National Cyber Warfare Foundation (NCWF)

NDSS 2025 – A Formal Approach To Multi-Layered Privileges For Enclaves
0 user ratings		2025-12-26 20:26:14
milo
Blue Team (CND)

Session 7B: Trusted Hardware and Execution


Authors, Creators & Presenters: Ganxiana Yana (Shanghai Jiao Tona Universitv). Chenvana Liu (Shanghai Jiao Tong Universitv). Zhen Huana (Shanghai Jiao Tona Universitv). Guoxina Chen (Shanghail Ganxiang Yang (Shanghai Jiao Tong University), Chenyang Liu (Shanghai Jiao Tong University), Zhen Huang (Shanghai Jiao Tong University), Guoxing Chen (Shanghai Jiao Tong University), Hongfei Fu (Shanghai Jiao Tong University), Yuanyuan Zhang (Shanghai Jiao Tong University), Hao|in Zhu (Shanghai Jiao Tong University


PAPER

A Formal Approach to Multi-Layered Privileges for Enclaves


Trusted Execution Environments (TEE) have been widely adopted as a protection approach for security-critical applications. Although feature extensions have been previously proposed to improve the usability of enclaves, their provision patterns are still confronted with security challenges. This paper presents Palantir, a verifiable multi-layered inter-enclave privilege model for secure feature extensions to enclaves. Specifically, a parent-children inter-enclave relationship, with which a parent enclave is granted two privileged permissions, the Execution Control and Spatial Control, over its children enclaves to facilitate secure feature extensions, is introduced. Moreover, by enabling nesting parent-children relationships, Palantir achieves multi-layered privileges (MLP) that allow feature extensions to be placed in various privilege layers following the Principle of Least Privilege. To prove the security of Palantir, we verified that our privilege model does not break or weaken the security guarantees of enclaves by building and verifying a formal model named TAPinfty. Furthermore, We implemented a prototype of Palantir on Penglai, an open-sourced RISC-V TEE platform.



ABOUT NDSS

The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.



Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.


The post NDSS 2025 – A Formal Approach To Multi-Layered Privileges For Enclaves appeared first on Security Boulevard.



Marc Handelman

Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/12/ndss-2025-a-formal-approach-to-multi-layered-privileges-for-enclaves/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.