Trusted and Confidential Computing (TCC)

Semester: Fall 2021
Time & Place: M/W 6:00pm-7:15pm
Instructor: Dave (Jing) Tian
Class Leader: Arslan Khan
Office Hours: In-class
Prerequisites: computer architecture + OS
Audience: grad students (with strong interests and motivation in system security)
Grading: based on students’ presentations

This grad-level seminar provides a holistic view of “Trusted Computing” and “Confidential Computing”, as well as the current evolving to “Confidential Computing”. Through the whole semester, we will talk about TCG TPM, ARM TrustZone, Intel SGX, AMD SEV, RISC-V, etc. Specificially, we will look into technical details of these hardware-based security features, novel defenses built upon them, and attacks against them. The goal of this seminar is to understand how “trust” has been impacting the system design of both hardware and system software, and how hardware and system software interact with each other to achieve desired security goals. Each student in the class will need to pick up a paper every 1/2 week(s) (depending on the enrollment) and give a presentation of the paper during the class. The whole class will participate the discussion during the presenation. NOTE: this will be a research-heavy seminar!


Week 1/2:


Ahmad-Reza Sadeghi. Hardware-Assisted Security: From Trust Anchors to Meltdown of Trust. Chalmers Initiative Seminar: Digitalisation – Security & Privacy | Machine Intelligence, 2018 (Video).

Confidential Computing Consortium. Webinars. 2021 (Video).

Week 3/4:

Trusted Platform Module (TPM)

Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. Design and Implementation of a TCG-based Integrity Measurement Architecture. 13th USENIX Security Symposium (Security’04), San Diego, CA, USA, August 2004. (Jiwon Kim, 09/01/21)

Perez, Ronald, Reiner Sailer, and Leendert van Doorn. “vTPM: virtualizing the trusted platform module.” In Proc. 15th Conf. on USENIX Security Symposium, pp. 305-320. 2006. (Arslan Khan, 09/01/21)

Parno, Bryan, Jonathan M. McCune, and Adrian Perrig. “Bootstrapping trust in commodity computers.” In 2010 IEEE Symposium on Security and Privacy, pp. 414-429. IEEE, 2010. (Xiaolong Wu, 09/08/21)

McCune, Jonathan M., Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. “TrustVisor: Efficient TCB reduction and attestation.” In 2010 IEEE Symposium on Security and Privacy, pp. 143-158. IEEE, 2010. (Zheng Zhong, 09/08/21)

Zhou, Zongwei, Virgil D. Gligor, James Newsome, and Jonathan M. McCune. “Building verifiable trusted path on commodity x86 computers.” In 2012 IEEE symposium on security and privacy, pp. 616-630. IEEE, 2012. (Zhongtang Luo, 09/15/21)

Chen, Chen, Himanshu Raj, Stefan Saroiu, and Alec Wolman. “cTPM: A cloud {TPM} for cross-device trusted applications.” In 11th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 14). 2014. (Weihao Chen, 09/13/21)

Raj, Himanshu, Stefan Saroiu, Alec Wolman, Ronald Aigner, Jeremiah Cox, Paul England, Chris Fenner et al. “ftpm: A software-only implementation of a {TPM} chip.” In 25th {USENIX} Security Symposium ({USENIX} Security 16), pp. 841-856. 2016. (Muqi Zou, 09/13/21)

Han, Seunghun, Wook Shin, Jun-Hyeok Park, and HyoungChun Kim. “A bad dream: Subverting trusted platform module while you are sleeping.” In 27th {USENIX} Security Symposium ({USENIX} Security 18), pp. 1229-1246. 2018. (Sungwoo Kim, 09/15/21)

Chakraborty, Dhiman, Lucjan Hanzlik, and Sven Bugiel. “simTPM: User-centric {TPM} for Mobile Devices.” In 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 533-550. 2019. (Jiwon Kim, 09/22/21)

Moghimi, Daniel, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger. “TPM-FAIL:{TPM} meets Timing and Lattice Attacks.” In 29th {USENIX} Security Symposium ({USENIX} Security 20), pp. 2057-2073. 2020. (Zhongtang Luo, 09/20/21)

Week 5/6:

ARM TrustZone

Azab, Ahmed M., Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, and Wenbo Shen. “Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world.” In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 90-102. 2014.

Santos, Nuno, Himanshu Raj, Stefan Saroiu, and Alec Wolman. “Using ARM TrustZone to build a trusted language runtime for mobile applications.” In Proceedings of the 19th international conference on Architectural support for programming languages and operating systems, pp. 67-80. 2014.

Ngabonziza, Bernard, Daniel Martin, Anna Bailey, Haehyun Cho, and Sarah Martin. “Trustzone explained: Architectural features and use cases.” In 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pp. 445-451. IEEE, 2016.

Machiry, Aravind, Eric Gustafson, Chad Spensky, Christopher Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna. “BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments.” In NDSS. 2017.

Guan, Le, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, and Trent Jaeger. “Trustshadow: Secure execution of unmodified applications with arm trustzone.” In Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, pp. 488-501. 2017. (Xiaolong Wu, 10/04/21)

Hua, Zhichao, Jinyu Gu, Yubin Xia, Haibo Chen, Binyu Zang, and Haibing Guan. “vtz: Virtualizing {ARM} trustzone.” In 26th {USENIX} Security Symposium ({USENIX} Security 17), pp. 541-556. 2017. (Arslan Khan, 09/27/21)

Lentz, Matthew, Rijurekha Sen, Peter Druschel, and Bobby Bhattacharjee. “Secloak: Arm trustzone-based mobile peripheral control.” In Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services, pp. 1-13. 2018. (Sungwoo Kim, 10/18/21)

Qiu, Pengfei, Dongsheng Wang, Yongqiang Lyu, and Gang Qu. “VoltJockey: Breaching TrustZone by software-controlled voltage manipulation over multi-core frequencies.” In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 195-209. 2019.

Brasser, Ferdinand, David Gens, Patrick Jauernig, Ahmad-Reza Sadeghi, and Emmanuel Stapf. “SANCTUARY: ARMing TrustZone with User-space Enclaves.” In NDSS. 2019. (Zheng Zhong, 10/13/21)

Pinto, Sanndro, Hugo Araujo, Daniel Oliveira, Jose Martins, and Adriano Tavares. “Virtualization on trustzone-enabled microcontrollers? voilà!.” In 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pp. 293-304. IEEE, 2019. (Arslan Khan, 10/20/21)

Harrison, Lee, Hayawardh Vijayakumar, Rohan Padhye, Koushik Sen, and Michael Grace. “{PARTEMU}: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation.” In 29th {USENIX} Security Symposium ({USENIX} Security 20), pp. 789-806. 2020.

Suciu, Darius, Stephen McLaughlin, Laurent Simon, and Radu Sion. “Horizontal Privilege Escalation in Trusted Applications.” In 29th {USENIX} Security Symposium ({USENIX} Security 20). 2020. (Muqi Zou, 09/29/21)

Cerdeira, David, Nuno Santos, Pedro Fonseca, and Sandro Pinto. “Sok: Understanding the prevailing security vulnerabilities in trustzone-assisted tee systems.” In 2020 IEEE Symposium on Security and Privacy (SP), pp. 1416-1432. IEEE, 2020. (Zhongtang Luo, 10/06/21)

Quarta, Davide, Michele Ianni, Aravind Machiry, Yanick Fratantonio, Eric Gustafson, Davide Balzarotti, Martina Lindorfer, Giovanni Vigna, and Christopher Kruegel. “Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM’s TrustZone.” (2021).

Week 7/8:

Intel Software Guard eXecution (SGX)

Frank Mckeen. Intel Software Guard Extensions: Innovative Instructions for Next Generation Isolated Execution. Stanford Seminar – Intel Software Guard Extensions, USA, 2015 (Video).

Costan, Victor, and Srinivas Devadas. “Intel sgx explained.” IACR Cryptol. ePrint Arch. 2016, no. 86 (2016): 1-118.

Sinha, Rohit, Sriram Rajamani, Sanjit Seshia, and Kapil Vaswani. “Moat: Verifying confidentiality of enclave programs.” In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1169-1184. 2015.

Arnautov, Sergei, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind et al. “{SCONE}: Secure linux containers with intel {SGX}.” In 12th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 16), pp. 689-703. 2016.

Lind, Joshua, Christian Priebe, Divya Muthukumaran, Dan O’Keeffe, Pierre-Louis Aublin, Florian Kelbert, Tobias Reiher et al. “Glamdring: Automatic application partitioning for intel {SGX}.” In 2017 {USENIX} Annual Technical Conference ({USENIX}{ATC} 17), pp. 285-298. 2017.

Tsai, Chia-Che, Donald E. Porter, and Mona Vij. “Graphene-sgx: A practical library {OS} for unmodified applications on {SGX}.” In 2017 {USENIX} Annual Technical Conference ({USENIX}{ATC} 17), pp. 645-658. 2017.

Van Bulck, Jo, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. “Foreshadow: Extracting the keys to the intel {SGX} kingdom with transient out-of-order execution.” In 27th {USENIX} Security Symposium ({USENIX} Security 18), pp. 991-1008. 2018.

Chakrabarti, Somnath, Matthew Hoekstra, Dmitrii Kuvaiskii, and Mona Vij. “Scaling Intel® Software Guard Extensions Applications with Intel® SGX Card.” In Proceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy, pp. 1-9. 2019.

Van Bulck, Jo, David Oswald, Eduard Marin, Abdulla Aldoseri, Flavio D. Garcia, and Frank Piessens. “A tale of two worlds: Assessing the vulnerability of enclave shielding runtimes.” In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1741-1758. 2019.

Murdock, Kit, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens. “Plundervolt: Software-based fault injection attacks against Intel SGX.” In 2020 IEEE Symposium on Security and Privacy (SP), pp. 1466-1482. IEEE, 2020.

Week 9/10:

SGX Cont.

Tsai, Chia-Che, Jeongseok Son, Bhushan Jain, John McAvey, Raluca Ada Popa, and Donald E. Porter. “Civet: An efficient Java partitioning framework for hardware enclaves.” In 29th {USENIX} Security Symposium ({USENIX} Security 20), pp. 505-522. 2020.

Shinde, Shweta, Shengyi Wang, Pinghai Yuan, Aquinas Hobor, Abhik Roychoudhury, and Prateek Saxena. “BesFS: A {POSIX} Filesystem for Enclaves with a Mechanized Safety Proof.” In 29th {USENIX} Security Symposium ({USENIX} Security 20), pp. 523-540. 2020.

Oh, Hyunyoung, Adil Ahmad, Seonghyun Park, Byoungyoung Lee, and Yunheung Paek. “Trustore: Side-channel resistant storage for sgx using intel hybrid cpu-fpga.” In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 1903-1918. 2020.

Ghosh, Santosh, Luis S. Kida, Soham Jayesh Desai, and Reshma Lal. “A> 100 Gbps Inline AES-GCM Hardware Engine and Protected DMA Transfers between SGX Enclave and FPGA Accelerator Device.” IACR Cryptol. ePrint Arch. 2020 (2020): 178.

Chen, Zitai, Georgios Vasilakis, Kit Murdock, Edward Dean, David Oswald, and Flavio D. Garcia. “VoltPillager: Hardware-based fault injection attacks against Intel {SGX} Enclaves using the {SVID} voltage scaling interface.” In 30th {USENIX} Security Symposium ({USENIX} Security 21). 2021.

Cui, Jinhua, Jason Zhijingcheng Yu, Shweta Shinde, Prateek Saxena, and Zhiping Cai. “SmashEx: Smashing SGX Enclaves Using Exceptions.” arXiv preprint arXiv:2110.06657 (2021).

Jangid, Mohit Kumar, Guoxing Chen, Yinqian Zhang, and Zhiqiang Lin. “Towards Formal Verification of State Continuity for Enclave Programs.” In 30th {USENIX} Security Symposium ({USENIX} Security 21), pp. 573-590. 2021.

Giner, Lukas, Andreas Kogler, Claudio Canella, Michael Schwarz, and Daniel Gruss. “Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGX.” In 31th USENIX Security Symposium (USENIX Security 22). 2022.

Chen, Yuan, Jiaqi Li, Guorui Xu, Yajin Zhou, Zhi Wang, Cong Wang, and Kui Ren. “SGXLock: Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX.” In 31th USENIX Security Symposium (USENIX Security 22). 2022.

Week 11/12:

AMD Secure Encrypted Virtualization (SEV)

Mofrad, Saeid, Fengwei Zhang, Shiyong Lu, and Weidong Shi. “A comparison study of intel SGX and AMD memory encryption technology.” In Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy, pp. 1-8. 2018.

Li, Mengyuan, Yinqian Zhang, Zhiqiang Lin, and Yan Solihin. “Exploiting unprotected i/o operations in amd’s secure encrypted virtualization.” In 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 1257-1272. 2019.

Li, Mengyuan, Yinqian Zhang, and Zhiqiang Lin. “CROSSLINE: Breaking”Security-by-Crash”based Memory Isolation in AMD SEV.” arXiv preprint arXiv:2008.00146 (2020).

Week 13/14:


Costan, Victor, Ilia Lebedev, and Srinivas Devadas. “Sanctum: Minimal hardware extensions for strong software isolation.” In 25th {USENIX} Security Symposium ({USENIX} Security 16), pp. 857-874. 2016.

Weiser, Samuel, Mario Werner, Ferdinand Brasser, Maja Malenko, Stefan Mangard, and Ahmad-Reza Sadeghi. “TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V.” In NDSS. 2019.

Lee, Dayeol, David Kohlbrenner, Shweta Shinde, Krste Asanović, and Dawn Song. “Keystone: An open framework for architecting trusted execution environments.” In Proceedings of the Fifteenth European Conference on Computer Systems, pp. 1-16. 2020.

Schrammel, David, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, and Daniel Gruss. “Donky: Domain keys–efficient in-process isolation for RISC-V and x86.” In 29th {USENIX} Security Symposium ({USENIX} Security 20), pp. 1677-1694. 2020.

Nasahl, Pascal, Robert Schilling, Mario Werner, and Stefan Mangard. “Hector-v: A heterogeneous cpu architecture for a secure risc-v execution environment.” In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pp. 187-199. 2021.

Thomas, Alex, Stephan Kaminsky, Dayeol Lee, Dawn Song, and Krste Asanovic. “ERTOS: Enclaves in Real-Time Operating Systems.” 2022.

Week 15/16:


Ferraiuolo, Andrew, Andrew Baumann, Chris Hawblitzel, and Bryan Parno. “Komodo: Using verification to disentangle secure-enclave hardware from software.” In Proceedings of the 26th Symposium on Operating Systems Principles, pp. 287-305. 2017.

Intel Trust Domain eXtensions (TDX)

Intel TDX white paper

Intel TDX

Sardar, Muhammad Usama, Saidgani Musaev, and Christof Fetzer. “Demystifying Attestation in Intel Trust Domain Extensions via Formal Verification.” IEEE Access (2021).

ARM Realm

ARM confidential compute architecture