SRAS: Self-governed Remote Attestation Scheme for Multi-party Collaboration

• URL: http://arxiv.org/abs/2407.03745v1
• Date: Thu, 4 Jul 2024 08:57:18 GMT
• Title: SRAS: Self-governed Remote Attestation Scheme for Multi-party Collaboration
• Authors: Linan Tian, Yunke Shen, Zhiqiang Li,
• Abstract summary: In multi-party cloud computing, how to select a Relying Party to verify the TEE of each party and avoid leaking sensitive data to each other remains an open question. We propose SRAS, an open self-governed remote attestation scheme with verification functions for verifying the trustworthiness of TEEs and computing assets. We provide an open-source prototype implementation of SRAS to facilitate the adoption of this technology by cloud users or developers.
• Score: 1.6646558152898505
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Trusted Execution Environments (TEEs), such as Intel Software Guard Extensions (SGX), ensure the confidentiality and integrity of user applications when using cloud computing resources. However, in the multi-party cloud computing scenario, how to select a Relying Party to verify the TEE of each party and avoid leaking sensitive data to each other remains an open question. In this paper, we propose SRAS, an open self-governed remote attestation scheme with attestation and verification functions for verifying the trustworthiness of TEEs and computing assets, achieving decentralized unified trusted attestation and verification platform for multi-party cloud users. In SRAS, we design a Relying Party enclave, which can form a virtual verifiable network, capable of local verification on behalf of other participants relying parties without leaking sensitive data to others. We provide an open-source prototype implementation of SRAS to facilitate the adoption of this technology by cloud users or developers.

Related papers

• Building a Privacy Web with SPIDEr -- Secure Pipeline for Information De-Identification with End-to-End Encryption [3.8909411486426033]
  SPIDEr is an end-to-end encrypted data de-identification pipeline. It supports suppression, pseudonymisation, generalisation, and aggregation. We present our design of the control flows for end-to-end secure execution of de-identification operations within a TEE.
  arXiv  Detail & Related papers  (2024-12-12T12:24:12Z)
• Confidential Federated Computations [16.415880530250092]
  Federated Learning and Analytics (FLA) have seen widespread adoption by technology platforms for processing sensitive on-device data. FLA systems do not necessarily require anonymization mechanisms like differential privacy (DP) This paper introduces a novel system architecture that leverages trusted execution environments (TEEs) and open-sourcing to ensure confidentiality of server-side computations.
  arXiv  Detail & Related papers  (2024-04-16T17:47:27Z)
• Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust [11.664322958897449]
  Remote (RA) enables the integrity and authenticity of applications in Trusted Execution Environment (TEE) to be verified. Existing TEE RA designs employ a centralized trust model where they rely on a single provisioned secret key and a centralized verifier to establish trust for remote parties. This model is however brittle and can be untrusted under advanced attacks nowadays. Most designs only have fixed procedures once deployed, making them hard to adapt to different emerging situations and provide resilient functionalities.
  arXiv  Detail & Related papers  (2024-02-14T02:51:01Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
  The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
  arXiv  Detail & Related papers  (2023-10-12T09:33:50Z)
• Putting a Padlock on Lambda -- Integrating vTPMs into AWS Firecracker [49.1574468325115]
  Software services place implicit trust in the cloud provider, without an explicit trust relationship. There is currently no cloud provider that exposes Trusted Platform Module capabilities. We improve trust by integrating a virtual TPM device into the Firecracker, originally developed by Amazon Web Services.
  arXiv  Detail & Related papers  (2023-10-05T13:13:55Z)
• Integrating Homomorphic Encryption and Trusted Execution Technology for Autonomous and Confidential Model Refining in Cloud [4.21388107490327]
  Homomorphic encryption and trusted execution environment technology can protect confidentiality for autonomous computation. We propose to integrate these two techniques in the design of the model refining scheme.
  arXiv  Detail & Related papers  (2023-08-02T06:31:41Z)
• Identity-Aware Attribute Recognition via Real-Time Distributed Inference in Mobile Edge Clouds [53.07042574352251]
  We design novel models for pedestrian attribute recognition with re-ID in an MEC-enabled camera monitoring system. We propose a novel inference framework with a set of distributed modules, by jointly considering the attribute recognition and person re-ID. We then devise a learning-based algorithm for the distributions of the modules of the proposed distributed inference framework.
  arXiv  Detail & Related papers  (2020-08-12T12:03:27Z)
• A Privacy-Preserving Distributed Architecture for Deep-Learning-as-a-Service [68.84245063902908]
  This paper introduces a novel distributed architecture for deep-learning-as-a-service. It is able to preserve the user sensitive data while providing Cloud-based machine and deep learning services.
  arXiv  Detail & Related papers  (2020-03-30T15:12:03Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.