NEC orchestrating a brighter world
NEC Laboratories Europe

Security
Publications

 K. Sharad, G. Azzurra Marson, H. T. T. Truong, G. Karame, “On the Security of Randomized Defenses Against Adversarial Samples”, ACM AsiaCCS 2020

D. Perino, M. Varvello, C. Soriente. "Understanding Free Web Proxies: Performance, Behavior, and Usage", in ACM Transactions on the Web. September 2019

D. Basin, F. Klaedtke, E. Zalinescu:  “Runtime Verification over Out-oforder Streams”, accepted for publication in the ACM Transactions of Computational Logic.  August 2019

H. Truong, M. Almeida,G. Karame, C. Soriente,  "Towards Secure and Decentralized Sharing of IoT Data IEEE Blockchain 2019", Atlanta, USA

C. Iordanou, N. Kourtellis, J.M. Carrascosa, C. Soriente, R. Cuevas, N. Laoutaris: "Beyond content analysis: Detecting targeted ads via distributed counting", CoNEXT 2019

S. Matetic, K. Wuerst, M. Schneider, K. Kostianien, G. Karame, S. Capkun, “BITE: Bitcoin Lightweight Client Privacy using Trusted Execution”, In Proceedings of USENIX Security, 2019

C. Soriente, G. Karame, W. Li, S. Fedorov: ReplicaTEE: "Enabling Seamless Replication of SGX Enclaves in the Cloud", EuroS&P. March 2019

Paper Details

With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). The integration of SGX within the cloud considerably strengthens the threat model for cloud applications. However, cloud deployments depend on the ability of the cloud operator to add and remove application dynamically; this is no longer possible given the current model to deploy and provision enclaves that actively involves the application owner. In this paper, we propose ReplicaTEE, a solution that enables seamless commissioning and decommissioning of TEE-based applications in the cloud. ReplicaTEE leverages an SGX-based provisioning service that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the application owner. Namely, in ReplicaTEE, the application owner entrusts application secret to the provisioning service; the latter handles all enclave commissioning and decommissioning operations throughout the application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by ≈800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based applications.

M. I. González Vasco,  A. P. Del Pozo, C. Soriente, “A key for John Doe: modeling and designing Anonymous PasswordAuthenticated Key Exchange protocols”, IEEE IEEE Transactions on Dependable and Secure Computing. May 2019

D. Dobre, G. Karame, W. Li, M. Majunkte, N. Suri, M. Vukolic, “Proofs of Writing for Robust Storage”,  IEEE Transactions on Parallel and Distributed Systems. June 2019

Top of this page