consider the implications of porting the mobile security stack on top of a RISC-V system on a chip, identify the gaps in the open-source Keystone framework for building custom TEEs, and propose a security architecture that, among other things, supports the GlobalPlatform TEE API specification for trusted applications. In addition to Keystone enclaves the architecture includes a Trusted Hart -- a normal core that runs a trusted operating system and is dedicated for security functions, like control of the device's keystore and the management of secure peripherals.
    The proposed security architecture for RISC-V platform is verified experimentally using the HiFive Unleashed RISC-V development board.

    #arXiv #researchpapers #RISC-V #TrustedExecutionEnvironment

    __
    ¹ arxiv.org/abs/2211.10299

  22. CW: arXiv review

    V. Ushakov et al., "Trusted Hart for Mobile RISC-V Security"¹

    The majority of mobile devices today are based on Arm architecture that supports the hosting of trusted applications in Trusted Execution Environment (TEE). RISC-V is a relatively new open-source instruction set architecture that was engineered to fit many uses. In one potential RISC-V usage scenario, mobile devices could be based on RISC-V hardware.
    We consider the implications of porting the mobile security stack on top of a RISC-V system on a chip, identify the gaps in the open-source Keystone framework for building custom TEEs, and propose a security architecture that, among other things, supports the GlobalPlatform TEE API specification for trusted applications. In addition to Keystone enclaves the architecture includes a Trusted Hart -- a normal core that runs a trusted operating system and is dedicated for security functions, like control of the device's keystore and the management of secure peripherals.
    The proposed security architecture for RISC-V platform is verified experimentally using the HiFive Unleashed RISC-V development board.

    #arXiv #researchpapers #RISC-V #TrustedExecutionEnvironment

    __
    ¹ arxiv.org/abs/2211.10299

  23. CW: arXiv review

    V. Ushakov et al., "Trusted Hart for Mobile RISC-V Security"¹

    The majority of mobile devices today are based on Arm architecture that supports the hosting of trusted applications in Trusted Execution Environment (TEE). RISC-V is a relatively new open-source instruction set architecture that was engineered to fit many uses. In one potential RISC-V usage scenario, mobile devices could be based on RISC-V hardware.
    We consider the implications of porting the mobile security stack on top of a RISC-V system on a chip, identify the gaps in the open-source Keystone framework for building custom TEEs, and propose a security architecture that, among other things, supports the GlobalPlatform TEE API specification for trusted applications. In addition to Keystone enclaves the architecture includes a Trusted Hart -- a normal core that runs a trusted operating system and is dedicated for security functions, like control of the device's keystore and the management of secure peripherals.
    The proposed security architecture for RISC-V platform is verified experimentally using the HiFive Unleashed RISC-V development board.

    #arXiv #researchpapers #RISC-V #TrustedExecutionEnvironment

    __
    ¹ arxiv.org/abs/2211.10299

  24. Einbrecher haben bei Samsung Quellcode entwendet. Zudem patzte der Hersteller bei Kryptografie in der Trusted Execution Environment von Flaggschiff-Smartphones.
    Sicherheitsprobleme bei Samsung: Quellcode geklaut, unsichere Kryptografie
  25. Einbrecher haben bei Samsung Quellcode entwendet. Zudem patzte der Hersteller bei Kryptografie in der Trusted Execution Environment von Flaggschiff-Smartphones.
    Sicherheitsprobleme bei Samsung: Quellcode geklaut, unsichere Kryptografie
  26. CCA-Funktionen schützen Daten im RAM von Servern, Smartphones und Computern selbst vor dem Admin; CCA zielt auf Cloud-Rechenzentren, aber auch Endgeräte. ARM Confidential Compute Architecture: Details zur ARMv9-CCA