Awesome
sgx-papers
A curated list of system papers using/about Intel SGX. I'll try to keep this list updated. I gladly accept PRs.
Do you use or are you familiar with Intel SGX? If yes, we’d appreciate you could fill in this anonymous survey, it takes less than 60 seconds https://forms.gle/HdHqXiBdRp98CU6y7
| Title | Venue | |
|---|---|---|
| Using Innovative Instructions to Create Trustworthy Software Solutions | HASP@ISCA'13 | link |
| Cooperation and Security Isolation of Library OSes for Multi-Process Applications | EuroSys'14 | link |
| Shielding Applications from an Untrusted Cloud with Haven | TOCS'15 | link |
| VC3: trustworthy data analytics in the cloud using SGX | S&P'15 | link |
| Moat: Verifying Confidentiality of Enclave Programs | CCS'15 | link |
| Applying the Trustworthy Remote Entity to Privacy-Preserving Multiparty Computation: Requirements and Criteria for Large-Scale Applications | ATC'16 | link |
| Exploring the use of Intel SGX for Secure Many-Party Applications | SysTEX'16 | link |
| SCONE: Secure Linux Containers with Intel SGX | OSDI'16 | link |
| Ryoan: a distributed sandbox for untrusted computation on secret data. | OSDI'16 | link |
| SGX Support for Dynamic Memory Management Inside an Enclave | HASP'16 | link |
| Secure Content-Based Routing Using Intel Software Guard Extensions | Middleware'16 | link |
| SecureKeeper: Confidential ZooKeeper using Intel SGX | Middleware'16 | link |
| AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves | ESORICS'16 | link |
| Eleos: ExitLess OS Services for SGX Enclaves | EuroSys'17 | link |
| SGXBounds: Memory Safety for Shielded Execution | EuroSys'17 | link |
| Hybrids on Steroids: SGX-Based High Performance BFT | EuroSys'17 | link |
| PANOPLY: Low-TCB Linux Applications with SGX Enclaves | NDSS'17 | link |
| Teechan: Payment Channels Using Trusted Execution Environments | BITCOIN'17 | link |
| SGXIO: Generic Trusted I/O Path for Intel SGX | CODASPY'17 | link |
| TrustJS: Trusted Client-side Execution of JavaScript | EuroSec'17 | link |
| SGX-Log: Securing System Logs With SGX | Asia CCS'17 | link |
| Secure Live Migration of SGX Enclaves on Untrusted Cloud | DSN'17 | link |
| Rollback and Forking Detection for Trusted Execution Environments using Lightweight Collective Memory | DSN'17 | link |
| SecureStreams: Reactive Middleware for Secure Data Stream | DEBS'17 | link |
| Regaining Lost Cycles with HotCalls: A Fast Interface for SGX Secure Enclaves | ISCA'17 | link |
| Glamdring: Automatic Application Partitioning for Intel SGX | ATC'17 | link |
| Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing | Usenix Security'17 | link |
| S-NFV: Securing NFV states by using SGX | CODASPY'17 | link |
| Enhancing Security and Privacy of Tor's Ecosystem by Using Trusted Execution Environments | NSDI'17 | link |
| Securing Data Analytics on SGX With Randomization | ESORICS'17 | link |
| Software Grand Exposure: SGX Cache Attacks Are Practical | WooT'17 | link |
| Komodo: Using verification to disentangle secure-enclave hardware from software | SOSP'17 | link |
| POSTER: Rust SGX SDK: Towards Memory Safety in Intel SGX Enclave | CCS'17 | link |
| Iron: Functional Encryption using Intel SGX | CCS'17 | link |
| A Formal Foundation for Secure Remote Execution of Enclaves | CCS'17 | link |
| SGX-Bomb: Locking Down the Processor via Rowhammer Attack | SysTEX'17 | link |
| X-Search: Revisiting Private Web Search using Intel SGX | Middleware'17 | link |
| Cache Attacks on Intel SGX | EuroSec'17 | link |
| SGXKernel: A Library Operating System Optimized for Intel SGX | CF'17 | link |
| Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX | ATC'17 | link |
| HardIDX: Practical and Secure Index with SGX | DBSec'17 | link |
| Opaque: An Oblivious and Encrypted Distributed Analytics Platform | NSDI'17 | link |
| VAULT: Reducing Paging Overheads in SGX with Efficient Integrity Verification Structures | ASPLOS'18 | link |
| STANlite - a database engine for secure data processing at rack-scale level | IC2E'18 | link |
| EnclaveDB: A Secure Database using SGX | SP'18 | link |
| Oblix: An Efficient Oblivious Search Index | S&P'18 | link |
| ZeroTrace: Oblivious Memory Primitives from Intel SGX | NDSS'18 | link |
| OBLIVIATE: A Data Oblivious Filesystem for Intel SGX | NDSS'18 | link |
| EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution | DSN'18 | link |
| Troxy: Transparent Access to Byzantine Fault-Tolerant Systems | DSN'18 | link |
| LibSEAL: Revealing Service Integrity Violations Using Trusted Execution | EuroSys'18 | link |
| PESOS: Policy Enhanced Secure Object Store | EuroSys'18 | link |
| Bring the Missing Jigsaw Back: TrustedClock for SGX Enclaves | EuroSec'18 | link |
| Migrating SGX Enclaves with Persistent State | DSN'18 | link |
| SafeBricks: Shielding Network Functions in the Cloud | NSDI'18 | link |
| ShieldBox: Secure Middleboxes using Shielded Execution | SOSR'18 | link |
| CYCLOSA: Decentralizing Private Web Search Through SGX-Based Browser Extensions | ICDCS'18 | link |
| SGX-Aware Container Orchestration for Heterogeneous Clusters | ICDCS'18 | link |
| Varys: Protecting SGX enclaves from practical side-channel attacks | ATC'18 | link |
| Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization | SysTEX'18 | link |
| Security, Performance and Energy Trade-offs of Hardware-assisted Memory Protection Mechanisms | SRDS'18 | link |
| PubSub-SGX: exploiting Trusted Execution Environments for privacy-preserving publish/subscribe systems | SRDS'18 | link |
| sgx-perf: A Performance Analysis Tool for Intel SGX Enclaves | Middleware'18 | link |
| EActors: Fast and flexible trusted computing using SGX | Middleware'18 | link |
| DelegaTEE: Brokered Delegation Using Trusted Execution Environments | USENIX Security'18 | link |
| Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution | USENIX Security'18 | link |
| Achieving Data Dissemination with Security using FIWARE and Intel Software Guard Extensions (SGX) | ISCC'18 | link |
| Scaling Intel® Software Guard Extensions Applications with Intel® SGX Card | HASP@ISCA'19 | link |
| A Practical Intel SGX Setting for Linux Containers in the Cloud | CODASPY'19 | link |
| Careful-Packing: A Practical and Scalable Anti-Tampering Software Protection enforced by Trusted Computing | CODASPY'19 | link |
| Everything you should know about Intel SGX performance on virtualized systems | SIGMETRICS'19 | link |
| ShieldStore: Shielded In-memory Key-value Storage with SGX | EuroSys'19 | link |
| Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware | ICLR'19 | link |
| OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX | NDSS‘19 | link |
| Trust more, serverless | SysTor'19 | link |
| Clemmys: Towards Secure Remote Execution in FaaS | SysTor'19 | link |
| Using Trusted Execution Environments for Secure Stream Processing of Medical Data | DAIS'19 | link |
| A Hybrid Approach to Secure Function Evaluation using SGX | AsiaCCS'19 | link |
| Secured Routines: Language-based Construction of Trusted Execution Environments | ATC'19 | link |
| NeXUS: Practical and Secure Access Control on Untrusted Storage Platforms using Client-Side SGX | DSN'19 | link |
| Forward and Backward Private Searchable Encryption with SGX | EuroSec'19 | link |
| TEE-Perf: A Profiler for Trusted Execution Environments | DSN'19 | link |
| SgxPectre Attacks: Stealing Intel Secrets from SGX Enclaves via Speculative Execution | EuroS&P'19 | link |
| Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves: Minimised TCB on secret-code execution with Early Private Mode (EPM) | EURASIP Journal on Information Security | link |
| BITE: Bitcoin Lightweight Client Privacy using Trusted Execution | SEC'19 | link |
| Towards Memory Safe Enclave Programming with Rust-SGX | CCS'19 | link |
| A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes | CCS'19 | link |
| OPERA: Open Remote Attestation for Intel’s Secure Enclaves | CCS'19 | link |
| LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed | CCS'19 | link |
| BLOXY: Providing Transparent and Generic BFT-Based Ordering Services for Blockchains | SRDS'19 | link |
| AccTEE: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting | Middleware'19 | link |
| EnclaveCache: A Secure and Scalable Key-value Cache in Multi-tenant Clouds using Intel SGX | Middleware'19 | link |
| PrivaTube: Privacy-Preserving Edge-Assisted Video Streaming | Middleware'19 | link |
| Teechain: a secure payment network with asynchronous blockchain access | SOSP'19 | link |
| Plundervolt: Software-based Fault Injection Attacks against Intel SGX | Oakland '20 | link |
| ObliDB: Oblivious Query Processing using Secure Enclaves | VLDB'19 | link |
| CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves | USENIX ATC'19 | link |
| Computation on Encrypted Data using Dataflow Authentication | PETS'20 | link |
| Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution | NDSS'20 | link |
| COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX | ASPLOS'20 | link |
| Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX | ASPLOS'20 | link |
| MPTEE: Bringing Flexible and Efficient Memory Protection to Intel SGX | EuroSys'20 | link |
| Autarky: Closing controlled channels with self-paging enclaves | EuroSys'20 | link |
| Trust management as a service: Enabling trusted execution in the face of Byzantine stakeholders | DSN'20 | link |
| SeGShare: Secure Group File Sharing in the Cloud using Enclaves | DSN'20 | link |
| Civet: An Efficient Java Partitioning Framework for Hardware Enclaves | SEC'20 | link |
| BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof | SEC'20 | link |
| TEEMon: A continuous performance monitoring framework for TEEs | Middleware'20 | link |
| secureTF: A Secure TensorFlow Framework | Middleware'20 | link |
| Vessels: Efficient and Scalable Deep Learning Prediction on Trusted Processors | SoCC'20 | link |
| PROXIMITEE: Hardened SGX Attestation and Trusted Path through Proximity Verification | CODASPY'20 | link |
| Towards Formalization of Enhanced Privacy ID (EPID)-based Remote Attestation in Intel SGX | DSD'20 | link |
| Formal Foundations for Intel SGX Data Center Attestation Primitives | ICFEM'20 | link |
| EnclavePDP: A General Framework to Verify Data Integrity in Cloud Using Intel SGX | RAID'20 | link |
| TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA | CCS'20 | link |
| Spons & Shields: Practical Isolation for Trusted Execution | VEE'21 | link |
| Aria: Tolerating Skewed Workloads in Secure In-memory Key-value Stores | ICDE'21 | link |
| TWINE: An Embedded Trusted Runtime for WebAssembly | ICDE'21 | link |
| CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs | NDSS'21 | link |
| VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface | USENIX Security'21 | link |
| SGXoMeter: Open and Modular Benchmarking for Intel SGX | EuroSec'21 | link |
| Building enclave-native storage engines for practical encrypted databases | VLDB'21 | link |
| MigSGX: A Migration Mechanism for Containers Including SGX Applications | UCC'21 | link |
| Accelerating Encrypted Deduplication via SGX | USENIX ATC'21 | link |
| SGX-Stream: A Secure Stream Analytics Framework In SGX-enabled Edge Cloud | JISA'23 | link |
| SGX Switchless Calls Made Configless | DSN'23 | link |
| HasTEE: Programming Trusted Execution Environments with Haskell | Haskell'23 | link |
Do you use or are you familiar with Intel SGX? If yes, we’d appreciate you could fill in this anonymous survey, it takes less than 60 seconds https://forms.gle/HdHqXiBdRp98CU6y7
Unpublished, tech-reports, or open-access:
| Title | |
|---|---|
| Intel SGX Explained | link |
| A Blockchain Based on Gossip? – a Position Paper | link |
| Proof of Luck: an Efficient Blockchain Consensus Protocol | link |
| Malware Guard Extension: Using SGX to Conceal Cache Attacks | link |
| Blockchain and Trusted Computing: Problems, Pitfalls, and a Solution for Hyperledger Fabric | link |
| DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization | link |
| Practical Enclave Malware with Intel SGX | link |
| Secure Network Interface with SGX | link |
| TaLoS: Secure and Transparent TLS Termination inside SGX Enclaves | link |
| Practical Enclave Malware with Intel SGX | link |
| EncDBDB: Searchable Encrypted, Fast, Compressed, In-Memory Database using Enclaves | link |
| HardIDX: Practical and Secure Index with SGX | link |
| SGAxe: How SGX Fails in Practice | link |
| Secure Processors | Part 1, Part 2 |
| Edgar: Offloading Function Execution to the Ultimate Edge | link |