The paper introduces a novel toolkit to enhance RISC-V Trusted Execution Environments (TEEs) by adding modular extensions for secure enclave update, migration, state continuity, and trusted time, ther…

The paper introduces HPCCFA, a novel mechanism that leverages Hardware Performance Counters (HPCs) to provide hardware-backed Control Flow Attestation (CFA) on commodity CPUs, thereby enhancing the se…

This paper introduces a formal framework to rigorously verify the security guarantees (confidentiality, integrity, and availability) of AMD SEV confidential virtual machines.

This paper introduces a formal framework to rigorously verify the security guarantees (confidentiality, integrity, and availability) of AMD SEV confidential virtual machines.

TeeDAO introduces a novel three-layer framework that autonomously organizes and manages multiple heterogeneous Trusted Execution Environments (TEEs) to provide robust, distributed-trust systems with h…

The paper introduces EBCC, an OCI-compatible runtime architecture that manages composite confidential-computing workloads by integrating TEE-backed execution into the standard container lifecycle.

The paper introduces SymTEE, an LLM-assisted symbolic execution framework that detects missing input validation vulnerabilities in TEE applications without needing complex, real TEE setups.

Styx is a novel framework that enhances data privacy and security in collaborative data processing, such as joint AI training, by integrating sticky policies with Trusted Execution Environments (TEEs)…

WATSON is a novel, efficient shadow stack protection mechanism for embedded systems that utilizes standard hardware data watchpoints to mitigate control-flow hijacking vulnerabilities without relying…

HammerSim is a new gem5-based framework that provides full-system visibility to model the RowHammer vulnerability, allowing researchers to study complex OS effects and hardware/software mitigations.

HammerSim is a novel gem5-based framework that provides full-system visibility to model the RowHammer vulnerability, allowing researchers to evaluate complex hardware and software mitigations.

The paper introduces PVAC, a novel victim-based row counting mechanism that accurately tracks RowHammer attacks by incrementing counters on the victim row, thereby improving hammering tolerance and pe…

This paper presents SCP, a cache partitioning design that combines strict eviction isolation with write-shared coherence to mitigate eviction-based cache side channels.

The paper introduces BLADEI, a hardware-accelerated framework that screens FPGA configuration bitstreams for anomalies in real-time, overcoming the latency bottleneck of traditional software-based det…

The paper presents a highly optimized, low-stack implementation of the HAETAE signature scheme, reducing peak stack usage significantly to enable its use on severely memory-constrained microcontroller…

The paper introduces TEERepair, a framework that automatically repairs severe security vulnerabilities caused by improper partitioning in Trusted Execution Environments (TEEs) by combining a domain-sp…

The paper proposes a Secure-driven time synchronization mechanism to resolve the conflict between RTOS timekeeping (which requires periodic interrupts) and the atomicity requirements of trusted comput…

This paper provides the first comprehensive review of threats and defenses specifically targeting on-device AI inference, revealing a significant imbalance where certain attack types, like adversarial…

Space Fabric introduces a novel satellite-based Trusted Execution Architecture (TEE) that establishes trust for orbital computing by generating cryptographic secrets and binding workload execution to…

enclawed is a configurable, hard-fork hardening framework for AI assistant gateways that enforces strict security controls, verifiable trust, and auditable connectivity for regulated environments.