English
Related papers

Related papers: Insecure Until Proven Updated: Analyzing AMD SEV's…

200 papers

Confidential computing in the public cloud intends to safeguard workload privacy while outsourcing infrastructure management to a cloud provider. This is achieved by executing customer workloads within so called Trusted Execution…

Attestation is a fundamental building block to establish trust over software systems. When used in conjunction with trusted execution environments, it guarantees that genuine code is executed even when facing strong attackers, paving the…

Cryptography and Security · Computer Science 2022-04-19 Jämes Ménétrey , Christian Göttel , Marcelo Pasin , Pascal Felber , Valerio Schiavoni

Confidential Virtual Machines (CVMs) provide isolation guarantees for data in use, but their threat model does not include physical level protection and side-channel attacks. Therefore, current deployments rely on trusted cloud providers to…

Cryptography and Security · Computer Science 2025-06-19 Filip Rezabek , Jonathan Passerat-Palmbach , Moe Mahhouk , Frieder Erdmann , Andrew Miller

AMD SEV-SNP offers VM-level trusted execution environments (TEEs) to protect the confidentiality and integrity for sensitive cloud workloads from untrusted hypervisor controlled by the cloud provider. AMD introduced a new exception, #VC, to…

Cryptography and Security · Computer Science 2024-04-05 Benedict Schlüter , Supraja Sridhara , Andrin Bertschi , Shweta Shinde

In this work we present the Secure Machine, SeM for short, a CPU architecture extension for secure computing. SeM uses a small amount of in-chip additional hardware that monitors key communication channels inside the CPU chip, and only acts…

Cryptography and Security · Computer Science 2018-03-13 Ofir Shwartz , Yitzhak Birk

Remote attestation is one of the ways to verify the state of an untrusted device. Earlier research has attempted remote verification of a devices' state using hardware, software, or hybrid approaches. Majority of them have used Attestation…

Cryptography and Security · Computer Science 2021-01-19 Avani Dave , Monty Wiseman , David Safford

Integrity is critical for maintaining system security, as it ensures that only genuine software is loaded onto a machine. Although confidential virtual machines (CVMs) function within isolated environments separate from the host, it is…

Cryptography and Security · Computer Science 2024-10-25 Wenhao Wang , Linke Song , Benshan Mei , Shuang Liu , Shijun Zhao , Shoumeng Yan , XiaoFeng Wang , Dan Meng , Rui Hou

The ever increasing popularity and availability of Trusted Execution Environments (TEEs) had a stark influence on microarchitectural attack research in academia, as their strong attacker model both boosts existing attack vectors and…

Cryptography and Security · Computer Science 2023-07-28 Luca Wilke , Jan Wichelmann , Anja Rabich , Thomas Eisenbarth

Attestation is a fundamental building block to establish trust over software systems. When used in conjunction with trusted execution environments, it guarantees the genuineness of the code executed against powerful attackers and threats,…

Cryptography and Security · Computer Science 2022-09-26 Jämes Ménétrey , Christian Göttel , Anum Khurshid , Marcelo Pasin , Pascal Felber , Valerio Schiavoni , Shahid Raza

Confidential Virtual Machines (CVMs) are increasingly adopted to protect sensitive workloads from privileged adversaries such as the hypervisor. While they provide strong isolation guarantees, existing CVM architectures lack first-class…

Cryptography and Security · Computer Science 2026-05-07 Sina Abdollahi , Amir Al Sadi , David Kotz , Marios Kogias , Hamed Haddadi

Hardware-secured remote attestation is essential to establishing trust in the integrity of confidential virtual machines (cVMs), but is difficult to use in practice because verifying attestation evidence requires the use of…

Cryptography and Security · Computer Science 2026-05-01 Parsa Sadri Sinaki , Zainab Ahmad , Wentao Xie , Merlijn Sebrechts , Jimmy Kjällman , Lachlan J. Gunn

Trust is of paramount concern for tenants to deploy their security-sensitive services in the cloud. The integrity of VMs in which these services are deployed needs to be ensured even in the presence of powerful adversaries with…

Cryptography and Security · Computer Science 2021-07-07 Wojciech Ozga , Do Le Quoc , Christof Fetzer

Attestation is a strong tool to verify the integrity of an untrusted system. However, in recent years, different attacks have appeared that are able to mislead the attestation process with treacherous practices as memory copy, proxy, and…

Cryptography and Security · Computer Science 2021-10-05 Ignacio M. Delgado-Lozano , Macarena C. Martínez-Rodríguez , Alexandros Bakas , Billy Bob Brumley , Antonis Michalas

Isolation is a long-standing challenge of software security. Traditional privilege rings and virtual memory are more and more augmented with concepts such as capabilities, protection keys, and powerful enclaves. At the same time, we are…

Cryptography and Security · Computer Science 2021-05-10 Stefan Steinegger , David Schrammel , Samuel Weiser , Pascal Nasahl , Stefan Mangard

Over the last years, security kernels have played a promising role in reshaping the landscape of platform security on today's ubiquitous embedded devices. Security kernels, such as separation kernels, enable constructing high-assurance…

Cryptography and Security · Computer Science 2020-05-07 Hamed Nemati

We propose a protocol that explores a synergy between two TEE implementations: it brings SGX-like remote attestation to SEV VMs. We use the notion of a \emph{trusted guest owner}, implemented as an SGX enclave, to deploy, attest, and…

Cryptography and Security · Computer Science 2023-05-17 Pedro Antonino , Ante Derek , Wojciech Aleksander Wołoszyn

Confidential computing is a key technology for isolating high-assurance applications from the large amounts of untrusted code typical in modern systems. Existing confidential computing systems cannot be certified for use in critical…

Cryptography and Security · Computer Science 2023-11-02 Wojciech Ozga , Guerney D. H. Hunt , Michael V. Le , Elaine R. Palmer , Avraham Shinnar

Remote attestation schemes have been utilized for assuring the integrity of a network node to a remote verifier. In recent years, a number of remote attestation schemes have been proposed for various contexts such as cloud computing,…

Cryptography and Security · Computer Science 2020-07-20 Ioannis Sfyrakis , Thomas Gross

Hardware-enclaves that target complex CPU designs compromise both security and performance. Programs have little control over micro-architecture, which leads to side-channel leaks, and then have to be transformed to have worst-case control-…

Cryptography and Security · Computer Science 2020-07-16 Sarbartha Banerjee , Prakash Ramrakhyani , Shijia Wei , Mohit Tiwari

Increasing system-on-chip (SoC) heterogeneity, deep hardware/software integration, and the proliferation of third-party intellectual property (IP) have brought security validation to the forefront of semiconductor design. While simulation…

Cryptography and Security · Computer Science 2026-04-17 Tanvir Rahman , Shuvagata Saha , Ahmed Y. Alhurubi , Sujan Kumar Saha , Farimah Farahmandi , Mark Tehranipoor