NEC orchestrating a brighter world
NEC Laboratories Europe


Pascal Zimmer, Sébastien Andreina, Giorgia Azzurra Marson, Ghassan Karame: “Closing the Gap: Achieving Better Accuracy-Robustness Tradeoffs Against Query-Based Attacks”, the 38th Annual AAAI Conference on Artificial Intelligence 2024

Paper Details


Although promising, existing defenses against query-based attacks share a common limitation: they offer increased robustness against attacks at the price of a considerable accuracy drop on clean samples. In this work, we show how to efficiently establish, at test-time, a solid tradeoff between robustness and accuracy when mitigating query-based attacks. Given that these attacks necessarily explore low-confidence regions, our insight is that activating dedicated defenses, such as RND (Qin et al., NeurIPS 2021) and Random Im- age Transformations (Xie et al., ICLR 2018), only for low-confidence inputs is sufficient to prevent them. Our approach is independent of training and supported by theory. We verify the effectiveness of our approach for various existing defenses by conducting extensive experiments on CIFAR-10, CIFAR-100, and ImageNet. Our results confirm that our proposal can indeed enhance these defenses by providing better tradeoffs between robustness and accuracy when compared to state-of-the-art approaches while being completely training-free.

Accepted at: The 38th Annual AAAI Conference on Artificial Intelligence 2024

In collaboration with: Ruhr-Universität Bochum, CASA – Cyber Security in the Age of Large-Scale Adversaries

Full paper download: Closing_the_Gap_Achieving_Better_Accuracy-Robustness_Tradeoffs_Against_Query-Based_Attacks_preprint.pdf

Samira Briongos, Ghassan Karame, Claudio Soriente, Annika Wilde: “No Forking Way: Detecting Cloning Attacks on Intel SGX Applications”, Annual Computer Security Applications Conference (ACSAC) 2023

Paper Details


Forking attacks against TEEs like Intel SGX can be carried out either by rolling back the application to a previous state, or by cloning the application and by partitioning its inputs across the cloned instances. Current solutions to forking attacks require Trusted Third Parties (TTP) that are hard to find in real-world deployments. In the absence of a TTP, many TEE applications rely on monotonic counters to mitigate forking attacks based on rollbacks; however, they have no protection mechanism against forking attack based on cloning. In this paper, we analyze 72 SGX applications and show that approximately 20% of those are vulnerable to forking attacks based on cloning—including those that rely on monotonic counters.

To address this problem, we present CloneBuster, the first practical clone-detection mechanism for Intel SGX that does not rely on a TTP and, as such, can be used directly to protect existing applications. CloneBuster allows enclaves to (self-) detect whether another enclave with the same binary is running on the same platform. To do so, CloneBuster relies on a cache-based covert channel for enclaves to signal their presence to (and detect the presence of) clones on the same machine. We show that CloneBuster is robust despite a malicious OS, only incurs a marginal impact on the application performance, and adds approximately 800 LoC to the TCB. When used in conjunction with monotonic counters, CloneBuster allows applications to benefit from a comprehensive protection against forking attacks.

Presented at: Annual Computer Security Applications Conference (ACSAC)

In collaboration with: Ruhr-Universität Bochum

Full paper download: No_Forking_Way_Detecting_Cloning_Attacks_on_Intel_SGX_Applications.pdf

 K. Sharad, G. Azzurra Marson, H. T. T. Truong, G. Karame, “On the Security of Randomized Defenses Against Adversarial Samples”, ACM AsiaCCS 2020

D. Perino, M. Varvello, C. Soriente. "Understanding Free Web Proxies: Performance, Behavior, and Usage", in ACM Transactions on the Web. September 2019

D. Basin, F. Klaedtke, E. Zalinescu:  “Runtime Verification over Out-oforder Streams”, accepted for publication in the ACM Transactions of Computational Logic.  August 2019

H. Truong, M. Almeida,G. Karame, C. Soriente,  "Towards Secure and Decentralized Sharing of IoT Data IEEE Blockchain 2019", Atlanta, USA

C. Iordanou, N. Kourtellis, J.M. Carrascosa, C. Soriente, R. Cuevas, N. Laoutaris: "Beyond content analysis: Detecting targeted ads via distributed counting", CoNEXT 2019

S. Matetic, K. Wuerst, M. Schneider, K. Kostianien, G. Karame, S. Capkun, “BITE: Bitcoin Lightweight Client Privacy using Trusted Execution”, In Proceedings of USENIX Security, 2019

C. Soriente, G. Karame, W. Li, S. Fedorov: ReplicaTEE: "Enabling Seamless Replication of SGX Enclaves in the Cloud", EuroS&P. March 2019

Paper Details

With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). The integration of SGX within the cloud considerably strengthens the threat model for cloud applications. However, cloud deployments depend on the ability of the cloud operator to add and remove application dynamically; this is no longer possible given the current model to deploy and provision enclaves that actively involves the application owner. In this paper, we propose ReplicaTEE, a solution that enables seamless commissioning and decommissioning of TEE-based applications in the cloud. ReplicaTEE leverages an SGX-based provisioning service that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the application owner. Namely, in ReplicaTEE, the application owner entrusts application secret to the provisioning service; the latter handles all enclave commissioning and decommissioning operations throughout the application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by ≈800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based applications.

M. I. González Vasco,  A. P. Del Pozo, C. Soriente, “A key for John Doe: modeling and designing Anonymous PasswordAuthenticated Key Exchange protocols”, IEEE IEEE Transactions on Dependable and Secure Computing. May 2019

D. Dobre, G. Karame, W. Li, M. Majunkte, N. Suri, M. Vukolic, “Proofs of Writing for Robust Storage”,  IEEE Transactions on Parallel and Distributed Systems. June 2019

Top of this page