Intel Software Guard Extensions (SGX) enables user-level code to create private memory
regions called enclaves, whose code and data are protected by the CPU from software and …

Speculation-based attacks affect hundreds of millions of computers. These attacks typically
exploit caches to leak information, using speculative instructions to cause changes to the …

This paper describes context-sensitive fencing (CSF), a microcode-level defense against
multiple variants of Spectre. CSF leverages the ability to dynamically alter the decoding of …

Hypervisors are widely deployed by cloud computing providers to support virtual machines,
but their growing complexity poses a security risk, as large codebases contain many …

Audit systems maintain detailed logs of security-related events on enterprise machines to
forensically analyze potential incidents. In principle, these logs should be safely stored in a …

Trusted Execution Environments (TEEs), such as Intel SGX's enclave, use hardware to
ensure the confidentiality and integrity of operations on sensitive data. While the technology …

As the first widely-deployed secure enclave hardware, Intel SGX shows promise as a
practical basis for confidential cloud computing. However, side channels remain SGX's …

The prosperous development of cloud computing and machine learning as a service has led
to the widespread use of media software to process confidential media data. This paper …

In modern cloud platforms, it is becoming more important to preserve the privacy of guest
virtual machines (VMs) from the untrusted host. To this end, Secure Encrypted Virtualization …

Hardware secure enclaves are increasingly used to run complex applications. Unfortunately,
existing and emerging enclave architectures do not allow secure and efficient …