The paper introduces a novel toolkit to enhance RISC-V Trusted Execution Environments (TEEs) by adding modular extensions for secure enclave update, migration, state continuity, and trusted time, ther…

The paper proposes a novel hardware extension that enables deterministic, kernel-bypass switching to user-level protection domains upon interrupt arrival, significantly reducing worst-case latency for…

KINGSGUARD is a novel hardware-enforced TEE design that systematically monitors and controls sensitive data flow within an enclave to prevent leakage, thereby enhancing practical data protection.

LiteAtt introduces a verifier-less, Peer-to-Peer Self-Attestation (P2P-SA) framework for modern IoT MCUs, enabling mutual authentication and firmware attestation directly within the connection handsha…

The paper introduces EBCC, an OCI-compatible runtime architecture that manages composite confidential-computing workloads by integrating TEE-backed execution into the standard container lifecycle.

Space Fabric introduces a novel satellite-based Trusted Execution Architecture (TEE) that establishes trust for orbital computing by generating cryptographic secrets and binding workload execution to…

TeeDAO introduces a novel three-layer framework that autonomously organizes and manages multiple heterogeneous Trusted Execution Environments (TEEs) to provide robust, distributed-trust systems with h…

The paper introduces HPCCFA, a novel mechanism that leverages Hardware Performance Counters (HPCs) to provide hardware-backed Control Flow Attestation (CFA) on commodity CPUs, thereby enhancing the se…

PoisonCap introduces a new 'poison' capability format for CHERI systems to provide efficient, strict use-after-free and initialization safety, surpassing existing temporal safety solutions.

The paper proposes HammerWatch, a novel remote attestation protocol that enables external verifiers to detect hardware-induced disturbances, specifically Rowhammer-like attacks, by analyzing memory-le…

The paper proposes using Trusted-Execution Environments (TEEs) to create a scalable, privacy-preserving system where authors can submit cryptographic proofs of correct research replication, thereby ad…

The paper introduces Platum, a novel framework that synthesizes verified, low-latency runtime monitors for MAVLink protocols, enabling robust enforcement of contextual message validity on resource-con…

The paper proposes an operation-centric, TEE-backed isolation model to constrain self-hosted computer-use agents, preventing malicious or unsafe host-level operations without sacrificing general funct…

This survey analyzes the unique security threats posed by complex, multi-agent AI systems and proposes Confidential Computing (CC) using Trusted Execution Environments (TEEs) as a hardware-rooted defe…

This paper introduces a formal framework to rigorously verify the security guarantees (confidentiality, integrity, and availability) of AMD SEV confidential virtual machines.

This paper introduces a formal framework to rigorously verify the security guarantees (confidentiality, integrity, and availability) of AMD SEV confidential virtual machines.

This paper analyzes the impact of Tock's secure technical design, built using Rust and hardware protection, on its successful transition from academic research to a widely adopted, production-grade op…

The paper proposes an evidence-driven protocol combining Deterministic Build Systems and Trusted Execution Environments to provide cryptographically verifiable guarantees of software artifact integrit…

The paper proposes the concept of an Agent Operating System (AOS) to provide a necessary systems foundation for managing the unique, non-deterministic, and goal-directed execution characteristics of m…

The paper proposes the concept of an Agent Operating System (AOS) to provide a rigorous, controllable, and accountable systems foundation for running complex, probabilistic, and goal-directed AI agent…