The paper introduces a novel toolkit to enhance RISC-V Trusted Execution Environments (TEEs) by adding modular extensions for secure enclave update, migration, state continuity, and trusted time, ther…

The paper presents a highly optimized, low-stack implementation of the HAETAE signature scheme, reducing peak stack usage significantly to enable its use on severely memory-constrained microcontroller…

This paper introduces a formal framework to rigorously verify the security guarantees (confidentiality, integrity, and availability) of AMD SEV confidential virtual machines.

This paper introduces a formal framework to rigorously verify the security guarantees (confidentiality, integrity, and availability) of AMD SEV confidential virtual machines.

KINGSGUARD is a novel hardware-enforced TEE design that systematically monitors and controls sensitive data flow within an enclave to prevent leakage, thereby enhancing practical data protection.

The paper introduces HPCCFA, a novel mechanism that leverages Hardware Performance Counters (HPCs) to provide hardware-backed Control Flow Attestation (CFA) on commodity CPUs, thereby enhancing the se…

PS-UIE proposes a privilege-separated architecture to continuously enforce the integrity of file-backed user-space executable objects within Confidential Virtual Machines (CVMs) like AMD SEV-SNP.

LIPPEN introduces a novel hardware-software co-design that provides strong, zero-overhead pointer encryption for enhanced memory safety, achieving comprehensive pointer integrity and confidentiality.

The paper analyzes the bit-flip vulnerability of shared KV-cache blocks in LLM serving systems, demonstrating that these blocks are susceptible to silent, persistent, and selective data corruption.

This study demonstrates that the publicly distributed firmware of ASIC cryptocurrency miners constitutes a primary and sufficient attack surface, allowing attackers to reconstruct internal architectur…

The paper proposes HammerWatch, a novel remote attestation protocol that enables external verifiers to detect hardware-induced disturbances, specifically Rowhammer-like attacks, by analyzing memory-le…

C8s is a confidential computing architecture for Kubernetes that uses hardware Trusted Execution Environments (TEEs) to provide cryptographically provable confidentiality, integrity, and verifiability…

The paper proposes a hybrid ASIC+eFPGA architecture to enhance the security and resilience of edge LLM inference accelerators against both runtime and supply-chain attacks.

LiteAtt introduces a verifier-less, Peer-to-Peer Self-Attestation (P2P-SA) framework for modern IoT MCUs, enabling mutual authentication and firmware attestation directly within the connection handsha…

MemLineage introduces a novel, cryptographically-backed defense mechanism that enforces a chain-of-custody for LLM agent memory, preventing untrusted or poisoned state from justifying sensitive action…

The paper introduces EBCC, an OCI-compatible runtime architecture that manages composite confidential-computing workloads by integrating TEE-backed execution into the standard container lifecycle.

Space Fabric introduces a novel satellite-based Trusted Execution Architecture (TEE) that establishes trust for orbital computing by generating cryptographic secrets and binding workload execution to…

The paper proposes ZK-Flex, a flexible software-hardware co-designed framework that significantly accelerates Zero-Knowledge Proof (ZKP) generation by efficiently handling diverse polynomial and ellip…

The paper proposes ZK-Flex, a flexible software-hardware co-designed framework that significantly accelerates Zero-Knowledge Proof (ZKP) generation by efficiently handling diverse polynomial and ellip…

This paper investigates Confused Deputy Attacks (CDAs) on AI Accelerators (AIAs) and finds that CDA is feasible on most major vendor AIAs, impacting a vast number of devices.