A first step towards leveraging commodity trusted execution environments for network applications

Proceedings of the 14th ACM Workshop on Hot Topics in Networks, HotNets-XIV 2015

Volumn , Issue , 2015, Pages

  Kim, Seongmin ^a   Shin, Youjung ^a   Ha, Jaehyung ^a   Kim, Taesoo ^a,b   Han, Dongsu ^a  

^a Korea Advanced Institute of Science and Technology (KAIST)   (South Korea)

^b GEORGIA INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

DESIGN; NETWORK PROTOCOLS; OPEN SOURCE SOFTWARE; PEER TO PEER NETWORKS;

ALTERNATIVE DESIGNS; ANONYMITY NETWORKS; HARDWARE PROTECTION; INTERDOMAIN ROUTING; NETWORK APPLICATIONS; SECURITY AND PRIVACY; TRANSPORT LAYER SECURITY; TRUSTED EXECUTION ENVIRONMENTS;

NETWORK SECURITY;

EID: 84962655697     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2834050.2834100     Document Type: Conference Paper

References (39)

1. Gns3 network simulator. http://www.gns3.com/.
2. OpenSGX: An open platform for intel sgx. https://github.com/sslab-gatech/opensgx.
3. Possible upcoming attempts to disable the tor network. https://blog.torproject.org/blog/possible-upcoming-attempts-disable-tornetwork, December 2014.
4. I. Anati, S. Gueron, S. P. Johnson, and V. R. Scarlata. Innovative Technology for CPU Based Attestation and Sealing. In International Workshop on Hardware and Architectural Support for Security and Privacy, pages 1-8, Tel-Aviv, Israel, 2013.
5. P. Bakker. Polarssl project. http://polarssl.org/.
6. S. Balfe, A. Lakhani, and K. Paterson. Trusted computing: providing security for peer-to-peer networks. In Peer-to-Peer Computing, Fifth IEEE International Conference on, pages 117-124, Aug 2005.
7. A. Baumann, M. Peinado, and G. Hunt. Shielding applications from an untrusted cloud with haven. In USENIX OSDI, 2014.
8. E. Brickell and J. Li. Enhanced privacy id: A direct anonymous attestation scheme with enhanced revocation capa bilities. In Proceedings of the 2007 ACM workshop on Privacy in electronic society, pages 21-30, 2007.
9. S. Checkoway and H. Shacham. Iago attacks: Why the system call api is a bad untrusted rpc interface. In Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '13, pages 253-264, 2013.
10. C. Chen, H. Raj, S. Saroiu, and A. Wolman. cTPM: A cloud TPM for cross-device trusted applications. In USENIX NSDI, 2014.
11. R. Dingledine. Tor Project infrastructure updates in response to security breach. http://archives.seul.org/or/talk/Jan-2010/msg00161.html, January 2010.
12. R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In USENIX Security Symposium, 2004.
13. J. Edge. Lots of progress for Debian's reproducible builds. http://lwn.net/Articles/630074/, Jan. 2015.
14. Y. Gasmi, A.-R. Sadeghi, P. Stewin, M. Unger, and N. Asokan. Beyond secure channels. In Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, STC '07, 2007.
15. K. Goldman, R. Perez, and R. Sailer. Linking remote attestation to secure tunnel endpoints. In Proceedings of the First ACM Workshop on Scalable Trusted Computing, STC '06, 2006.
16. A. Gupta, L. Vanbever, M. Shahbaz, S. P. Donovan, B. Schlinker, N. Feamster, J. Rexford, S. Shenker, R. Clark, and E. Katz-Bassett. SDX: A software defined internet exchange. In ACM SIGCOMM, 2014.
17. D. Gupta, A. Segal, A. Panda, G. Segev, M. Schapira, J. Feigenbaum, J. Rexford, and S. Shenker. A new approach to interdomain routing based on secure multi-party computation. In ACM HotNets, 2012.
18. Intel. Intel Software Guard Extensions Programming Reference (rev1), Sept. 2013. 329298-001US.
19. Intel. Intel Software Guard Extensions Programming Reference (rev2), Oct. 2014. 329298-002US.
20. R. Jansen, F. Tschorsch, A. Johnson, and B. Scheuermann. The sniper attack: Anonymously deanonymizing and disabling the tor network. Technical report, DTIC Document, 2014.
21. T.-W. Johnny Ngan, R. Dingledine, and D. Wallach. Building incentives into tor. In R. Sion, editor, Financial Cryptography and Data Security, volume 6052 of Lecture Notes in Computer Science, pages 238-256. Springer Berlin Heidelberg, 2010.
22. S. Le Blond, P. Manils, A. Chaabane, M. A. Kaafar, C. e. Castelluccia, A. Legout, andW. Dabbous. One bad apple spoils the bunch: Exploiting p2p applications to trace and profile tor users. In Proceedings of the 4th USENIX Conference on Largescale Exploits and Emergent Threats, pages 2-2, 2011.
23. Y. Li, J. M. McCune, J. Newsome, A. Perrig, B. Baker, and W. Drewry. MiniBox: A Two-Way Sandbox for x86 Native Code. In Proceedings of the USENIX Annual Technical Conference, June 2014.
24. J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An Execution Infrastructure for TCB Minimization. In EUROSYS, pages 315-328, 2008.
25. F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In International Workshop on Hardware and Architectural Support for Security and Privacy, pages 1-8, Tel-Aviv, Israel, 2013.
26. J. Naous, M. Walfish, A. Nicolosi, D. Mazières, M. Miller, and A. Seehra. Verifying and enforcing network paths with icing. In ACM CoNEXT, 2011.
27. D. Naylor, A. Finamore, I. Leontiadis, Y. Grunenberger, M. Mellia, M. Munafò, K. Papagiannaki, and P. Steenkiste. The cost of the "S" in HTTPS. In ACM CoNEXT, 2014.
28. D. Naylor, K. Schomp, M. Varvello, I. Leontiadis, J. Blackburn, D. Lopez, K. Papagiannaki, P. R. Rodriguez, and P. Steenkiste. multi-context TLS (mcTLS): Enabling secure in-network functionality in TLS. In ACM SIGCOMM, 2015.
29. M. Perry. Deterministic Builds Part Two: Technical Details. https://blog.torproject.org/blog/deterministic-builds-part-two-technicaldetails, Oct. 2013.
30. N. Santos, R. Rodrigues, K. P. Gummadi, and S. Saroiu. Policysealed data: A new abstraction for building trusted cloud services. In USENIX Conference on Security Symposium, 2012.
31. F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. Vc3: Trustworthy data analytics in the cloud. Technical Report MSR-TR-2014-39, Microsoft Research, February 2014.
32. J. Sherry, C. Lan, R. A. Popa, and S. Ratnasamy. Blindbox: Deep packet inspection over encrypted traffic. In ACM SIGCOMM, 2015.
33. R. Sinha, S. Rajamani, S. A. Seshia, and K. Vaswani. Moat: Verifying confidentiality of enclave programs. In ACM CCS, 2015.
34. I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for internet applications. In ACM SIGCOMM, 2001.
35. P.Winter, R. Köwer, M. Mulazzani, M. Huber, S. Schrittwieser, S. Lindskog, and E. Weippl. Spoiled onions: Exposing malicious tor exit relays. In Privacy Enhancing Technologies, pages 304-331. Springer, 2014.
36. X. Yang, D. Clark, and A. Berger. Nira: A new inter-domain routing architecture. Networking, IEEE/ACM Transactions on, 15 (4):775-788, Aug 2007.
37. X. Zhang, H.-C. Hsiao, G. Hasker, H. Chan, A. Perrig, and D. G. Andersen. Scion: Scalability, control, and isolation on next-generation networks. In IEEE Symposium on Security and Privacy, 2011.
38. X. Zhang, Z. Zhou, G. Hasker, A. Perrig, and V. Gligor. Network fault localization with small tcb. In Network Protocols (ICNP), 2011 19th IEEE International Conference on, Oct 2011.
39. M. Zhao, W. Zhou, A. J. Gurney, A. Haeberlen, M. Sherr, and B. T. Loo. Private and verifiable interdomain routing decisions. In ACM SIGCOMM, 2012.