A curated list of system papers using/about Intel SGX. I'll try to keep this list updated. I gladly accept PRs.
We are actively looking for motivated PhD students to join our group in a new FNS project. Get in Touch !
| Title | Venue | |
|---|---|---|
| Using Innovative Instructions to Create Trustworthy Software Solutions | HASP@ISCA'13 | link |
| Cooperation and Security Isolation of Library OSes for Multi-Process Applications | EuroSys'14 | link |
| Shielding Applications from an Untrusted Cloud with Haven | TOCS'15 | link |
| VC3: trustworthy data analytics in the cloud using SGX | S&P'15 | link |
| Moat: Verifying Confidentiality of Enclave Programs | CCS'15 | link |
| Applying the Trustworthy Remote Entity to Privacy-Preserving Multiparty Computation: Requirements and Criteria for Large-Scale Applications | ATC'16 | link |
| Exploring the use of Intel SGX for Secure Many-Party Applications | SysTEX'16 | link |
| SCONE: Secure Linux Containers with Intel SGX | OSDI'16 | link |
| Ryoan: a distributed sandbox for untrusted computation on secret data. | OSDI'16 | link |
| SGX Support for Dynamic Memory Management Inside an Enclave | HASP'16 | link |
| Secure Content-Based Routing Using Intel Software Guard Extensions | Middleware'16 | link |
| SecureKeeper: Confidential ZooKeeper using Intel SGX | Middleware'16 | link |
| AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves | ESORICS'16 | link |
| Eleos: ExitLess OS Services for SGX Enclaves | EuroSys'17 | link |
| SGXBounds: Memory Safety for Shielded Execution | EuroSys'17 | link |
| Hybrids on Steroids: SGX-Based High Performance BFT | EuroSys'17 | link |
| PANOPLY: Low-TCB Linux Applications with SGX Enclaves | NDSS'17 | link |
| Teechan: Payment Channels Using Trusted Execution Environments | BITCOIN'17 | link |
| SGXIO: Generic Trusted I/O Path for Intel SGX | CODASPY'17 | link |
| TrustJS: Trusted Client-side Execution of JavaScript | EuroSec'17 | link |
| SGX-Log: Securing System Logs With SGX | Asia CCS'17 | link |
| Secure Live Migration of SGX Enclaves on Untrusted Cloud | DSN'17 | link |
| Rollback and Forking Detection for Trusted Execution Environments using Lightweight Collective Memory | DSN'17 | link |
| SecureStreams: Reactive Middleware for Secure Data Stream | DEBS'17 | link |
| Regaining Lost Cycles with HotCalls: A Fast Interface for SGX Secure Enclaves | ISCA'17 | link |
| Glamdring: Automatic Application Partitioning for Intel SGX | ATC'17 | link |
| Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing | Usenix Security'17 | link |
| S-NFV: Securing NFV states by using SGX | CODASPY'17 | link |
| Enhancing Security and Privacy of Tor's Ecosystem by Using Trusted Execution Environments | NSDI'17 | link |
| Securing Data Analytics on SGX With Randomization | ESORICS'17 | link |
| Software Grand Exposure: SGX Cache Attacks Are Practical | WooT'17 | link |
| Komodo: Using verification to disentangle secure-enclave hardware from software | SOSP'17 | link |
| POSTER: Rust SGX SDK: Towards Memory Safety in Intel SGX Enclave | CCS'17 | link |
| Iron: Functional Encryption using Intel SGX | CCS'17 | link |
| A Formal Foundation for Secure Remote Execution of Enclaves | CCS'17 | link |
| SGX-Bomb: Locking Down the Processor via Rowhammer Attack | SysTEX'17 | link |
| X-Search: Revisiting Private Web Search using Intel SGX | Middleware'17 | link |
| Cache Attacks on Intel SGX | EuroSec'17 | link |
| SGXKernel: A Library Operating System Optimized for Intel SGX | CF'17 | link |
| Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX | ATC'17 | link |
| HardIDX: Practical and Secure Index with SGX | DBSec'17 | link |
| Opaque: An Oblivious and Encrypted Distributed Analytics Platform | NSDI'17 | link |
| VAULT: Reducing Paging Overheads in SGX with Efficient Integrity Verification Structures | ASPLOS'18 | link |
| STANlite - a database engine for secure data processing at rack-scale level | IC2E'18 | link |
| EnclaveDB: A Secure Database using SGX | SP'18 | link |
| Oblix: An Efficient Oblivious Search Index | S&P'18 | link |
| ZeroTrace: Oblivious Memory Primitives from Intel SGX | NDSS'18 | link |
| OBLIVIATE: A Data Oblivious Filesystem for Intel SGX | NDSS'18 | link |
| EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution | DSN'18 | link |
| Troxy: Transparent Access to Byzantine Fault-Tolerant Systems | DSN'18 | link |
| LibSEAL: Revealing Service Integrity Violations Using Trusted Execution | EuroSys'18 | link |
| PESOS: Policy Enhanced Secure Object Store | EuroSys'18 | link |
| Bring the Missing Jigsaw Back: TrustedClock for SGX Enclaves | EuroSec'18 | link |
| Migrating SGX Enclaves with Persistent State | DSN'18 | link |
| SafeBricks: Shielding Network Functions in the Cloud | NSDI'18 | link |
| ShieldBox: Secure Middleboxes using Shielded Execution | SOSR'18 | link |
| CYCLOSA: Decentralizing Private Web Search Through SGX-Based Browser Extensions | ICDCS'18 | link |
| SGX-Aware Container Orchestration for Heterogeneous Clusters | ICDCS'18 | link |
| Varys: Protecting SGX enclaves from practical side-channel attacks | ATC'18 | link |
| Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization | SysTEX'18 | link |
| Security, Performance and Energy Trade-offs of Hardware-assisted Memory Protection Mechanisms | SRDS'18 | link |
| PubSub-SGX: exploiting Trusted Execution Environments for privacy-preserving publish/subscribe systems | SRDS'18 | link |
| sgx-perf: A Performance Analysis Tool for Intel SGX Enclaves | Middleware'18 | link |
| EActors: Fast and flexible trusted computing using SGX | Middleware'18 | link |
| DelegaTEE: Brokered Delegation Using Trusted Execution Environments | USENIX Security'18 | link |
| Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution | USENIX Security'18 | link |
| Achieving Data Dissemination with Security using FIWARE and Intel Software Guard Extensions (SGX) | ISCC'18 | link |
| Scaling Intel® Software Guard Extensions Applications with Intel® SGX Card | HASP@ISCA'19 | link |
| A Practical Intel SGX Setting for Linux Containers in the Cloud | CODASPY'19 | link |
| Careful-Packing: A Practical and Scalable Anti-Tampering Software Protection enforced by Trusted Computing | CODASPY'19 | link |
| Everything you should know about Intel SGX performance on virtualized systems | SIGMETRICS'19 | link |
| ShieldStore: Shielded In-memory Key-value Storage with SGX | EuroSys'19 | link |
| Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware | ICLR'19 | link |
| OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX | NDSS‘19 | link |
| Trust more, serverless | SysTor'19 | link |
| Clemmys: Towards Secure Remote Execution in FaaS | SysTor'19 | link |
| Using Trusted Execution Environments for Secure Stream Processing of Medical Data | DAIS'19 | link |
| A Hybrid Approach to Secure Function Evaluation using SGX | AsiaCCS'19 | link |
| Secured Routines: Language-based Construction of Trusted Execution Environments | ATC'19 | link |
| NeXUS: Practical and Secure Access Control on Untrusted Storage Platforms using Client-Side SGX | DSN'19 | link |
| Forward and Backward Private Searchable Encryption with SGX | EuroSec'19 | link |
| TEE-Perf: A Profiler for Trusted Execution Environments | DSN'19 | link |
| SgxPectre Attacks: Stealing Intel Secrets from SGX Enclaves via Speculative Execution | EuroS&P'19 | link |
| Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves: Minimised TCB on secret-code execution with Early Private Mode (EPM) | EURASIP Journal on Information Security | link |
| BITE: Bitcoin Lightweight Client Privacy using Trusted Execution | SEC'19 | link |
| Towards Memory Safe Enclave Programming with Rust-SGX | CCS'19 | link |
| A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes | CCS'19 | link |
| OPERA: Open Remote Attestation for Intel’s Secure Enclaves | CCS'19 | link |
| LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed | CCS'19 | link |
| BLOXY: Providing Transparent and Generic BFT-Based Ordering Services for Blockchains | SRDS'19 | link |
| AccTEE: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting | Middleware'19 | link |
| EnclaveCache: A Secure and Scalable Key-value Cache in Multi-tenant Clouds using Intel SGX | Middleware'19 | link |
| PrivaTube: Privacy-Preserving Edge-Assisted Video Streaming | Middleware'19 | link |
| Teechain: a secure payment network with asynchronous blockchain access | SOSP'19 | link |
| Plundervolt: Software-based Fault Injection Attacks against Intel SGX | Oakland '20 | link |
| ObliDB: Oblivious Query Processing using Secure Enclaves | VLDB'19 | link |
| CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves | USENIX ATC'19 | link |
| Computation on Encrypted Data using Dataflow Authentication | PETS'20 | link |
| Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution | NDSS'20 | link |
| COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX | ASPLOS'20 | link |
| Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX | ASPLOS'20 | link |
| MPTEE: Bringing Flexible and Efficient Memory Protection to Intel SGX | EuroSys'20 | link |
| Autarky: Closing controlled channels with self-paging enclaves | EuroSys'20 | link |
| Trust management as a service: Enabling trusted execution in the face of Byzantine stakeholders | DSN'20 | link |
| SeGShare: Secure Group File Sharing in the Cloud using Enclaves | DSN'20 | link |
| Civet: An Efficient Java Partitioning Framework for Hardware Enclaves | SEC'20 | link |
| BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof | SEC'20 | link |
| TEEMon: A continuous performance monitoring framework for TEEs | Middleware'20 | link |
| secureTF: A Secure TensorFlow Framework | Middleware'20 | link |
| Vessels: Efficient and Scalable Deep Learning Prediction on Trusted Processors | SoCC'20 | link |
| PROXIMITEE: Hardened SGX Attestation and Trusted Path through Proximity Verification | CODASPY'20 | link |
| Towards Formalization of Enhanced Privacy ID (EPID)-based Remote Attestation in Intel SGX | DSD'20 | link |
| Formal Foundations for Intel SGX Data Center Attestation Primitives | ICFEM'20 | link |
| EnclavePDP: A General Framework to Verify Data Integrity in Cloud Using Intel SGX | RAID'20 | link |
| TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA | CCS'20 | link |
| Spons & Shields: Practical Isolation for Trusted Execution | VEE'21 | link |
| Aria: Tolerating Skewed Workloads in Secure In-memory Key-value Stores | ICDE'21 | link |
| TWINE: An Embedded Trusted Runtime for WebAssembly | ICDE'21 | link |
| CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs | NDSS'21 | link |
| VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface | USENIX Security'21 | link |
| SGXoMeter: Open and Modular Benchmarking for Intel SGX | EuroSec'21 | link |
| Building enclave-native storage engines for practical encrypted databases | VLDB'21 | link |
| MigSGX: A Migration Mechanism for Containers Including SGX Applications | UCC'21 | link |
| Accelerating Encrypted Deduplication via SGX | USENIX ATC'21 | link |
| SGX-Stream: A Secure Stream Analytics Framework In SGX-enabled Edge Cloud | JISA'23 | link |
| SGX Switchless Calls Made Configless | DSN'23 | TBA |
Do you use or are you familiar with Intel SGX? If yes, we’d appreciate you could fill in this anonymous survey, it takes less than 60 seconds https://forms.gle/HdHqXiBdRp98CU6y7
Unpublished, tech-reports, or open-access:
| Title | |
|---|---|
| Intel SGX Explained | link |
| A Blockchain Based on Gossip? – a Position Paper | link |
| Proof of Luck: an Efficient Blockchain Consensus Protocol | link |
| Malware Guard Extension: Using SGX to Conceal Cache Attacks | link |
| Blockchain and Trusted Computing: Problems, Pitfalls, and a Solution for Hyperledger Fabric | link |
| DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization | link |
| Practical Enclave Malware with Intel SGX | link |
| Secure Network Interface with SGX | link |
| TaLoS: Secure and Transparent TLS Termination inside SGX Enclaves | link |
| Practical Enclave Malware with Intel SGX | link |
| EncDBDB: Searchable Encrypted, Fast, Compressed, In-Memory Database using Enclaves | link |
| HardIDX: Practical and Secure Index with SGX | link |
| SGAxe: How SGX Fails in Practice | link |
| Secure Processors | Part 1, Part 2 |
| Edgar: Offloading Function Execution to the Ultimate Edge | link |