research-article

Open access

Notary: a device for secure transaction approval

Authors:

M. Frans Kaashoek,

Nickolai ZeldovichAuthors Info & Claims

SOSP '19: Proceedings of the 27th ACM Symposium on Operating Systems Principles

Pages 97 - 113

https://doi.org/10.1145/3341301.3359661

Published: 27 October 2019 Publication History

Abstract

Notary is a new hardware and software architecture for running isolated approval agents in the form factor of a USB stick with a small display and buttons. Approval agents allow factoring out critical security decisions, such as getting the user's approval to sign a Bitcoin transaction or to delete a backup, to a secure environment. The key challenge addressed by Notary is to securely switch between agents on the same device. Prior systems either avoid the problem by building single-function devices like a USB U2F key, or they provide weak isolation that is susceptible to kernel bugs, side channels, or Rowhammer-like attacks. Notary achieves strong isolation using reset-based switching, along with the use of physically separate systems-on-a-chip for agent code and for the kernel, and a machine-checked proof of both the hardware's register-transfer-level design and software, showing that reset-based switching leaks no state. Notary also provides a trustworthy I/O path between the agent code and the user, which prevents an adversary from tampering with the user's screen or buttons.

We built a hardware/software prototype of Notary, using a combination of ARM and RISC-V processors. The prototype demonstrates that it is feasible to verify Notary's reset-based switching, and that Notary can support diverse agents, including cryptocurrencies and a transaction approval agent for traditional client-server applications such as websites. Measurements of reset-based switching show that it is fast enough for interactive use. We analyze security bugs in existing cryptocurrency hardware wallets, which aim to provide a similar form factor and feature set as Notary, and show that Notary's design avoids many bugs that affect them.

References

[1]

Electrum Bitcoin wallet. https://electrum.org/.

[2]

KeepKey. https://shapeshift.io/keepkey/.

[3]

Ledger hardware wallets. https://www.ledger.com/.

[4]

Trezor. https://trezor.io/.

[5]

Yubico. https://www.yubico.com/.

[6]

Rapport de certification ANSSI-CSPN-2019/03. https://www.ssi.gouv.ft/uploads/2019/02/anssi-cspn-2019_03fr.pdf, Feb. 2019.

[7]

Ledger documentation hub. https://buildmedia.readthedocs.org/media/pdf/ledger/latest/ledger.pdf, Feb. 2019.

[8]

Web authentication: An API for accessing public key credentials. https://www.w3.org/TR/webauthn/, Mar. 2019.

[9]

WebUSB API. https://wicg.github.io/webusb/, Apr. 2019.

[10]

M. Abadi, M. Burrows, C. Kaufman, and B. Lampson. Authentication and delegation with smart-cards. Science of Computer Programming, 21(2):93--113, 1993.

Digital Library

[11]

ABN AMRO. E.dentifier2. https://www.abnamro.nl/en/mobile/images/Generiek/PDFs/Overig/edentifier2_usermanual_english.pdf.

[12]

D. Agrawal, B. Archambeault, J. R. Rao, and P. Rohatgi. The EM side-channels). In Proceedings of the 2002 IACR Workshop on Cryptographic Hardware and Embedded Systems (CHES), Redwood City, CA, Aug. 2002.

[13]

Apple, Inc. iOS security. https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf, Nov. 2018.

[14]

A. Baumann, P. Barham, P.-E. Dagand, T. Harris, R. Isaacs, S. Peter, T. Roscoe, A. Schüpbach, and A. Singhania. The Multikernel: A new OS architecture for scalable multicore systems. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP), pages 29--44, Big Sky, MT, Oct. 2009.

Digital Library

[15]

A. Belay, G. Prekas, A. Klimovic, S. Grossman, C. Kozyrakis, and E. Bugnion. IX: A protected dataplane operating system for high throughput and low latency. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 49--65, Broomfield, CO, Oct. 2014.

[16]

T. Bourgeat, I. Lebedev, A. Wright, S. Zhang, Arvind, and S. Devadas. MI6: Secure enclaves in a speculative out-of-order processor. In Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), Columbus, OH, Oct. 2019.

Digital Library

[17]

E. Bugnion, S. Devine, and M. Rosenblum. DISCO: Running commodity operating systems on scalable multiprocessors. In Proceedings of the 16th ACM Symposium on Operating Systems Principles (SOSP), pages 143--156, Saint-Malo, France, Oct. 1997.

Digital Library

[18]

J. Carr. NamedManager. https://github.com/jethrocarr/namedmanager.

[19]

CipherTrace. Cryptocurrency anti-money laundering report. https://ciphertrace.com/wp-content/uploads/2018/10/crypto_aml_report_2018q3.pdf, Oct. 2018.

[20]

T. Claburn. Check your repos... crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week). https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/, Nov. 2018.

[21]

CoolStar. Electra. https://coolstar.org/electra/, Dec. 2018.

[22]

V. Costan and S. Devadas. Intel SGX explained. Report 2016/086, Cryptology ePrint Archive, Feb. 2016.

[23]

C. Cutler, M. F. Kaashoek, and R. T. Morris. The benefits and costs of writing a POSIX kernel in a high-level language. In Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 89--105, Carlsbad, CA, Oct. 2018.

[24]

E. Dauterman, H. Corrigan-Gibbs, D. Mazières, D. Boneh, and D. Rizzo. True2f: Backdoor-resistant authentication tokens. In Proceedings of the 40th IEEE Symposium on Security and Privacy, pages 743--761, San Francisco, CA, May 2019.

[25]

L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In Proceedings of the 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pages 337--340, Budapest, Hungary, Mar.-Apr. 2008.

[26]

A. Ferraiuolo, A. Baumann, C. Hawblitzel, and B. Parno. Komodo: Using verification to disentangle secure-enclave hardware from software. In Proceedings of the 26th ACM Symposium on Operating Systems Principles (SOSP), pages 287--305, Shanghai, China, Oct. 2017.

Digital Library

[27]

A. Ferraiuolo, R. Xu, D. Zhang, A. C. Myers, and G. E. Suh. Verification of a practical hardware security architecture through static information flow analysis. In Proceedings of the 22nd International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 555--568, Xi'an, China, Apr. 2017.

Digital Library

[28]

A. Ferraiuolo, M. Zhao, A. C. Myers, and G. E. Suh. HyperFlow: A processor architecture for nonmalleable, timing-safe information flow security. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, Oct. 2018.

Digital Library

[29]

M. Fleming. A thorough introduction to eBPF. https://lwn.net/Articles/740157/, Dec. 2017.

[30]

D. Genkin, A. Shamir, and E. Tromer. RSA key extraction via low-bandwidth acoustic cryptanalysis. In Proceedings of the 34th Annual International Cryptology Conference (CRYPTO), pages 444--461, Santa Barbara, CA, Aug. 2014.

[31]

R. Gu, J. Koenig, T. Ramananandro, Z. Shao, X. Wu, S.-C. Weng, H. Zhang, and Y. Guo. Deep specifications and certified abstraction layers. In Proceedings of the 42nd ACM Symposium on Principles of Programming Languages (POPL), pages 595--608, Mumbai, India, Jan. 2015.

Digital Library

[32]

R. Gu, Z. Shao, H. Chen, X. N. Wu, J. Kim, V. Sjöberg, and D. Costanzo. CertiKOS: An extensible architecture for building certified concurrent OS kernels. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 653--669, Savannah, GA, Nov. 2016.

Digital Library

[33]

C. Guillemet. Firmware 1.4: deep dive into three vulnerabilities which have been fixed. https://www.ledger.com/2018/03/20/firmware-1-4-deep-dive-security-fixes/, Mar. 2018.

[34]

A. Gundu, G. Sreekumar, A. Shafiee, S. H. Pugsley, H. Jain, R. Balasubramonian, and M. Tiwari. Memory bandwidth reservation in the cloud to avoid information leakage in the memory controller. In Proceedings of the 3rd Workshop on Hardware and Architectural Support for Security and Privacy (HASP), pages 11:1--11:5, Minneapolis, MN, June 2014.

Digital Library

[35]

C. Hawblitzel, J. Howell, J. R. Lorch, A. Narayan, B. Parno, D. Zhang, and B. Zill. Ironclad Apps: End-to-end security via automated full-system verification. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 165--181, Broomfield, CO, Oct. 2014.

Digital Library

[36]

G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, M. Norrish, R. Kolanski, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal verification of an OS kernel. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP), pages 207--220, Big Sky, MT, Oct. 2009.

Digital Library

[37]

G. Klein, J. Andronick, M. Fernandez, I. Kuz, T. Murray, and G. Heiser. Formally verified software in the real world. Communications of the ACM, 61(10):68--77, Oct. 2018.

Digital Library

[38]

P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom. Spectre attacks: Exploiting speculative execution. In Proceedings of the 40th IEEE Symposium on Security and Privacy, pages 19--37, San Francisco, CA, May 2019.

[39]

A. Levy, B. Campbell, B. Ghena, D. B. Giffin, P. Pannuto, P. Dutta, and P. Levis. Multiprogramming a 64kB computer safely and efficiently. In Proceedings of the 26th ACM Symposium on Operating Systems Principles (SOSP), pages 234--251, Shanghai, China, Oct. 2017.

Digital Library

[40]

M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg. Meltdown: Reading kernel memory from user space. In Proceedings of the 27th USENIX Security Symposium, pages 973--990, Baltimore, MD, Aug. 2018.

[41]

F. Liu, Q. Ge, Y. Yarom, F. McKeen, C. V. Rozas, G. Heiser, and R. B. Lee. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In Proceedings of the 22nd IEEE International Symposium On High Performance Computer Architecture (HPCA), pages 406--418, Barcelona, Spain, Mar. 2016.

[42]

J. Liu, W. Hallahan, C. Schlesinger, M. Sharif, J. Lee, R. Soulé, H. Wang, C. Caşcaval, N. McKeown, and N. Foster. p4v: Practical verification for programmable data planes. In Proceedings of the 2018 ACM SIGCOMM Conference, Budapest, Hungary, Aug. 2018.

Digital Library

[43]

L. Martignoni, P. Poosankam, M. Zaharia, J. Han, S. McCamant, D. Song, V. Paxson, A. Perrig, S. Shenker, and I. Stoica. Cloud terminal: Secure access to sensitive applications from untrusted systems. In Proceedings of the 2012 USENIX Annual Technical Conference, Boston, MA, June 2012.

[44]

R. Mayer-Sommer. Smartly analyzing the simplicity and the power of simple power analysis on smartcards. In Proceedings of the 2000 IACR Workshop on Cryptographic Hardware and Embedded Systems (CHES), pages 78--92, Worcester, MA, Aug. 2000.

[45]

J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the 3rd ACM EuroSys Conference, pages 315--328, Glasgow, Scotland, Apr. 2008.

Digital Library

[46]

R. B. Miller. Response time in man-computer conversational transactions. In Proceedings of the AFIPS 1968 Fall Joint Computer Conference, pages 267--277, San Francisco, CA, Dec. 1968.

Digital Library

[47]

L. Nelson, H. Sigurbjarnarson, K. Zhang, D. Johnson, J. Bornholt, E. Torlak, and X. Wang. Hyperkernel: Push-button verification of an OS kernel. In Proceedings of the 26th ACM Symposium on Operating Systems Principles (SOSP), pages 252--269, Shanghai, China, Oct. 2017.

Digital Library

[48]

O. Oleksenko, B. Trach, R. Krahn, M. Silberstein, and C. Fetzer. Varys: Protecting SGX enclaves from practical side-channel attacks. In Proceedings of the 2018 USENIX Annual Technical Conference, pages 227--240, Boston, MA, July 2018.

[49]

Pangu Team. Pangu jailbreak. http://en.pangu.io/, July 2016.

[50]

S. Peter, J. Li, I. Zhang, D. R. K. Ports, D. Woos, A. Krishnamurthy, T. Anderson, and T. Roscoe. Arrakis: The operating system is the control plane. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 1--16, Broomfield, CO, Oct. 2014.

[51]

A. Rahmati, M. Salajegheh, D. E. Holcomb, J. Sorber, W. P. Burleson, and K. Fu. TARDIS: Time and remanence decay in SRAM to implement secure protocols on embedded devices without clocks. In Proceedings of the 21st USENIX Security Symposium, pages 221--236, Bellevue, WA, Aug. 2012.

[52]

Riscure Team. Hacking the ultra-secure hardware cryptowal-let. https://www.riscure.com/blog/hacking-ultra-secure-hardware-cryptowallet/, Aug. 2018.

[53]

RSA Security. RSA SecurID hardware tokens. https://www.rsa.com/content/dam/en/data-sheet/rsa-securid-hardware-tokens.pdf, Oct. 2015.

[54]

J. Rutkowska and R. Wojtczuk. Qubes OS architecture. https://www.qubes-os.org/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf, Jan. 2010.

[55]

J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278--1308, Sept. 1975.

[56]

SatoshiLabs. Details about the security updates in Trezor One firmware 1.6.2. https://blog.trezor.io/details-about-the-security-updates-in-trezor-one-firmware-1-6-2-a3b25b668e98, June 2018.

[57]

SatoshiLabs. Trezor one: Firmware update 1.6.3. https://blog.trezor.io/trezor-one-firmware-update-1-6-3-73894c0506d, Aug. 2018.

[58]

SatoshiLabs. Details about the security updates in Trezor One firmware 1.7.2. https://blog.trezor.io/details-about-the-security-updates-in-trezor-one-firmware-1-7-2-3c97adbf121e, Dec. 2018.

[59]

M. Seaborn and T. Dullien. Exploiting the DRAM rowhammer bug to gain kernel privileges. https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html, Mar. 2015.

[60]

H. Sigurbjarnarson, L. Nelson, B. Castro-Karney, J. Bornholt, E. Torlak, and X. Wang. Nickel: A framework for design and verification of information flow control systems. In Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 287--306, Carlsbad, CA, Oct. 2018.

[61]

L. Soares and M. Stumm. FlexSC: Flexible system call scheduling with exception-less system calls. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Vancouver, Canada, Oct. 2010.

Digital Library

[62]

S. Srinivas, D. Balfanz, E. Tiffany, and A. Czeskis. Universal 2nd Factor (U2F) overview. https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915Zfido-u2f-overview-v1.1-id-20160915.pdf, Sept. 2016.

[63]

Y. Tang, P. Ames, S. Bhamidipati, A. Bijlani, R. Geambasu, and N. Sarda. CleanOS: Limiting mobile data exposure with idle eviction. In Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 77--91, Hollywood, CA, Oct. 2012.

[64]

A. Thomas and J. Segura. Electrum Bitcoin wallets under siege. https://blog.malwarebytes.com/cybercrime/2019/04/electrum-bitcoin-wallets-under-siege/, Apr. 2019.

[65]

E. Torlak and R. Bodik. A lightweight symbolic virtual machine for solver-aided host languages. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 530--541, Edinburgh, United Kingdom, June 2014.

Digital Library

[66]

Trusted Computing Group. Trusted Platform Module. https://www.trustedcomputinggroup.org/groups/tpm/.

[67]

V. Varadarajan, T. Ristenpart, and M. M. Swift. Scheduler-based defenses against cross-VM side-channels. In Proceedings of the 23rd USENIX Security Symposium, pages 687--702, San Diego, CA, Aug. 2014.

[68]

A. Vasudevan, B. Parno, N. Qu, V. D. Gligor, and A. Perrig. Lockdown: Towards a safe and practical architecture for security applications on commodity platforms. In Proceedings of the 5th International Conference on Trust and Trustworthy Computing (TRUST), pages 34--54, Vienna, Austria, June 2012.

Digital Library

[69]

Y. Wang and G. E. Suh. Efficient timing channel protection for on-chip networks. In Proceedings of the 6th IEEE/ACM International Symposium on Networks-on-Chip (NoCS), pages 142--151, Copenhagen, Denmark, May 2012.

Digital Library

[70]

A. Waterman and K. Asanovic. The RISC-V instruction set manual, volume II: Privileged architecture. https://riscv.org/specifications/privileged-isa/, June 2019.

[71]

D. Wentzlaff, C. J. Jackson, P. Griffin, and A. Agarwal. Configurable fine-grain protection for multicore processor virtualization. In Proceedings of the 39th Annual International Symposium on Computer Architecture (ISCA), pages 464--475, Portland, OR, June 2012.

Digital Library

[72]

C. Wolf. PicoRV32 - a size-optimized RISC-V CPU. https://github.com/cliffordwolf/picorv32, 2019.

[73]

C. Wolf. Yosys Open SYnthesis Suite. http://www.clifford.at/yosys/, 2019.

[74]

B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native Client: A sandbox for portable, untrusted x86 native code. In Proceedings of the 30th IEEE Symposium on Security and Privacy, Oakland, CA, May 2009.

Digital Library

[75]

Y. Zhang and M. K. Reiter. Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), pages 827--838, Berlin, Germany, Nov. 2013.

Digital Library

[76]

Y. Zhou and D. Feng. Side-channel attacks: Ten years after its publication and the impacts on cryptographic module security testing. Cryptology ePrint Archive, Report 2005/388, Oct. 2005.

[77]

Z. Zhou, V. D. Gligor, J. Newsome, and J. M. McCune. Building verifiable trusted path on commodity x86 computers. In Proceedings of the 23rd IEEE Symposium on Security and Privacy, pages 616--630, Oakland, CA, May 2002.

[78]

Z. Zhou, M. Yu, and V. D. Gligor. Dancing with giants: Wimpy kernels for on-demand isolated I/O. In Proceedings of the 25th IEEE Symposium on Security and Privacy, pages 308--323, Oakland, CA, May 2004.

Cited By

Erbsen APhilipoom JJamner DLin AGruetter SPit-Claudel CChlipala A(2024)Foundational Integration Verification of a Cryptographic ServerProceedings of the ACM on Programming Languages10.1145/36564468:PLDI(1704-1729)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656446
Jayasena AMishra P(2024)HIVE: Scalable Hardware-Firmware Co-Verification Using Scenario-Based Decomposition and Automated Hint ExtractionIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.338396143:10(3278-3291)Online publication date: Oct-2024
https://doi.org/10.1109/TCAD.2024.3383961
Athalye AKaashoek FZeldovich NTassarotti J(2023)The K2 Architecture for Trustworthy Hardware Security ModulesProceedings of the 1st Workshop on Kernel Isolation, Safety and Verification10.1145/3625275.3625402(26-32)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3625275.3625402
Show More Cited By

Index Terms

Notary: a device for secure transaction approval
1. Security and privacy

Recommendations

A Notary Extension for the Online Certificate Status Protocol
SOCIALCOM '13: Proceedings of the 2013 International Conference on Social Computing

X.509 certificates are data structures that bind public key values to subjects. This binding aids in the proper identification and authentication of communicating parties. The current X.509 certificate status validation method is imperfect, and under ...
Towards efficient certificate status validations with E-ADOPT in mobile ad hoc networks

Each public key infrastructure needs an efficient certificate status validation method to exclude the revoked certificates from network. In this paper, we present a novel certificate validation scheme called E-ADOPT or Enhanced-ADOPT which utilizes a ...
Verified Secure Implementations for the HTTPS Ecosystem: Invited Talk
PLAS '16: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security

The HTTPS ecosystem, including the SSL/TLS protocol, the X.509 public-key infrastructure, and their cryptographic libraries, is the standardized foundation of Internet Security. Despite 20 years of progress and extensions, however, its practical ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SOSP '19: Proceedings of the 27th ACM Symposium on Operating Systems Principles

October 2019

615 pages

ISBN:9781450368735

DOI:10.1145/3341301

General Chairs:
Tim Brecht
University of Waterloo
,
Carey Williamson
University of Calgary

Copyright © 2019 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

In-Cooperation

USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

SOSP '19

Sponsor:

SIGOPS

SOSP '19: ACM SIGOPS 27th Symposium on Operating Systems Principles

October 27 - 30, 2019

Ontario, Huntsville, Canada

Acceptance Rates

Overall Acceptance Rate 131 of 716 submissions, 18%

Upcoming Conference

SOSP '24

Sponsor:
sigops

ACM SIGOPS 30th Symposium on Operating Systems Principles

November 4 - 6, 2024

Austin , TX , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
1,778
Total Downloads

Downloads (Last 12 months)279
Downloads (Last 6 weeks)28

Reflects downloads up to 14 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Erbsen APhilipoom JJamner DLin AGruetter SPit-Claudel CChlipala A(2024)Foundational Integration Verification of a Cryptographic ServerProceedings of the ACM on Programming Languages10.1145/36564468:PLDI(1704-1729)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656446
Jayasena AMishra P(2024)HIVE: Scalable Hardware-Firmware Co-Verification Using Scenario-Based Decomposition and Automated Hint ExtractionIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.338396143:10(3278-3291)Online publication date: Oct-2024
https://doi.org/10.1109/TCAD.2024.3383961
Athalye AKaashoek FZeldovich NTassarotti J(2023)The K2 Architecture for Trustworthy Hardware Security ModulesProceedings of the 1st Workshop on Kernel Isolation, Safety and Verification10.1145/3625275.3625402(26-32)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3625275.3625402
Brun MAchermann RChajed THowell JZellweger GLattuada ABaumann ACrooks NSchwarzkopf M(2023)Beyond isolation: OS verification as a foundation for correct applicationsProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595899(158-165)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595899
Yao ZSeyed Talebi SChen MAmiri Sani AAnderson THui PAmiri Sani ANurmi PLiu Y(2023)Minimizing a Smartphone's TCB for Security-Critical Programs with Exclusively-Used, Physically-Isolated, Statically-Partitioned HardwareProceedings of the 21st Annual International Conference on Mobile Systems, Applications and Services10.1145/3581791.3596864(233-246)Online publication date: 18-Jun-2023
https://dl.acm.org/doi/10.1145/3581791.3596864
Kulik TDongol BLarsen PMacedo HSchneider STran-Jørgensen PWoodcock J(2022)A Survey of Practical Formal Methods for SecurityFormal Aspects of Computing10.1145/352258234:1(1-39)Online publication date: 5-Jul-2022
https://dl.acm.org/doi/10.1145/3522582
Ayers HDutta PLevis PLevy APannuto PVan Why JWatson JLindorfer MPolakis J(2022)Tiered trust for useful embedded systems securityProceedings of the 15th European Workshop on Systems Security10.1145/3517208.3523752(15-21)Online publication date: 5-Apr-2022
https://dl.acm.org/doi/10.1145/3517208.3523752
De Oliveira Nunes IHwang SJakkamsetti STsudik G(2022)Privacy-from-Birth: Protecting Sensed Data from Malicious Sensors with VERSA2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833737(2413-2429)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833737
Agca MFaye SKhadraoui D(2022)A Survey on Trusted Distributed Artificial IntelligenceIEEE Access10.1109/ACCESS.2022.317638510(55308-55337)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3176385
Li DJiang CLiu YTang LYan L(2021)A Survey on Security and Performance Optimization of BlockchainCommunications and Networking10.1007/978-3-030-67720-6_7(101-111)Online publication date: 2-Feb-2021
https://doi.org/10.1007/978-3-030-67720-6_7

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents