The field relates generally to information processing systems, and more particularly to trusted execution environments implemented in such information processing systems.
Trusted execution platforms are becoming widely used for various application program execution scenarios including, but not limited to, artificial intelligence (AI) applications. One example of a trusted execution platform is the Software Guard Extension (SGX) Trusted Execution Environment (TEE) hardware platform available from Intel Corporation, which can be used by applications to populate protected user code and data inside trusted environments. Once activated, the trusted hardware platform protects enclave code and data from outside access and modification. TEE has become one of the most popular solutions for a trusted execution platform with remote attestation, provisioning and sealing services to assure customers that their computing is executed in a trusted platform and their software has not been tampered with, nor has any sensitive information been leaked.
With the advent of cloud computing, attempts have been made to integrate TEE into the Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) computing paradigms in some commercial pubic cloud confidential computing environments, e.g., Google Cloud and Microsoft Azure, to provide an out-sourced computing environment that the customer can trust.
Illustrative embodiments integrate a trusted execution platform with a function-based service framework.
For example, a method obtains an application program comprising a first set of one or more functions for execution within a secure execution area of a function-based service framework and a second set of one or more functions for execution within a non-secure execution area of the function-based service framework.
In some embodiments, a client attests an attestation delegator and the attestation delegator attests one or more secure containers prior to receipt of a function execution request to execute a function in the function-based service framework. A key pair is generated for each attested secure container and used during the execution process.
These and other features and advantages of embodiments described herein will become more apparent from the accompanying drawings and the following detailed description.
Illustrative embodiments will now be described herein in detail with reference to the accompanying drawings. Although the drawings and accompanying descriptions illustrate some embodiments, it is to be appreciated that alternative embodiments are not to be construed as limited by the embodiments illustrated herein. Furthermore, as used herein, the term “includes” and its variants are to be read as open-ended terms that mean “includes, but is not limited to.” The term “based on” is to be read as “based at least in part on.” The term “an embodiment” and “the embodiment” are to be read as “at least one example embodiment.” Other definitions, either explicit or implicit, may be included below.
As mentioned above in the background section, Intel SGX TEE has been integrated into the IaaS and PaaS computing paradigms in some commercial pubic cloud confidential computing environments. However, it is realized herein that integrating TEE, or any other trusted execution platform, into the Function-as-a-Service (FaaS) computing paradigm is challenging as FaaS is an ephemeral and elastic computing paradigm, very different from IaaS and PaaS. Illustrative embodiments provide solutions to the challenges of integrating trusted execution platforms into FaaS frameworks.
Turning now to the TEE solution, details of an existing framework will be explained prior to describing some drawbacks. Illustrative embodiments are directed to integration of a TEE-based solution into a FaaS framework. However, it is to be appreciated that illustrative embodiments are not limited to implementation with the SGX TEE platform but rather are more generally applicable to other trusted execution platforms and cloud computing paradigms.
The SGX platform has hardware-assisted functionality to provide a trusted execution environment used by applications to populate protected user code and data inside “enclaves” or trusted execution areas. Once activated, the trusted hardware platform protects enclave code and data from outside access and modification. More particularly, an enclave is used to protect code and/or data from access and modification by other parties, for example, the operating system/hypervisor itself or other applications.
Furthermore, the SGX platform utilizes an attestation service that authenticates software provided by the customer to be loaded into the enclave. The attestation service attempts to ensure that the lower layer hardware platform can be trusted, for example, that the central processing unit (CPU) is a genuine product manufactured by a given vendor and that the firmware and microcode is secure without being tampered with by a malicious third-party. Further, the attestation service attempts to ensure application software (code/data) can be trusted, i.e., that code/data of the software has not been tampered with or modified by other malicious parties. Still further, the attestation service attempts to ensure that the software installation process can be trusted, i.e., the software is installed onto the platform exactly as defined without being changed or tampered with by other malicious parties. When these three aspects can be trusted, the customer will be assured that their applications are secure and cannot be exploited.
Still further, the SGX platform utilizes a provisioning service to provide confidentiality to the software by provisioning secrets and sensitive data to the enclave during runtime. After the software is attested (authenticated) by the customer, the customer can be assured that everything about the application, hardware and software, is secured, and they can then provision their secrets and sensitive data to the application running inside the enclave. Other services such as sealing, migration, and revocation construct a closed loop to consolidate the security of the application running inside the enclave.
FaaS is a type of cloud-computing service that allows clients to execute code in response to events without the complex infrastructure typically associated with building and launching microservices applications.
It is realized herein that there are two different solutions to cooperate containers and TEEs: (i) place a TEE enclave inside a container; and (ii) place the entire container inside a TEE enclave.
Microsoft Azure Cloud provides a confidential computing environment that provides the Intel SGX TEE service integrated into the VM or container. The Microsoft solution for a container is to import the SGX TEE hardware into the container so the application inside the container can create its enclave with the open-source toolkit Open Enclave (software development kit or SDK) which originates from Microsoft. However, the Microsoft solution merely provides an SGX-aware container and an SDK, and not a complete solution.
Other open-source projects, for example, SCONE, provide solutions that place the entire container and its runtime support inside the TEE enclave.
Other commercial solutions to integrate the TEE into a container are available including Anjuna and Fortanix which provide a graphical user interface (GUI) and toolkit to help clients migrate their applications into the enclave, plus other security services such as key/certificate management.
These existing solutions that attempt to integrate TEE and containers have many drawbacks. For example, the Microsoft TEE-enabled containerization solution of importing the TEE capability into the container is a very primitive one since it merely imports the SGX hardware device into the container so that the applications running inside the container can be aware of the SGX and then the applications can leverage traditional enclave programming technology to protect their secrets and sensitive data. The customers must develop their applications from scratch and such containers cannot easily be integrated into FaaS.
The existing solutions from SCONE, Anjuna and Fortanix of placing the container inside the TEE enclave are for long-lived containers, for example, containers used for a program developing environment, daily build, CD/CI systems, etc., but not for the ephemeral and elastic computing paradigm of FaaS (the function inside FaaS normally lasts a very short time and the container can be transparently scaled or migrated by the container orchestrator, for example, Kubernetes).
Furthermore, it is realized herein that a solution that places the application, the container image, the container filesystem, and the runtime support into the enclave has the following problems:
(i) One of the most important principles of the Intel SGX is to put as few functions as possible into the enclave and leave most of the application outside the enclave to minimize the attacking surface. SGX will forbid most of the C library function calls to guarantee the enclave security in its SDK. These solutions introduce many things into the enclave and enable these functions inside the enclave to increase the Trusted Computing Base (TCB) of the enclave, and may introduce vulnerabilities into the enclave.
(ii) The computing resources of the TEE are very limited and therefore must be allocated carefully. Placing everything inside the enclave wastes the computing resources for other applications and costs clients significantly more. For example, a typical 4 VCPU VM with TEE in Microsoft Azure Cloud costs, per month, almost seven times more than a normal one.
(iii) Running the same function inside the enclave is much slower than running it outside the enclave. For example, it is realized herein that executing a typical HelloWorld program inside the enclave takes about 30 seconds. Placing everything inside the enclave penalizes the application performance greatly.
Still further, it is realized that the current FaaS infrastructure may leak sensitive information of clients.
Yet further, it is realized herein that simply placing the current containerization of the TEE into FaaS may result in too many attestations during scaling and will result in cold start and long latency. That is, if there are many requests to the same function simultaneously from the clients, the FaaS infrastructure spawns the function workers by creating many new container instances for transparent scalability. Before executing the function inside the container in the enclave, each enclave should be remote-attested by the clients or the function provider to make sure each container has been installed and will function appropriately. However, such a solution results in the following problems:
It is also realized that current SGX TEE implementations do not adequately support FaaS function attestation. That is, during SGX runtime measuring the enclave, only a few bytes at the beginning of the memory page are measured. If a FaaS function is not included in this measure, the client/function provider cannot make sure the function to be invoked is the correct function they provided. The attackers may replace the correct function with their own to steal sensitive information from the clients, to give the wrong output back to the client.
In the Microsoft Open Enclave SDK implementation, an enhanced feature is provided to enable all contents in the memory pages to be measured to support the FaaS function attestation. However, this solution has the following problems:
Illustrative embodiments overcome the above and other drawbacks by integrating a trusted execution platform (e.g., SGX TEE) into a function-based service framework (e.g., FaaS framework) as will be explained in further detail below in the context of
In order to effectively configure a trusted execution platform to protect functions in an FaaS framework, the nature of an attack model against an FaaS function should be understood. For example, attack vectors of a FaaS function may be described as follows:
As shown, workflow 600 involves a function provider 602, a client 604, an attestation delegator 606, a secure FaaS worker node 608, FaaS infrastructure and container cluster orchestrator (collectively) 610, and a non-secure FaaS worker node 612.
In accordance with illustrative embodiments, the functions that comprise a given application program are split into trusted and untrusted parts. It is realized to put the entire application and all its functions into an enclave and then try to harden the security boundary is not practical and bad practice as unnecessary codebase inside the enclave attempting to communicate to the outside world will expose the inside vulnerabilities to the attacker to be exploited. Rather, illustrative embodiments distinguish functions of the application into a trusted part (e.g., security-sensitive data/logic) and an untrusted part (e.g., security insensitive data/logic). The functions in the trusted part are executed by the secure FaaS worker node 608, while the functions in the untrusted part are executed in the non-secure FaaS worker node 612. Steps 1-5 of workflow 600 will be explained below in the context of these architecture components. For the functions in the untrusted part, step 5 executes these functions as per the existing FaaS framework and will thus not be described in any further detail.
Normally, clients are not willing to refactor their legacy applications due to the huge coding effort and the risk of introducing new bugs. However, splitting an application into a trusted part and an untrusted part according to illustrative embodiments is reasonable because if the clients need to migrate their legacy applications into FaaS, they need to refactor their applications anyway, from the monolithic application to separated stateless functions, so it is not so much an extra effort for the clients as might initially be imagined. Further, to distinguish the security-sensitive data/logic from the insensitive part is not so difficult for the clients and only they can understand their business. At least, if they are not so sure if a function is security-sensitive, they can classify it as a sensitive one out of an abundance of caution.
Illustrative embodiments provide enhancement to FaaS infrastructure/container cluster orchestrator 610. Currently, to call a function inside FaaS, two requests need to be submitted to the FaaS infrastructure: one request to submit the function to the FaaS infrastructure, for example, OpenWhisk, from its portal; and another request to call the function with input parameters. Illustrative embodiments change the submission format when client 604 wants to run a secure function by adding an SEC flag into the submission. Upon receiving the request with an SEC flag, the FaaS infrastructure informs the controller of the container cluster orchestrator to schedule this function into one or more TEE-enabled secure containers.
Currently, the container cluster orchestrator is unaware of the TEE-enabled secure container (for example, SCONE SGX container implementation), but this problem can be solved. For example, SCONE has provided a plug-in to Kubernetes so that Kubernetes can detect if a container is TEE-enabled by checking if a/dev/sgx file is hosted in the OS and orchestrate the TEE-enabled secure containers differently from other normal containers. The controller will specify a pre-installed attestation delegator (606) to client 604. A FaaS infrastructure that supports confidential function execution can pre-install many attestation delegators beforehand as part of its service to optimize the performance.
Attestation delegator 606 is an enclave itself that is dedicated to a specific client (e.g., 604) who has submitted a request with an SEC flag. More particularly, upon receiving this request, the controller schedules attestation delegator 606 for client 604 with its public Internet Protocol (IP) address. As attestation delegator 606 itself is an enclave, client 604 can execute the standard remote attestation procedure against attestation delegator 606 as shown in step 1. The remote attestation procedure ensures the hardware of the host of attestation delegator 606 is secure, and that the attestation delegator software itself is functioning as the service provider claimed to attest the function execution container (worker) so that the worker is secure and will execute the function provisioned by the client in a trusted manner. The attestation of the worker container ensures the worker container is secure, meaning that the function executed inside the container is the one submitted by client 604, instead of a fraudulent one to steal the information from the client (so that the first attack vector mentioned above is defended against. After remote attestation of the attestation delegator 606 is successful, a secure SSL/TLS (Secure Sockets Layer/Transport Layer Security) connection key pair is generated between client 604 and attestation delegator 606. Client 604 then can establish a secure SSL/TLS connection to attestation delegator 606 and provision the functions and their inputs via the secure connection. As this secure connection is encrypted with the session key, the submitted function, input will not be exposed to the outside world.
When a new TEE-enabled secure container is instantiated, the controller (610) can pre-schedule it to some secure execution of the functions from possible clients represented by attestation delegators beforehand. The controller then sends a notification to each possible attestation delegator (606) as shown in step 2. Then, each possible attestation delegator (606) remote attests the TEE-enabled secure container and this attestation procedure generates an SSL/TLS key for each peer, and each endpoint will save the key for the peer.
If there are m secure container instances which the controller decided that may be put into execution for the functions from n specified clients, after the remote attestations from each attestation delegator to each secure container instance, there will be m×n keys generated during this remote attestation procedure, as illustrated in key pair generation workflow 700 in
As shown in
Note that the attestation of the worker container is delegated by attestation delegator 606, and no attestation request will reach client 604. Because the secure FaaS worker node 608 is attested during its initiation and many container instances can be initiated to prepare a burst of requests for a certain function beforehand (this is the practice for almost all FaaS frameworks), the containers can be attested before scheduling a function into them for execution. When a secure container is attested, the container has just been initiated and there is no function scheduled into this container. Thus, many containers will have the same measures (as they have the same hardware configuration and software stack) and the attestation delegator can cache different measures for different function interpreters or executors to accelerate the remote attestation procedure.
The attestation procedure generates the key between the worker container and the attestation delegator, and no real secure connection is established at that time. As per
From the description above, it is evident that with the attestation delegator, the following benefits occur:
Step 802: Client 604 submits a function execution request along with the input parameters to attestation delegator 606.
Step 804: Attestation delegator 606 sends a notification to the controller (610) to tell it a function from this attestation delegator should be executed.
Step 806: The controller (610) checks if a container instance has been attested by attestation delegator 606 already. If yes, it will choose this container as this function's invoker and send a response to attestation delegator 606 which container should be used as the invoker. This check can be integrated in a straightforward manner into the controller's scheduling policy.
Step 808: Attestation delegator 606 creates a secure connection to this container with the saved key.
Step 810: Attestation delegator 606 provisions the function body together with its input to the chosen container via the secure connection (as depicted by step 3 of
Step 812: The TEE implementation inside the container (secure FaaS worker node 608) executes this function with its input inside the enclave and returns the output to attestation delegator 606 via the secure connection (as depicted in step 4 of
Step 814: Attestation delegator sends the output back to the client via a secure connection.
Illustrative embodiments provision the function during runtime, instead of during the initialization of the enclave, because:
Advantageously, as explained herein in detail, illustrative embodiments provide a solution that can be easily integrated into the current FaaS framework to support secure function execution. More particularly, illustrative embodiments are integrated into a FaaS framework to protect the function body, input, and output and make sure the function executed by the FaaS service provider is the same provided by the client.
Further, illustrative embodiments execute only the security sensitive part of the application inside the secure container. That is, the application is split into two parts: the security-sensitive part and the insensitive part and only the sensitive part is executed inside the secure container. This can be integrated in a straightforward manner into the FaaS portal as well. Most applications have a very small part that is security-sensitive. Thus, splitting the application yields the following benefits:
As the connections from the client to the worker container are secure, and the function is executed inside the enclave, the function body, the input, and the output are invisible from the outside world, hence no data will be leaked.
Still further, only one remote attestation from the client and all secure containers will be invoked immediately. As all attestations of the workers are delegated, the client only needs to attest the attestation delegator once. As described above, this attestation of the secure worker container can be done before the function execution and therefore will not lengthen the function execution time. Also, to provision the function during runtime, all memory pages need not be measured, and thus will save the attestation time and protect the function body from exposure.
As shown, the system 900 includes a central processing unit (CPU) 901 which performs various appropriate acts and processing, based on a computer program instruction stored in a read-only memory (ROM) 902 or a computer program instruction loaded from a storage unit 908 to a random access memory (RAM) 903. The RAM 903 stores therein various programs and data required for operations of the system 900. The CPU 901, the ROM 902 and the RAM 903 are connected via a bus 904 with one another. An input/output (I/O) interface 905 is also connected to the bus 904. It is to be appreciated that component 901 in
The following components in the system 900 are connected to the I/O interface 905, comprising: an input unit 906 such as a keyboard, a mouse and the like; an output unit 907 including various kinds of displays and a loudspeaker, etc.; a storage unit 908 including a magnetic disk, an optical disk, and etc.; a communication unit 909 including a network card, a modem, and a wireless communication transceiver, etc. The communication unit 909 allows the system 900 to exchange information/data with other devices through a computer network such as the Internet and/or various kinds of telecommunications networks.
Various processes and processing described above may be executed by the CPU 901. For example, in some embodiments, methodologies described herein may be implemented as a computer software program that is tangibly included in a machine readable medium, e.g., the storage unit 908. In some embodiments, part or all of the computer programs may be loaded and/or mounted onto the system 900 via ROM 902 and/or communication unit 909. When the computer program is loaded to the RAM 903 and executed by the CPU 901, one or more steps of the methodologies as described above may be executed.
Illustrative embodiments may be a method, a device, a system, and/or a computer program product. The computer program product may include a computer readable storage medium having computer readable program instructions thereon for causing a processor to carry out aspects of illustrative embodiments.
The computer readable storage medium may be a tangible device that can retain and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer readable storage medium includes the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD-ROM), a digital versatile disk (DVD), a memory stick, a floppy disk, a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon, and any suitable combination of the foregoing. A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals sent through a wire.
Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network. The network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. A network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.
Computer readable program instructions for carrying out operations of illustrative embodiments may be assembler instructions, instruction-set-architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, state-setting data, or either source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C++ or the like, and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider). In some embodiments, electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of the present disclosure.
Various technical aspects are described herein with reference to flowchart illustrations and/or block diagrams of methods, device (systems), and computer program products according to illustrative embodiments. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer readable program instructions.
These computer readable program instructions may be provided to a processor unit of a general purpose computer, special purpose computer, or other programmable data processing device to produce a machine, such that the instructions, when executed via the processing unit of the computer or other programmable data processing device, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, a programmable data processing device, and/or other devices to function in a particular manner, such that the computer readable storage medium having instructions stored therein includes an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing device, or other devices to cause a series of operational steps to be performed on the computer, other programmable devices or other devices to produce a computer implemented process, such that the instructions which are executed on the computer, other programmable devices, or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams illustrate architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments. In this regard, each block in the flowchart or block diagrams may represent a module, snippet, or portion of code, which includes one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reversed order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The descriptions of the various embodiments have been presented for purposes of illustration, but are not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein was chosen to best explain the principles of the embodiments, the practical application or technical improvement over technologies found in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Number | Name | Date | Kind |
---|---|---|---|
8613070 | Borzycki | Dec 2013 | B1 |
8650303 | Lang | Feb 2014 | B1 |
8849978 | Batson | Sep 2014 | B1 |
8850049 | Qureshi | Sep 2014 | B1 |
9715597 | Smith | Jul 2017 | B2 |
9948612 | Jawahar | Apr 2018 | B1 |
10762197 | Yu | Sep 2020 | B1 |
11323400 | Hu | May 2022 | B1 |
20100281273 | Lee | Nov 2010 | A1 |
20110314534 | James | Dec 2011 | A1 |
20130298201 | Aravindakshan | Nov 2013 | A1 |
20140040979 | Barton | Feb 2014 | A1 |
20140189807 | Cahill | Jul 2014 | A1 |
20140304326 | Wesley | Oct 2014 | A1 |
20140331333 | Frost | Nov 2014 | A1 |
20140344446 | Rjeili | Nov 2014 | A1 |
20150046997 | Gupta | Feb 2015 | A1 |
20150106946 | Soman | Apr 2015 | A1 |
20150199213 | Desai | Jul 2015 | A1 |
20150271013 | Singh | Sep 2015 | A1 |
20150304736 | Lal | Oct 2015 | A1 |
20150309811 | Wisgo | Oct 2015 | A1 |
20150319226 | Mahmood | Nov 2015 | A1 |
20150334162 | Krishnamurthy | Nov 2015 | A1 |
20150373023 | Walker | Dec 2015 | A1 |
20160173503 | Knight | Jun 2016 | A1 |
20160191645 | Hayton | Jun 2016 | A1 |
20160308858 | Nordstrom | Oct 2016 | A1 |
20160337346 | Momchilov | Nov 2016 | A1 |
20160373251 | Kumar | Dec 2016 | A1 |
20170017562 | Gulkis | Jan 2017 | A1 |
20170024560 | Linde | Jan 2017 | A1 |
20170039007 | Nathani | Feb 2017 | A1 |
20170054987 | Rangarajan | Feb 2017 | A1 |
20170094509 | Mistry | Mar 2017 | A1 |
20170317997 | Smith | Nov 2017 | A1 |
20170364685 | Shah | Dec 2017 | A1 |
20170366359 | Scarlata | Dec 2017 | A1 |
20180007059 | Innes | Jan 2018 | A1 |
20180060572 | Singleton | Mar 2018 | A1 |
20180096137 | Trostle | Apr 2018 | A1 |
20180159856 | Gujarathi | Jun 2018 | A1 |
20180167203 | Belenko | Jun 2018 | A1 |
20180205715 | Ingale | Jul 2018 | A1 |
20180212966 | Costa | Jul 2018 | A1 |
20180241572 | Miele | Aug 2018 | A1 |
20180255591 | Valicherla | Sep 2018 | A1 |
20180332132 | Sampath | Nov 2018 | A1 |
20180351941 | Chhabra | Dec 2018 | A1 |
20190034617 | Scarlata | Jan 2019 | A1 |
20190034652 | Kludy | Jan 2019 | A1 |
20190042315 | Smith | Feb 2019 | A1 |
20190058706 | Feijoo | Feb 2019 | A1 |
20190065406 | Steiner | Feb 2019 | A1 |
20190068373 | Konduru | Feb 2019 | A1 |
20190075099 | Brouchier | Mar 2019 | A1 |
20190098096 | Mocanu | Mar 2019 | A1 |
20190132299 | Tucker | May 2019 | A1 |
20190147188 | Benaloh | May 2019 | A1 |
20190149539 | Scruby | May 2019 | A1 |
20190220603 | Gopalakrishnan | Jul 2019 | A1 |
20190245848 | Divoux | Aug 2019 | A1 |
20190268308 | Sinha | Aug 2019 | A1 |
20190340376 | Fleck | Nov 2019 | A1 |
20190342315 | Smelov | Nov 2019 | A1 |
20200008029 | Cao | Jan 2020 | A1 |
20200050686 | Kamalapuram | Feb 2020 | A1 |
20200076902 | Huang | Mar 2020 | A1 |
20200099738 | Borkar | Mar 2020 | A1 |
20200110857 | Burnette | Apr 2020 | A1 |
20200120142 | Maynard | Apr 2020 | A1 |
20200153911 | Chauhan | May 2020 | A1 |
20200193044 | Dyvadheenam | Jun 2020 | A1 |
20200218429 | Yu | Jul 2020 | A1 |
20200226101 | Dhanabalan | Jul 2020 | A1 |
20200296090 | Smeets | Sep 2020 | A1 |
20200313893 | Thom | Oct 2020 | A1 |
20200328889 | Matetic | Oct 2020 | A1 |
20200374324 | Le Strat | Nov 2020 | A1 |
20210011984 | Renke | Jan 2021 | A1 |
20210021491 | Pasha | Jan 2021 | A1 |
20210050990 | Hearn | Feb 2021 | A1 |
20210064765 | Lapworth | Mar 2021 | A1 |
20210109734 | Vittal | Apr 2021 | A1 |
20210144517 | Guim Bernat | May 2021 | A1 |
20210165662 | Qiao | Jun 2021 | A1 |
20210200858 | Caspi | Jul 2021 | A1 |
20210218559 | Xia | Jul 2021 | A1 |
20210224426 | Cui | Jul 2021 | A1 |
20210241761 | Dixit | Aug 2021 | A1 |
20210248053 | Wei | Aug 2021 | A1 |
20210258171 | Lee | Aug 2021 | A1 |
20210266329 | Fuhry | Aug 2021 | A1 |
20210273921 | Kumar | Sep 2021 | A1 |
20210279353 | Du | Sep 2021 | A1 |
20210377020 | Kashid | Dec 2021 | A1 |
20210377224 | Soriente | Dec 2021 | A1 |
20220038282 | Teramoto | Feb 2022 | A1 |
20220060446 | Dalvi | Feb 2022 | A1 |
20220078007 | Reddem | Mar 2022 | A1 |
20220094547 | Duchastel | Mar 2022 | A1 |
20220114002 | Hoogerbrugge | Apr 2022 | A1 |
20220116345 | Xu | Apr 2022 | A1 |
20220358220 | Smith | Nov 2022 | A1 |
20220374512 | Gerganov | Nov 2022 | A1 |
20230012787 | Agarwal | Jan 2023 | A1 |
Entry |
---|
Wikipedia, “Trusted Computing Base,” https://en.wikipedia.org/wiki/Trusted_computing_base, Jan. 13, 2021, 4 pages. |
Github, “Open Enclave SDK,” https://openenclave.io/sdk/, Accessed Jun. 4, 2021, 3 pages. |
Number | Date | Country | |
---|---|---|---|
20230068880 A1 | Mar 2023 | US |