TGh: A TEE/GC Hybrid Enabling Confidential FaaS Platforms
- URL: http://arxiv.org/abs/2309.07764v1
- Date: Thu, 14 Sep 2023 14:51:38 GMT
- Title: TGh: A TEE/GC Hybrid Enabling Confidential FaaS Platforms
- Authors: James Choncholas, Ketan Bhardwaj, Ada Gavrilovska,
- Abstract summary: We propose a TEE/GC hybrid protocol to enable confidential F platforms.
Our approach retains the security guarantees of enclaves while avoiding the performance issues associated with enclave management instructions.
- Score: 0.0
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: Trusted Execution Environments (TEEs) suffer from performance issues when executing certain management instructions, such as creating an enclave, context switching in and out of protected mode, and swapping cached pages. This is especially problematic for short-running, interactive functions in Function-as-a-Service (FaaS) platforms, where existing techniques to address enclave overheads are insufficient. We find FaaS functions can spend more time managing the enclave than executing application instructions. In this work, we propose a TEE/GC hybrid (TGh) protocol to enable confidential FaaS platforms. TGh moves computation out of the enclave onto the untrusted host using garbled circuits (GC), a cryptographic construction for secure function evaluation. Our approach retains the security guarantees of enclaves while avoiding the performance issues associated with enclave management instructions.
Related papers
- CodeChameleon: Personalized Encryption Framework for Jailbreaking Large
Language Models [49.60006012946767]
We propose CodeChameleon, a novel jailbreak framework based on personalized encryption tactics.
We conduct extensive experiments on 7 Large Language Models, achieving state-of-the-art average Attack Success Rate (ASR)
Remarkably, our method achieves an 86.6% ASR on GPT-4-1106.
arXiv Detail & Related papers (2024-02-26T16:35:59Z) - Mitigating Fine-tuning based Jailbreak Attack with Backdoor Enhanced Safety Alignment [56.2017039028998]
Fine-tuning of Language-Model-as-a-Service (LM) introduces new threats, particularly against the Fine-tuning based Jailbreak Attack (FJAttack)
We propose the Backdoor Enhanced Safety Alignment method inspired by an analogy with the concept of backdoor attacks.
Our comprehensive experiments demonstrate that through the Backdoor Enhanced Safety Alignment with adding as few as 11 safety examples, the maliciously finetuned LLMs will achieve similar safety performance as the original aligned models without harming the benign performance.
arXiv Detail & Related papers (2024-02-22T21:05:18Z) - gFaaS: Enabling Generic Functions in Serverless Computing [0.1433758865948252]
gF is a novel framework that facilitates holistic development and management of functions across diverse F platforms.
Results from our experiments demonstrate that gF functions perform similarly to native platform-specific functions across various scenarios.
arXiv Detail & Related papers (2024-01-18T20:25:20Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - QuanShield: Protecting against Side-Channels Attacks using Self-Destructing Enclaves [4.852855468869516]
We propose QuanShield, a system that protects enclaves from side-channel attacks that interrupt enclave execution.
QuanShield creates an interrupt-free environment on a dedicated CPU core for running enclaves in which enclaves terminate when interrupts occur.
Our evaluation shows that QuanShield significantly raises the bar for interrupt-based attacks with practical overhead.
arXiv Detail & Related papers (2023-12-19T02:11:42Z) - Tamper-Evident Pairing [55.2480439325792]
Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard.
TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent.
This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
arXiv Detail & Related papers (2023-11-24T18:54:00Z) - Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures (Extended Version) [1.2687030176231846]
Capacity is a novel hardware-assisted intra-process access control design that embraces capability-based security principles.
With intra-process domains authenticated with unique PA keys, Capacity transforms file descriptors and memory pointers into cryptographically-authenticated references.
We evaluate our Capacity-enabled NGINX web server prototype and other common applications in which sensitive resources are isolated into different domains.
arXiv Detail & Related papers (2023-09-20T08:57:02Z) - Building Your Own Trusted Execution Environments Using FPGA [16.206300249987354]
BYOTee (Build Your Own Trusted Execution Environments) is an easy-to-use infrastructure for building multiple equally secure enclaves.
BYOTee creates enclaves with customized hardware TCBs, which include softcore CPUs, block RAMs, and peripheral connections, in FPGA on demand.
arXiv Detail & Related papers (2022-03-08T17:22:52Z) - Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications.
We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology.
We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
arXiv Detail & Related papers (2021-06-03T16:45:40Z) - Enforcing Policy Feasibility Constraints through Differentiable
Projection for Energy Optimization [57.88118988775461]
We propose PROjected Feasibility (PROF) to enforce convex operational constraints within neural policies.
We demonstrate PROF on two applications: energy-efficient building operation and inverter control.
arXiv Detail & Related papers (2021-05-19T01:58:10Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.