Abstract
With organizational data practices coming under increasing scrutiny, demand is growing for mechanisms that can assist organizations in meeting their data-management obligations. TEEs (trusted execution environments) provide hardware-based mechanisms with various security properties for assisting computation and data management. TEEs are concerned with the confidentiality and integrity of data, code, and the corresponding computation. Because the main security properties come from hardware, certain protections and guarantees can be offered even if the host privileged software stack is vulnerable.
- Alder, F., Asokan, N., Kurnikov, A., Paverd, A., Steiner, M. 2018. S-FaaS: trustworthy and accountable function-as-a-service using Intel SGX. In Proceedings of the ACM SIGSAC Conference on Cloud Computing Security, 185-199; https://dl.acm.org/doi/10.1145/3338466.3358916.Google Scholar
- Amazon. AWS GDPR Data Processing Addendum; https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.Google Scholar
- Anati, I., Gueron, S., Johnson, S., Scarlata, V. 2013. Innovative technology for CPU-based attestation and sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM.Google Scholar
- Anderson, R. 2003. Cryptography and competition policy: issues with "trusted computing." In Proceedings of the 22nd Annual Symposium on Principles of Distributed Computing, 3?10.Google Scholar
- Arnautov, S., Trach, B., Gregor, F., Knauth, T., Martin, A., Priebe, C., Lind, J., Muthukumaran, D., O'Keeffe, D., Stillwell, M., et al. 2016. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of the 12th Usenix Symposium on Operating Systems Design and Implementation, 689-703; https://dl.acm.org/doi/10.5555/3026877.3026930.Google Scholar
- Cobbe, J., Norval, C., Singh, J. 2020. What lies beneath: transparency in online service supply chains. Journal of Cyber Policy 5(1), 65-93.Google ScholarCross Ref
- European Commission. What is personal data? https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en.Google Scholar
- Gollamudi, A., Chong, S. 2016. Automatic enforcement of expressive security policies using enclaves. In Proceedings of the ACM SIGPLAN International Conference on Object-oriented Programming, Systems, Languages and Applications, 494-513; https://dl.acm.org/doi/10.1145/2983990.2984002.Google Scholar
- Hunt, G., Letey, G., Nightingale, E. 2017. The seven properties of highly secure devices. Microsoft Technical Report MSR-TR-2017-16; https://www.microsoft.com/en-us/research/publication/seven-properties-1st-edition/.Google Scholar
- Karande, V., Bauman, E., Lin, Z., Khan, L. 2017. SGX-Log: securing system logs with SGX. In Proceedings of the ACM Asia Conference on Computer and Communications Security, 19-30.Google ScholarDigital Library
- Le Quoc, D., Gregor, F., Arnautov, S., Kunkeland, R., Bhatotia, P., Fetzer, C. 2020. secureTF: a secure TensorFlow framework. In Proceedings of the 21st International ACM/IFIP Middleware Conference.Google ScholarDigital Library
- Le Quoc, D., Gregor, F., Singh, J., Fetzer, C. 2019. SGX-PySpark: secure distributed data analytics. In Proceedings of WWW '19: the World Wide Web Conference; https://dl.acm.org/doi/10.1145/3308558.3314129.Google ScholarDigital Library
- Linux Foundation. 2020. Confidential Computing Consortium. https://confidentialcomputing.io/.Google Scholar
- Microsoft. Online Services Data Protection Addendum; https://www.microsoft.com/en-us/licensing/product-licensing/products.Google Scholar
- Microsoft. 2018. Virtualization-based security (VBS) memory enclaves: data protection through isolation; https://www.microsoft.com/security/blog/2018/06/05/virtualization-based-security-vbs-memory-enclaves-data-protection-through-isolation/.Google Scholar
- Microsoft. 2020. Azure confidential computing; https://azure.microsoft.com/en-us/solutions/confidential-compute/.Google Scholar
- Millard, C. J., ed. 2021. Cloud Computing Law, second edition. Oxford University Press.Google Scholar
- Nilsson, A., Bideh, P. N., Brorsson, J. 2020. A survey of published attacks on Intel SGX. arXiv:2006.13598.Google Scholar
- Ohrimenko, O., Schuster, F., Fournet, C., Mehta, A., Nowozin, S., Vaswani, K., Costa, M. 2016. Oblivious multi-party machine learning on trusted processors. In Proceedings of the 26th Usenix Conference on Security Symposium; https://dl.acm.org/doi/10.5555/3241094.3241143.Google Scholar
- Open Enclave SDK. 2019; https://github.com/openenclave/openenclave.Google Scholar
- Schoen, S. D. 2003. Trusted computing: promise and risk. Electronic Frontier Foundation; https://www.eff.org/files/20031001_tc.pdf.Google Scholar
- Schuster, F., Costa, M., Fournet, C., Gkantsidis, C., Peinado, M., Mainar-Ruiz, G., Russinovich, M. 2015. VC3: Trustworthy data analytics in the cloud using SGX. In Proceedings of the 2015 IEEE Symposium on Security and Privacy; https://ieeexplore.ieee.org/document/7163017.Google ScholarDigital Library
- Schwarz, M., Weiser, S., Gruss, D. 2019. Practical enclave malware with Intel SGX. In Detection of Intrusions and Malware, and Vulnerability Assessment, Springer International Publishing, 177?196.Google Scholar
- Singh, J., Millard, C., Reed, J., Cobbe, J., Crowcroft, J. 2018. Accountability in the IoT: systems, law, and ways forward. IEEE Computer 51(7), 54-65; https://ieeexplore.ieee.org/document/8423131.Google ScholarCross Ref
- Skillern, R. 2018. Intel architecture enables new IBM cloud service with enhanced container security. Intel IT Peer Network; https://itpeernetwork.intel.com/intel-ibm-cloud-container-security.Google Scholar
- Tarkhani, Z., Madhavapeddy, A. 2020. Sirius: enabling system-wide isolation for trusted execution environments. arXiv preprint, arXiv:2009.01869.Google Scholar
- Tsai, C.-C., Porter, D. E., Vij, M. 2017. Graphene-SGX: a practical library OS for unmodified applications on SGX. In Proceedings of the 2017 Usenix Annual Technical Conference, 645-658; https://dl.acm.org/doi/10.5555/3154690.3154752.Google Scholar
- U.S. Department of Defense. 1985. Department of Defense Trusted Computer System Evaluation Criteria.Google Scholar
- Van Bulck, J., Oswald, D., Marin, E., Aldoseri, A., Garcia, F. D., Piessens, F. 2019. A tale of two worlds: assessing the vulnerability of enclave shielding runtimes. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, 1741? 1758; https://dl.acm.org/doi/10.1145/3319535.3363206.Google ScholarDigital Library
- van Dijck, J., Poell, T., de Waal, M. 2018. The Platform Society: Public Values in a Connective World. Oxford University Press.Google Scholar
Index Terms
- Enclaves in the Clouds: Legal considerations and broader implications
Recommendations
Enclaves in the clouds: Legal considerations and broader implications
Trusted Execution Environments ('TEEs') or 'secure enclaves' aim at enabling more secure computation and data management. There is much enthusiasm for this technology, not least as we see increasing legal and regulatory attention on issues of security, ...
Enclaves: enabling secure collaboration over the internet
SSYM'96: Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6The rapid expansion of the Internet means that users increasingly want to interact with each other. Due to the openness and unsecure nature of the net, users often have to rely on firewalls to protect their connections. Firewalls, however, make real-...
Enclaves: enabling secure collaboration over the Internet
The rapid expansion of the Internet means that users increasingly want to interact with each other. Due to the openness and unsecure nature of the Net, users often have to rely on firewalls to protect their connections. Firewalls, however, make real-...
Comments