The paper proposes Fasco, a lightweight confidential container runtime utilizing ARM CCA to significantly reduce startup latency and resource overhead compared to existing microVM-based confidential c…

The paper introduces a novel toolkit to enhance RISC-V Trusted Execution Environments (TEEs) by adding modular extensions for secure enclave update, migration, state continuity, and trusted time, ther…

dstack-capsule is a Kubernetes platform that enables fine-grained, Pod-level remote attestation on Intel TDX, allowing multiple confidential workloads to share a single VM without sacrificing security…

KINGSGUARD is a novel hardware-enforced TEE design that systematically monitors and controls sensitive data flow within an enclave to prevent leakage, thereby enhancing practical data protection.

PS-UIE proposes a privilege-separated architecture to continuously enforce the integrity of file-backed user-space executable objects within Confidential Virtual Machines (CVMs) like AMD SEV-SNP.

The paper proposes an evidence-driven protocol combining Deterministic Build Systems and Trusted Execution Environments to provide cryptographically verifiable guarantees of software artifact integrit…

AgenTEE is a system that enables the secure, confidential execution of complex LLM agent pipelines directly on edge devices by using isolated confidential virtual machines.

C8s is a confidential computing architecture for Kubernetes that uses hardware Trusted Execution Environments (TEEs) to provide cryptographically provable confidentiality, integrity, and verifiability…

The paper introduces CCX, a framework that allows existing Intel SGX applications to run on Arm CCA hardware without requiring any source code modifications, thereby improving portability for confiden…

The paper introduces HPCCFA, a novel mechanism that leverages Hardware Performance Counters (HPCs) to provide hardware-backed Control Flow Attestation (CFA) on commodity CPUs, thereby enhancing the se…

The paper introduces a certified purity architecture that strengthens governance in cognitive workflow systems by replacing insufficient runtime checks with cryptographically attested structural guara…

This paper introduces a formal framework to rigorously verify the security guarantees (confidentiality, integrity, and availability) of AMD SEV confidential virtual machines.

This paper introduces a formal framework to rigorously verify the security guarantees (confidentiality, integrity, and availability) of AMD SEV confidential virtual machines.

The paper proposes an operation-centric, TEE-backed isolation model to constrain self-hosted computer-use agents, preventing malicious or unsafe host-level operations without sacrificing general funct…

The paper introduces Heimdall, an automated pipeline that uses LLMs and formal verification to safely and automatically migrate legacy, potentially buggy eBPF programs written in C to memory-safe Rust…

The paper proposes using Trusted-Execution Environments (TEEs) to create a scalable, privacy-preserving system where authors can submit cryptographic proofs of correct research replication, thereby ad…

TeeDAO introduces a novel three-layer framework that autonomously organizes and manages multiple heterogeneous Trusted Execution Environments (TEEs) to provide robust, distributed-trust systems with h…

The paper proposes extit{codename}, an architecture that enforces verifiable workflows across untrusted networks by combining hardware-isolated control and kernel-resident data planes, achieving low-…

Space Fabric introduces a novel satellite-based Trusted Execution Architecture (TEE) that establishes trust for orbital computing by generating cryptographic secrets and binding workload execution to…

Pomegranate is a novel framework that uses hardware-assisted virtualization and Extended Page Tables to securely compartmentalize existing operating systems with minimal source code modification, enab…