Document Open Access Logo

A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs

Authors Jämes Ménétrey , Aeneas Grüter , Peterson Yuhala , Julius Oeftiger , Pascal Felber , Marcelo Pasin , Valerio Schiavoni

PDF
Thumbnail PDF

File

LIPIcs.OPODIS.2023.23.pdf
  • Filesize: 0.87 MB
  • 23 pages

Document Identifiers

Author Details

Jämes Ménétrey
  • University of Neuchâtel, Switzerland
Aeneas Grüter
  • University of Bern, Switzerland
Peterson Yuhala
  • University of Neuchâtel, Switzerland
Julius Oeftiger
  • University of Bern, Switzerland
Pascal Felber
  • University of Neuchâtel, Switzerland
Marcelo Pasin
  • University of Neuchâtel, Switzerland
Valerio Schiavoni
  • University of Neuchâtel, Switzerland

Funding

This publication incorporates results from the VEDLIoT project, which received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 957197.

Cite AsGet BibTex

Jämes Ménétrey, Aeneas Grüter, Peterson Yuhala, Julius Oeftiger, Pascal Felber, Marcelo Pasin, and Valerio Schiavoni. A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs. In 27th International Conference on Principles of Distributed Systems (OPODIS 2023). Leibniz International Proceedings in Informatics (LIPIcs), Volume 286, pp. 23:1-23:23, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024)
https://doi.org/10.4230/LIPIcs.OPODIS.2023.23

Abstract

Publish/subscribe systems play a key role in enabling communication between numerous devices in distributed and large-scale architectures. While widely adopted, securing such systems often trades portability for additional integrity and attestation guarantees. Trusted Execution Environments (TEEs) offer a potential solution with enclaves to enhance security and trust. However, application development for TEEs is complex, and many existing solutions are tied to specific TEE architectures, limiting adaptability. Current communication protocols also inadequately manage attestation proofs or expose essential attestation information. This paper introduces a novel approach using WebAssembly to address these issues, a key enabling technology nowadays capturing academia and industry attention. We present the design of a portable and fully attested publish/subscribe middleware system as a holistic approach for trustworthy and distributed communication between various systems. Based on this proposal, we have implemented and evaluated in-depth a fully-fledged publish/subscribe broker running within Intel SGX, compiled in WebAssembly, and built on top of industry-battled frameworks and standards, i.e., MQTT and TLS protocols. Our extended TLS protocol preserves the privacy of attestation information, among other benefits. Our experimental results showcase most overheads, revealing a 1.55× decrease in message throughput when using a trusted broker. We open-source the contributions of this work to the research community to facilitate experimental reproducibility.

Subject Classification

ACM Subject Classification
  • Security and privacy
  • Security and privacy → Distributed systems security
  • Security and privacy → Trusted computing
  • Computer systems organization → Dependable and fault-tolerant systems and networks
Keywords
  • Publish/Subscribe
  • WebAssembly
  • Attestation
  • TLS
  • Trusted Execution Environment
  • Cloud-Edge Continuum

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads
    0
    Metadata Views

Supplementary Materials

References

  1. ISO/IEC 11889-1:2015(E). Information technology - trusted platform module library - part 1: Architecture. Standard, International Organization for Standardization, 2015. Google Scholar
  2. A. K. M. Mubashwir Alam and Keke Chen. Making your program oblivious: a comparative study for side-channel-safe confidential computing. CoRR, abs/2308.06442, 2023. URL: https://doi.org/10.48550/ARXIV.2308.06442.
  3. Amazon. Pub/sub messaging, 2023. URL: https://aws.amazon.com/pub-sub-messaging.
  4. AMD. AMD SEV-SNP: Strengthening VM isolation with integrity protection and more. White Paper, jan 2020. Google Scholar
  5. Frederik Armknecht, Yacine Gasmi, Ahmad-Reza Sadeghi, Patrick Stewin, Martin Unger, Gianluca Ramunno, and Davide Vernizzi. An efficient implementation of trusted channels based on openssl. In Shouhuai Xu, Cristina Nita-Rotaru, and Jean-Pierre Seifert, editors, Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, STC 2008, Alexandria, VA, USA, October 31, 2008, pages 41-50. ACM, 2008. URL: https://doi.org/10.1145/1456455.1456462.
  6. Sergei Arnautov, Andrey Brito, Pascal Felber, Christof Fetzer, Franz Gregor, Robert Krahn, Wojciech Ozga, André Martin, Valerio Schiavoni, Fábio Silva, Marcus Tenorio, and Nikolaus Thummel. PubSub-SGX: Exploiting trusted execution environments for privacy-preserving publish/subscribe systems. In 37th IEEE Symposium on Reliable Distributed Systems, SRDS 2018, Salvador, Brazil, October 2-5, 2018, pages 123-132. IEEE Computer Society, 2018. URL: https://doi.org/10.1109/SRDS.2018.00023.
  7. N. Asokan, Valtteri Niemi, and Kaisa Nyberg. Man-in-the-middle in tunnelled authentication protocols. In Bruce Christianson, Bruno Crispo, James A. Malcolm, and Michael Roe, editors, Security Protocols, 11th International Workshop, Cambridge, UK, April 2-4, 2003, Revised Selected Papers, volume 3364 of Lecture Notes in Computer Science, pages 28-41. Springer, 2003. URL: https://doi.org/10.1007/11542322_6.
  8. Pierre-Louis Aublin, Florian Kelbert, Dan O'Keffe, Divya Muthukumaran, Christian Priebe, Joshua Lind, Robert Krahn, Christof Fetzer, David Eyers, and Peter Pietzuch. TaLoS: Secure and transparent TLS termination inside SGX enclaves. Technical report, Department of Computing, Imperial College London, 2017. URL: https://www.doc.ic.ac.uk/research/technicalreports/2017/DTRS17-5.pdf.
  9. NorazahAbd Aziz, Nur Izura Udzir, and Ramlan Mahmod. Extending TLS with mutual attestation for platform integrity assurance. J. Commun., 9(1):63-72, 2014. URL: https://doi.org/10.12720/JCM.9.1.63-72.
  10. Raphaël Barazzutti, Pascal Felber, Hugues Mercier, Emanuel Onica, and Etienne Rivière. Efficient and confidentiality-preserving content-based publish/subscribe with prefiltering. IEEE Trans. Dependable Secur. Comput., 14(3):308-325, 2017. URL: https://doi.org/10.1109/TDSC.2015.2449831.
  11. Stefano Berlato, Umberto Morelli, Roberto Carbone, and Silvio Ranise. End-to-end protection of IoT communications through cryptographic enforcement of access control policies. In Shamik Sural and Haibing Lu, editors, Data and Applications Security and Privacy XXXVI - 36th Annual IFIP WG 11.3 Conference, DBSec 2022, Newark, NJ, USA, July 18-20, 2022, Proceedings, volume 13383 of Lecture Notes in Computer Science, pages 236-255. Springer, 2022. URL: https://doi.org/10.1007/978-3-031-10684-2_14.
  12. Cristian Borcea, Arnab Deb Gupta, Yuriy Polyakov, Kurt Rohloff, and Gerard W. Ryan. PICADOR: end-to-end encrypted publish-subscribe information distribution with proxy re-encryption. Future Gener. Comput. Syst., 71:177-191, 2017. URL: https://doi.org/10.1016/J.FUTURE.2016.10.013.
  13. Sébanjila Kevin Bukasa, Ronan Lashermes, Hélène Le Bouder, Jean-Louis Lanet, and Axel Legay. How TrustZone could be bypassed: Side-channel attacks on a modern system-on-chip. In Gerhard P. Hancke and Ernesto Damiani, editors, Information Security Theory and Practice - 11th IFIP WG 11.2 International Conference, WISTP 2017, Heraklion, Crete, Greece, September 28-29, 2017, Proceedings, volume 10741 of Lecture Notes in Computer Science, pages 93-109. Springer, 2017. URL: https://doi.org/10.1007/978-3-319-93524-9_6.
  14. Pau-Chen Cheng, Wojciech Ozga, Enriquillo Valdez, Salman Ahmed, Zhongshu Gu, Hani Jamjoom, Hubertus Franke, and James Bottomley. Intel TDX demystified: A top-down approach. CoRR, abs/2303.15540, 2023. URL: https://doi.org/10.48550/ARXIV.2303.15540.
  15. Victor Costan and Srinivas Devadas. Intel SGX explained. IACR Cryptol. ePrint Arch., page 86, 2016. URL: http://eprint.iacr.org/2016/086.
  16. Victor Costan, Ilia A. Lebedev, and Srinivas Devadas. Sanctum: Minimal hardware extensions for strong software isolation. In Thorsten Holz and Stefan Savage, editors, 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016, pages 857-874. USENIX Association, 2016. URL: https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/costan.
  17. Enarx. Confidential computing with WebAssembly, 2019. URL: https://enarx.dev.
  18. Patrick Th. Eugster, Pascal Felber, Rachid Guerraoui, and Anne-Marie Kermarrec. The many faces of publish/subscribe. ACM Comput. Surv., 35(2):114-131, 2003. URL: https://doi.org/10.1145/857076.857078.
  19. Shufan Fei, Zheng Yan, Wenxiu Ding, and Haomeng Xie. Security vulnerabilities of SGX and countermeasures: A survey. ACM Comput. Surv., 54(6):126:1-126:36, 2022. URL: https://doi.org/10.1145/3456631.
  20. Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, and Bryan Parno. Komodo: Using verification to disentangle secure-enclave hardware from software. In Proceedings of the 26th Symposium on Operating Systems Principles, Shanghai, China, October 28-31, 2017, pages 287-305. ACM, 2017. URL: https://doi.org/10.1145/3132747.3132782.
  21. Sarah Abdelwahab Gaballah, Christoph Coijanovic, Thorsten Strufe, and Max Mühlhäuser. 2PPS - publish/subscribe with provable privacy. In 40th International Symposium on Reliable Distributed Systems, SRDS 2021, Chicago, IL, USA, September 20-23, 2021, pages 198-209. IEEE, 2021. URL: https://doi.org/10.1109/SRDS53918.2021.00028.
  22. Yacine Gasmi, Ahmad-Reza Sadeghi, Patrick Stewin, Martin Unger, and N. Asokan. Beyond secure channels. In Peng Ning, Vijay Atluri, Shouhuai Xu, and Moti Yung, editors, Proceedings of the 2nd ACM Workshop on Scalable Trusted Computing, STC 2007, Alexandria, VA, USA, November 2, 2007, pages 30-40. ACM, 2007. URL: https://doi.org/10.1145/1314354.1314363.
  23. Kenneth A. Goldman, Ronald Perez, and Reiner Sailer. Linking remote attestation to secure tunnel endpoints. In Ari Juels, Gene Tsudik, Shouhuai Xu, and Moti Yung, editors, Proceedings of the 1st ACM Workshop on Scalable Trusted Computing, STC 2006, Alexandria, VA, USA, November 3, 2006, pages 21-24. ACM, 2006. URL: https://doi.org/10.1145/1179474.1179481.
  24. Google. Pub/sub, 2023. URL: https://cloud.google.com/pubsub.
  25. Christian Göttel, Pascal Felber, and Valerio Schiavoni. Developing secure services for IoT with OP-TEE: A first look at performance and usability. In José Pereira and Laura Ricci, editors, Distributed Applications and Interoperable Systems - 19th IFIP WG 6.1 International Conference, DAIS 2019, Held as Part of the 14th International Federated Conference on Distributed Computing Techniques, DisCoTec 2019, Kongens Lyngby, Denmark, June 17-21, 2019, Proceedings, volume 11534 of Lecture Notes in Computer Science, pages 170-178. Springer, 2019. URL: https://doi.org/10.1007/978-3-030-22496-7_11.
  26. Franz Gregor, Wojciech Ozga, Sébastien Vaucher, Rafael Pires, Do Le Quoc, Sergei Arnautov, André Martin, Valerio Schiavoni, Pascal Felber, and Christof Fetzer. Trust management as a service: Enabling trusted execution in the face of byzantine stakeholders. In 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2020, Valencia, Spain, June 29 - July 2, 2020, pages 502-514. IEEE, 2020. URL: https://doi.org/10.1109/DSN48063.2020.00063.
  27. Andreas Haas, Andreas Rossberg, Derek L. Schuff, Ben L. Titzer, Michael Holman, Dan Gohman, Luke Wagner, Alon Zakai, and J. F. Bastien. Bringing the web up to speed with WebAssembly. In Albert Cohen and Martin T. Vechev, editors, Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, June 18-23, 2017, pages 185-200. ACM, 2017. URL: https://doi.org/10.1145/3062341.3062363.
  28. Intel. Intel software guard extensions remote attestation end-to-end example, jul 2018. URL: https://software.intel.com/content/www/us/en/develop/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example.html.
  29. Mihaela Ion, Giovanni Russello, and Bruno Crispo. Design and implementation of a confidentiality and access control solution for publish/subscribe systems. Comput. Networks, 56(7):2014-2037, 2012. URL: https://doi.org/10.1016/J.COMNET.2012.02.013.
  30. Abhinav Jangda, Bobby Powers, Emery D. Berger, and Arjun Guha. Not so fast: Analyzing the performance of WebAssembly vs. native code. In Dahlia Malkhi and Dan Tsafrir, editors, 2019 USENIX Annual Technical Conference, USENIX ATC 2019, Renton, WA, USA, July 10-12, 2019, pages 107-120. USENIX Association, 2019. URL: https://www.usenix.org/conference/atc19/presentation/jangda.
  31. André Joaquim, Miguel L. Pardal, and Miguel Correia. Vulnerability-tolerant transport layer security. In James Aspnes, Alysson Bessani, Pascal Felber, and João Leitão, editors, 21st International Conference on Principles of Distributed Systems, OPODIS 2017, Lisbon, Portugal, December 18-20, 2017, volume 95 of LIPIcs, pages 28:1-28:16. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2017. URL: https://doi.org/10.4230/LIPICS.OPODIS.2017.28.
  32. Simon Johnson, Vinnie Scarlata, Carlos Rozas, Ernie Brickell, and Frank Mckeen. Intel software guard extensions: EPID provisioning and attestation services. White Paper, 1(1-10):119, 2016. URL: https://cdrdv2-public.intel.com/671370/ww10-2016-sgx-provisioning-and-attestation-final.pdf.
  33. Thomas Knauth, Michael Steiner, Somnath Chakrabarti, Li Lei, Cedric Xing, and Mona Vij. Integrating remote attestation with transport layer security. CoRR, abs/1801.05863, 2018. URL: https://arxiv.org/abs/1801.05863.
  34. Hugo Krawczyk. SIGMA: The "SIGn-and-MAc" approach to authenticated Diffie-Hellman and its use in the IKE-protocols. In Dan Boneh, editor, Advances in Cryptology - CRYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17-21, 2003, Proceedings, volume 2729 of Lecture Notes in Computer Science, pages 400-425. Springer, 2003. URL: https://doi.org/10.1007/978-3-540-45146-4_24.
  35. Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanovic, and Dawn Song. Keystone: an open framework for architecting trusted execution environments. In Angelos Bilas, Kostas Magoutis, Evangelos P. Markatos, Dejan Kostic, and Margo I. Seltzer, editors, EuroSys '20: Fifteenth EuroSys Conference 2020, Heraklion, Greece, April 27-30, 2020, pages 38:1-38:16. ACM, 2020. URL: https://doi.org/10.1145/3342195.3387532.
  36. Librats. Low level attester and verifier drivers for multiple TEEs, 2022. URL: https://github.com/inclavare-containers/librats.
  37. Roger A. Light. Mosquitto: server and client implementation of the MQTT protocol. J. Open Source Softw., 2(13):265, 2017. URL: https://doi.org/10.21105/JOSS.00265.
  38. Lukas Malina, Gautam Srivastava, Petr Dzurenda, Jan Hajny, and Radek Fujdiak. A secure publish/subscribe protocol for internet of things. In Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES 2019, Canterbury, UK, August 26-29, 2019, pages 75:1-75:10. ACM, 2019. URL: https://doi.org/10.1145/3339252.3340503.
  39. Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil D. Gligor, and Adrian Perrig. Trustvisor: Efficient TCB reduction and attestation. In 31st IEEE Symposium on Security and Privacy, S&P 2010, 16-19 May 2010, Berleley/Oakland, California, USA, pages 143-158. IEEE Computer Society, 2010. URL: https://doi.org/10.1109/SP.2010.17.
  40. Jämes Ménétrey, Christian Göttel, Anum Khurshid, Marcelo Pasin, Pascal Felber, Valerio Schiavoni, and Shahid Raza. Attestation mechanisms for trusted execution environments demystified. In David M. Eyers and Spyros Voulgaris, editors, Distributed Applications and Interoperable Systems: 22nd IFIP WG 6.1 International Conference, DAIS 2022, Held as Part of the 17th International Federated Conference on Distributed Computing Techniques, DisCoTec 2022, Lucca, Italy, June 13-17, 2022, Proceedings, volume 13272 of Lecture Notes in Computer Science, pages 95-113. Springer, 2022. URL: https://doi.org/10.1007/978-3-031-16092-9_7.
  41. Jämes Ménétrey, Marcelo Pasin, Pascal Felber, and Valerio Schiavoni. Twine: An embedded trusted runtime for WebAssembly. In 37th IEEE International Conference on Data Engineering, ICDE 2021, Chania, Greece, April 19-22, 2021, pages 205-216. IEEE, 2021. URL: https://doi.org/10.1109/ICDE51399.2021.00025.
  42. Jämes Ménétrey, Marcelo Pasin, Pascal Felber, and Valerio Schiavoni. WaTZ: A trusted WebAssembly runtime environment with remote attestation for TrustZone. In 42nd IEEE International Conference on Distributed Computing Systems, ICDCS 2022, Bologna, Italy, July 10-13, 2022, pages 1177-1189. IEEE, 2022. URL: https://doi.org/10.1109/ICDCS54860.2022.00116.
  43. Microsoft. Publisher-subscriber pattern, 2023. URL: https://learn.microsoft.com/en-us/azure/architecture/patterns/publisher-subscriber.
  44. Mozilla. Standardizing WASI: A system interface to run WebAssembly outside the web, mar 2019. URL: https://hacks.mozilla.org/2019/03/standardizing-wasi-a-webassembly-system-interface/.
  45. Jämes Ménétrey. A holistic approach for trustworthy distributed systems with WebAssembly and TEEs: code and benchmarks, 2023. URL: https://github.com/JamesMenetrey/unine-opodis2023.
  46. Mohamed Nabeel, Stefan Appel, Elisa Bertino, and Alejandro P. Buchmann. Privacy preserving context aware publish subscribe systems. In Javier López, Xinyi Huang, and Ravi S. Sandhu, editors, Network and System Security - 7th International Conference, NSS 2013, Madrid, Spain, June 3-4, 2013. Proceedings, volume 7873 of Lecture Notes in Computer Science, pages 465-478. Springer, 2013. URL: https://doi.org/10.1007/978-3-642-38631-2_34.
  47. Tu Dinh Ngoc, Bao Bui, Stella Bitchebe, Alain Tchana, Valerio Schiavoni, Pascal Felber, and Daniel Hagimont. Everything you should know about intel SGX performance on virtualized systems. Proc. ACM Meas. Anal. Comput. Syst., 3(1):5:1-5:21, 2019. URL: https://doi.org/10.1145/3322205.3311076.
  48. Arto Niemi, Vasile Adrian Bogdan Pop, and Jan-Erik Ekberg. Trusted sockets layer: A TLS 1.3 based trusted channel protocol. In Nicola Tuveri, Antonis Michalas, and Billy Bob Brumley, editors, Secure IT Systems - 26th Nordic Conference, NordSec 2021, Virtual Event, November 29-30, 2021, Proceedings, volume 13115 of Lecture Notes in Computer Science, pages 175-191. Springer, 2021. URL: https://doi.org/10.1007/978-3-030-91625-1_10.
  49. Arto Niemi, Sampo Sovio, and Jan-Erik Ekberg. Towards interoperable enclave attestation: Learnings from decades of academic work. In 31st Conference of Open Innovations Association, FRUCT 2022, Helsinki, Finland, April 27-29, 2022, pages 189-200. IEEE, 2022. URL: https://doi.org/10.23919/FRUCT54823.2022.9770907.
  50. Emanuel Onica, Pascal Felber, Hugues Mercier, and Etienne Rivière. Confidentiality-preserving publish/subscribe: A survey. ACM Comput. Surv., 49(2):27:1-27:43, 2016. URL: https://doi.org/10.1145/2940296.
  51. A Paverd. Enhancing communication privacy using trustworthy remote entities. PhD thesis, University of Oxford, 2015. Google Scholar
  52. Jinglei Pei, Yuyang Shi, Qingling Feng, Ruisheng Shi, Lina Lan, Shui Yu, Jinqiao Shi, and Zhaofeng Ma. An efficient confidentiality protection solution for pub/sub system. Cybersecur., 6(1):34, 2023. URL: https://doi.org/10.1186/S42400-023-00165-W.
  53. Rafael Pires, Marcelo Pasin, Pascal Felber, and Christof Fetzer. Secure content-based routing using Intel software guard extensions. In Proceedings of the 17th International Middleware Conference, Trento, Italy, December 12 - 16, 2016, page 10. ACM, 2016. URL: https://doi.org/10.1145/2988336.2988346.
  54. Ivan Puddu, Moritz Schneider, Daniele Lain, Stefano Boschetto, and Srdjan Capkun. On (the lack of) code confidentiality in trusted execution environments. CoRR, abs/2212.07899, 2022. https://arxiv.org/abs/2212.07899, URL: https://doi.org/10.48550/ARXIV.2212.07899.
  55. Eric Rescorla. Keying material exporters for transport layer security (TLS). RFC 5705, mar 2010. URL: https://doi.org/10.17487/RFC5705.
  56. Eric Rescorla, Kazuho Oku, Nick Sullivan, and Christopher A. Wood. TLS encrypted client hello. Internet-Draft draft-ietf-tls-esni-16, Internet Engineering Task Force, apr 2023. Work in Progress. URL: https://datatracker.ietf.org/doc/draft-ietf-tls-esni/16/.
  57. Peter Saint-Andre and Jeff Hodges. Representation and verification of domain-based application service identity within internet public key infrastructure using X.509 (PKIX) certificates in the context of transport layer security (TLS). RFC 6125, mar 2011. URL: https://doi.org/10.17487/RFC6125.
  58. Muhammad Usama Sardar, Rasha Faqeh, and Christof Fetzer. Formal foundations for Intel SGX data center attestation primitives. In Shang-Wei Lin, Zhe Hou, and Brendan P. Mahony, editors, Formal Methods and Software Engineering - 22nd International Conference on Formal Engineering Methods, ICFEM 2020, Singapore, Singapore, March 1-3, 2021, Proceedings, volume 12531 of Lecture Notes in Computer Science, pages 268-283. Springer, 2020. URL: https://doi.org/10.1007/978-3-030-63406-3_16.
  59. Muhammad Usama Sardar, Saidgani Musaev, and Christof Fetzer. Demystifying attestation in Intel trust domain extensions via formal verification. IEEE Access, 9:83067-83079, 2021. URL: https://doi.org/10.1109/ACCESS.2021.3087421.
  60. Vinnie Scarlata, Simon Johnson, James Beaney, and Piotr Zmijewski. Supporting third party attestation for Intel SGX with Intel data center attestation primitives. White paper, page 12, 2018. URL: https://cdrdv2-public.intel.com/671314/intel-sgx-support-for-third-party-attestation.pdf.
  61. Carlos Segarra, Ricard Delgado-Gonzalo, and Valerio Schiavoni. MQT-TZ: Hardening IoT brokers using ARM TrustZone : (practical experience report). In International Symposium on Reliable Distributed Systems, SRDS 2020, Shanghai, China, September 21-24, 2020, pages 256-265. IEEE, 2020. URL: https://doi.org/10.1109/SRDS51746.2020.00033.
  62. Carlton Shepherd, Raja Naeem Akram, and Konstantinos Markantonakis. Establishing mutually trusted channels for remote sensing devices with trusted execution environments. In Proceedings of the 12th International Conference on Availability, Reliability and Security, Reggio Calabria, Italy, August 29 - September 01, 2017, pages 7:1-7:10. ACM, 2017. URL: https://doi.org/10.1145/3098954.3098971.
  63. Frederic Stumpf, Andreas Fuchs, Stefan Katzenbeisser, and Claudia Eckert. Improving the scalability of platform attestation. In Shouhuai Xu, Cristina Nita-Rotaru, and Jean-Pierre Seifert, editors, Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, STC 2008, Alexandria, VA, USA, October 31, 2008, pages 1-10. ACM, 2008. URL: https://doi.org/10.1145/1456455.1456457.
  64. Frederic Stumpf, Omid Tafreschi, Patrick Röder, Claudia Eckert, et al. A robust integrity reporting protocol for remote attestation. In Proceedings of the Workshop on Advances in Trusted Computing (WATC), page 65, 2006. Google Scholar
  65. Antero Taivalsaari, Tommi Mikkonen, and Cesare Pautasso. Towards seamless IoT device-edge-cloud continuum: Software architecture options of IoT devices revisited. In Maxim Bakaev, In-Young Ko, Michael Mrissa, Cesare Pautasso, and Abhishek Srivastava, editors, ICWE 2021 Workshops - ICWE 2021 International Workshops, BECS and Invited Papers, Biarritz, France, May 18-21, 2021, volume 1508 of Communications in Computer and Information Science, pages 82-98. Springer, 2021. URL: https://doi.org/10.1007/978-3-030-92231-3_8.
  66. Trusted Computing Group. DICE Attestation Architecture, 2021. URL: https://trustedcomputinggroup.org/wp-content/uploads/DICE-Attestation-Architecture-r23-final.pdf.
  67. Robin Vassantlal, Eduardo Alchieri, Bernardo Ferreira, and Alysson Bessani. COBRA: dynamic proactive secret sharing for confidential BFT services. In 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022, pages 1335-1353. IEEE, 2022. URL: https://doi.org/10.1109/SP46214.2022.9833658.
  68. Sébastien Vaucher, Valerio Schiavoni, and Pascal Felber. Short paper: Stress-SGX: Load and stress your enclaves for fun and profit. In Andreas Podelski and François Taïani, editors, Networked Systems - 6th International Conference, NETYS 2018, Essaouira, Morocco, May 9-11, 2018, Revised Selected Papers, volume 11028 of Lecture Notes in Computer Science, pages 358-363. Springer, 2018. URL: https://doi.org/10.1007/978-3-030-05529-5_24.
  69. Paul Georg Wagner, Pascal Birnstill, and Jürgen Beyerer. Establishing secure communication channels using remote attestation with TPM 2.0. In Konstantinos Markantonakis and Marinella Petrocchi, editors, Security and Trust Management - 16th International Workshop, STM 2020, Guildford, UK, September 17-18, 2020, Proceedings, volume 12386 of Lecture Notes in Computer Science, pages 73-89. Springer, 2020. URL: https://doi.org/10.1007/978-3-030-59817-4_5.
  70. Kevin Walsh and John Manferdelli. Mechanisms for mutual attested microservice communication. In Ashiq Anjum, Alan Sill, Geoffrey C. Fox, and Yong Chen, editors, Companion Proceedings of the 10th International Conference on Utility and Cloud Computing, UCC 2017, Austin, TX, USA, December 5-8, 2017, pages 59-64. ACM, 2017. URL: https://doi.org/10.1145/3147234.3148102.
  71. WAMR. WebAssembly micro runtime, 2019. URL: https://github.com/bytecodealliance/wasm-micro-runtime.
  72. Chenxi Wang, Antonio Carzaniga, David Evans, and Alexander L Wolf. Security issues and requirements for internet-scale publish-subscribe systems. In Proceedings of the 35th Annual Hawaii International Conference on System Sciences, pages 3940-3947. IEEE, 2002. URL: https://doi.org/10.1109/HICSS.2002.994531.
  73. Shuran Wang, Dahan Pan, Runhan Feng, and Yuanyuan Zhang. Magikcube: Securing cross-domain publish/subscribe systems with enclave. In 20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021, Shenyang, China, October 20-22, 2021, pages 147-154. IEEE, 2021. URL: https://doi.org/10.1109/TRUSTCOM53373.2021.00037.
  74. Wenwen Wang. How far we've come - A characterization study of standalone WebAssembly runtimes. In IEEE International Symposium on Workload Characterization, IISWC 2022, Austin, TX, USA, November 6-8, 2022, pages 228-241. IEEE, 2022. URL: https://doi.org/10.1109/IISWC55918.2022.00028.
  75. WASI-SDK. WASI-enabled WebAssembly C/C++ toolchain, 2019. URL: https://github.com/WebAssembly/wasi-sdk.
  76. Samuel Weiser, Mario Werner, Ferdinand Brasser, Maja Malenko, Stefan Mangard, and Ahmad-Reza Sadeghi. TIMBER-V: Tag-isolated memory bringing fine-grained enclaves to RISC-V. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society, 2019. URL: https://doi.org/10.14722/ndss.2019.23068.
  77. Jan Werner, Joshua Mason, Manos Antonakakis, Michalis Polychronakis, and Fabian Monrose. The severest of them all: Inference attacks against secure virtual enclaves. In Steven D. Galbraith, Giovanni Russello, Willy Susilo, Dieter Gollmann, Engin Kirda, and Zhenkai Liang, editors, Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019, Auckland, New Zealand, July 09-12, 2019, pages 73-85. ACM, 2019. URL: https://doi.org/10.1145/3321705.3329820.
  78. Yue Yu, Huaimin Wang, Bo Liu, and Gang Yin. A trusted remote attestation model based on trusted computing. In 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013 / 11th IEEE International Symposium on Parallel and Distributed Processing with Applications, ISPA-13 / 12th IEEE International Conference on Ubiquitous Computing and Communications, IUCC-2013, Melbourne, Australia, July 16-18, 2013, pages 1504-1509. IEEE Computer Society, 2013. URL: https://doi.org/10.1109/TRUSTCOM.2013.183.
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail
© 2023-2024 Schloss Dagstuhl – LZI GmbH Imprint Privacy Contact