pith. sign in

arxiv: 2605.07548 · v1 · submitted 2026-05-08 · 💻 cs.CR

CCX: Enabling Unmodified Intel SGX Applications on Arm CCA

Matti Schulze , Thorsten Holz , Felix Freiling This is my paper

Pith reviewed 2026-05-11 02:21 UTC · model grok-4.3

classification 💻 cs.CR
keywords Intel SGXArm CCAconfidential computingenclave compatibilityfirmware redesigncloud securityapplication portabilitysecure execution
0
0 comments X

The pith

CCX enables existing Intel SGX applications to run unmodified on Arm CCA with comparable security guarantees.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces CCX as a framework that allows Intel SGX applications to execute on Arm CCA without any source code modifications. It does so by redesigning SGX functionality and abstractions inside Arm CCA firmware to match the new architecture while keeping full compatibility. A sympathetic reader would care because SGX remains popular for secure cloud workloads like confidential services and privacy tools, yet Arm processors are gaining traction in the same environments and create a portability barrier. The prototype runs on both an emulator and real hardware, demonstrating execution of unchanged applications along with security properties close to native SGX and some performance gains.

Core claim

CCX redesigns SGX functionality within Arm CCA firmware, adapting SGX abstractions to CCA's architecture design while preserving full compatibility with existing applications originally developed for SGX. The prototype, implemented on QEMU and a Nitrogen8M development board, executes existing SGX applications without source code changes, provides security guarantees comparable to Intel SGX, and achieves performance improvements in the evaluated settings.

What carries the argument

The CCX framework that recreates SGX execution semantics and APIs inside Arm CCA firmware.

If this is right

  • Existing SGX applications can be deployed on Arm-based confidential computing systems without developer changes.
  • Security properties remain comparable to those of Intel SGX for cloud services.
  • Performance gains appear in the tested settings due to the firmware redesign.
  • Applications such as secure payments and privacy-preserving communication become portable across the two platforms.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • This approach could make Arm CCA more immediately usable for teams already invested in SGX codebases.
  • Similar firmware bridges might later connect SGX applications to other emerging confidential computing technologies.
  • Developers could maintain a single SGX codebase while targeting both Intel and Arm deployments.

Load-bearing premise

SGX functionality and execution semantics can be faithfully recreated inside Arm CCA firmware without introducing new attack surfaces or breaking compatibility for real-world applications.

What would settle it

An existing SGX application that either fails to execute on the CCX prototype, requires source code changes, or shows a security issue not present under native Intel SGX.

Figures

Figures reproduced from arXiv: 2605.07548 by Felix Freiling, Matti Schulze, Thorsten Holz.

Figure 1
Figure 1. Figure 1: Architecture of an SGX-App running on a typical SGX-enabled [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 3
Figure 3. Figure 3: Overview of CCX. Trusted components are gray; untrusted com [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Overview of different approaches to enclave memory management of [PITH_FULL_IMAGE:figures/full_fig_p006_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Results of the microbenchmarks for the enclave microprograms. The y-axis shows the runtime of each microprogram for CCX in nanoseconds on a [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Results of NBench. Each group on the x-axis corresponds to a benchmark, showing both the native and enclave versions. The y-axis shows the [PITH_FULL_IMAGE:figures/full_fig_p010_6.png] view at source ↗
read the original abstract

Novel confidential computing technologies such as Intel TDX, AMD SEV, and Arm CCA have recently emerged. In practice, due to its minimal trust boundaries, Intel SGX still remains widely used for enclave-based applications in cloud environments, including confidential cloud services, privacy-preserving communication, secure payment processing, and privacy-focused advertising. With the growing adoption of Arm CPUs in cloud systems, however, existing SGX applications face a significant portability challenge: they are tightly coupled to SGX-specific APIs and execution semantics. In this paper, we present the design and implementation of CCX, a framework that enables existing SGX applications to run on Arm CCA without source code modification. To this end, CCX redesigns SGX functionality within Arm CCA firmware, adapting SGX abstractions to CCA's architecture design while preserving full compatibility with existing applications originally developed for SGX. We implemented a prototype of CCX on both the QEMU emulator and a Nitrogen8M development board. Our evaluation shows that CCX is capable of executing existing SGX applications without requiring source code changes, while providing security guarantees comparable to Intel SGX and achieving performance improvements in our evaluated settings.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The paper presents CCX, a framework that redesigns SGX functionality inside Arm CCA firmware to enable existing SGX applications to execute unmodified on Arm CCA platforms. It reports a prototype implementation running on both QEMU and a real Nitrogen8M development board, claiming full application compatibility, security guarantees comparable to native Intel SGX, and performance improvements over the evaluated settings.

Significance. If the security equivalence and compatibility claims are substantiated, the work would have clear practical significance for migrating SGX-based confidential-computing workloads to Arm-based cloud systems, addressing a real portability barrier as Arm adoption grows.

major comments (2)
  1. [Abstract] Abstract: the central claim of 'security guarantees comparable to Intel SGX' is load-bearing yet unsupported by any TCB comparison, threat-model mapping, or analysis of how SGX primitives (e.g., EREPORT, EGETKEY, attestation) are realized inside CCA firmware without enlarging the attack surface or altering the trust model.
  2. [Abstract] Abstract / Evaluation: the statement that CCX achieves 'performance improvements in our evaluated settings' is not accompanied by any quantitative metrics, baselines, or workload descriptions, rendering the performance claim impossible to assess.
minor comments (1)
  1. The manuscript would benefit from an explicit section detailing the CCA firmware interfaces and trapping mechanisms used to emulate SGX instruction semantics.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on the abstract claims. We address each major comment below and will revise the manuscript to strengthen the presentation of our security and performance arguments.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the central claim of 'security guarantees comparable to Intel SGX' is load-bearing yet unsupported by any TCB comparison, threat-model mapping, or analysis of how SGX primitives (e.g., EREPORT, EGETKEY, attestation) are realized inside CCA firmware without enlarging the attack surface or altering the trust model.

    Authors: We acknowledge that the abstract states the comparability claim without inline details. The full manuscript describes the redesign of SGX abstractions (including EREPORT, EGETKEY, and attestation) inside CCA firmware and argues that the trust model is preserved because CCX runs within the CCA realm without adding new privileged code. However, we agree an explicit TCB size comparison and threat-model mapping would make the claim more robust. In the revision we will add a concise TCB comparison table and a short threat-model subsection that maps each SGX primitive to its CCA realization, showing no enlargement of the attack surface. revision: yes

  2. Referee: [Abstract] Abstract / Evaluation: the statement that CCX achieves 'performance improvements in our evaluated settings' is not accompanied by any quantitative metrics, baselines, or workload descriptions, rendering the performance claim impossible to assess.

    Authors: The abstract is intentionally brief and therefore omits the concrete numbers. The evaluation section reports results on both QEMU and the Nitrogen8M board for unmodified SGX applications (cryptographic workloads, secure database queries, and privacy-preserving analytics), using native Arm execution and a prior SGX-on-CCA baseline. We will revise the abstract to include representative quantitative figures (e.g., percentage overhead reductions) and name the workloads and baselines so the claim can be assessed directly from the abstract. revision: yes

Circularity Check

0 steps flagged

No circularity: engineering implementation with no derivations or self-referential claims

full rationale

The paper describes the design and implementation of the CCX framework for porting SGX applications to Arm CCA. It contains no equations, fitted parameters, predictions, or mathematical derivations that could reduce to their inputs by construction. No self-citations are invoked to justify uniqueness theorems, ansatzes, or load-bearing premises. The central claims rest on the existence of a working prototype (QEMU and hardware) and compatibility evaluation, which are independent engineering artifacts rather than tautological restatements of inputs. This is a standard non-circular engineering paper.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The paper introduces a new software compatibility layer. It relies on the standard domain assumption that hardware isolation primitives in CCA can host an SGX-like interface, with no fitted numerical parameters or newly postulated physical entities.

axioms (1)
  • domain assumption Arm CCA isolation primitives are sufficient to host an SGX-compatible execution environment without loss of security properties.
    Invoked when the paper states that SGX functionality is redesigned within CCA firmware while preserving comparable security guarantees.
invented entities (1)
  • CCX firmware layer no independent evidence
    purpose: Emulate SGX abstractions and APIs inside Arm CCA
    New software component introduced by the authors to achieve compatibility.

pith-pipeline@v0.9.0 · 5503 in / 1252 out tokens · 44568 ms · 2026-05-11T02:21:32.045682+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

98 extracted references · 98 canonical work pages

  1. [1]

    https://github.com/Mbed-TLS/mbedtls

    Mbed TLS . https://github.com/Mbed-TLS/mbedtls. Accessed: 2025- 08-25

    work page 2025

  2. [2]

    https://documentation- service.arm.com/static/69cb945ac1586b7c59b1c00c?token=

    Realm Management Monitor specification . https://documentation- service.arm.com/static/69cb945ac1586b7c59b1c00c?token=. Accessed: 2026-05-06

    work page 2026

  3. [3]

    https://github.com/utds3lab/ sgx-nbench

    The nbench benchmark ported to SGX. . https://github.com/utds3lab/ sgx-nbench. Accessed: 2025-08-25

    work page 2025

  4. [4]

    https://github.com/ARM-software/arm-trusted- firmware

    Trusted Firmware-A . https://github.com/ARM-software/arm-trusted- firmware. Accessed: 2025-08-25

    work page 2025

  5. [5]

    https://github.com/asterinas/hyperenclave

    HyperEnclave. https://github.com/asterinas/hyperenclave. Accessed: 2025-08-25

    work page 2025

  6. [6]

    https://github.com/intel/linux-sgx

    Linux-SGX. https://github.com/intel/linux-sgx. Accessed: 2025-08-25

    work page 2025

  7. [7]

    https://github.com/ AMDESE/linux-svsm

    Linux SVSM (Secure VM Service Module). https://github.com/ AMDESE/linux-svsm. Accessed: 2025-08-25

    work page 2025

  8. [8]

    https://github.com/openenclave/openenclave

    Open Enclave SDK. https://github.com/openenclave/openenclave. Ac- cessed: 2025-08-25

    work page 2025

  9. [9]

    https://github.com/dsc-sgx/sgx-kmeans

    sgx-kmeans. https://github.com/dsc-sgx/sgx-kmeans. Accessed: 2025- 08-25

    work page 2025

  10. [10]

    https://github.com/yerzhan7/SGX SQLite

    SGX SQLite. https://github.com/yerzhan7/SGX SQLite. Accessed: 2025-08-25

    work page 2025

  11. [11]

    https://www.math.utah.edu/ ∼mayer/linux/bmark.html, 2017

    NBench. https://www.math.utah.edu/ ∼mayer/linux/bmark.html, 2017. Accessed: 2025-08-25

    work page 2017

  12. [12]

    https://documentation-service.arm.com/ static/610aaec33d73a34b640e333b?token=, 2021

    Arm CCA Security Model 1.0. https://documentation-service.arm.com/ static/610aaec33d73a34b640e333b?token=, 2021. Accessed: 2025-08- 25

    work page 2021

  13. [13]

    https: //developer.arm.com/documentation/den0129/latest/, 2023

    Arm Realm Management Extension (RME) System Architecture. https: //developer.arm.com/documentation/den0129/latest/, 2023. Accessed: 2025-08-25

    work page 2023

  14. [14]

    AWS & ARM Partnership

    Amazon Web Services. AWS & ARM Partnership. https:// www.arm.com/partners/aws, 2022. Accessed: 2025-08-25

    work page 2022

  15. [15]

    The Security Design of the AWS Nitro System: AWS Whitepaper

    Amazon Web Services. The Security Design of the AWS Nitro System: AWS Whitepaper. https://docs.aws.amazon.com/pdfs/whitepapers/ latest/security-design-of-aws-nitro-system/security-design-of-aws- nitro-system.pdf, 2024. Accessed: 2025-08-25

    work page 2024

  16. [16]

    Strengthening VM isolation with integrity protection and more

    AMD. Strengthening VM isolation with integrity protection and more. White Paper, 2020

    work page 2020

  17. [17]

    Inno- vative technology for cpu based attestation and sealing

    Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. Inno- vative technology for cpu based attestation and sealing. InInternational Workshop on Hardware and Architectural Support for Security and Privacy (HASP), 2013

    work page 2013

  18. [18]

    TaLoS: Efficient TLS Termination Inside SGX Enclaves for Existing Applications

    Aublin, Pierre-Louis and Kelbert, Florian and O’keeffe, Dan and Muthukumaran, Divya and Priebe, Christian and Lind, Joshua and Krahn, Robert and Fetzer, Christof and Eyers, David and Pietzuch, Peter. TaLoS: Efficient TLS Termination Inside SGX Enclaves for Existing Applications. https://github.com/lsds/TaLoS, 2017. Accessed: 2025-08- 25

    work page 2017

  19. [19]

    CURE: A Security Architecture with CUstomizable and Resilient Enclaves

    Raad Bahmani, Ferdinand Brasser, Ghada Dessouky, Patrick Jauernig, Matthias Klimmek, Ahmad-Reza Sadeghi, and Emmanuel Stapf. CURE: A Security Architecture with CUstomizable and Resilient Enclaves. In USENIX Security Symposium, 2021

    work page 2021

  20. [20]

    OPENCCA: An Open Framework to Enable Arm CCA Research

    Andrin Bertschi and Shweta Shinde. OPENCCA: An Open Framework to Enable Arm CCA Research. Inieee-eurospw, 2025

    work page 2025

  21. [21]

    CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode

    Pietro Borrello, Catherine Easdon, Martin Schwarzl, Roland Czerny, and Michael Schwarz. CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode. InIEEE Security and Privacy Workshops (SPW), 2023

    work page 2023

  22. [22]

    SANCTUARY: ARMing TrustZone with User- space Enclaves

    Ferdinand Brasser, David Gens, Patrick Jauernig, Ahmad-Reza Sadeghi, and Emmanuel Stapf. SANCTUARY: ARMing TrustZone with User- space Enclaves. InSymposium on Network and Distributed System Security (NDSS), 2019

    work page 2019

  23. [23]

    Software Grand Exposure: SGX Cache Attacks Are Practical

    Ferdinand Brasser, Urs M ¨uller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. Software Grand Exposure: SGX Cache Attacks Are Practical. InUSENIX Workshop on Offensive Technologies (WOOT), 2017

    work page 2017

  24. [24]

    Insecure until proven updated: Analyzing AMD sev’s remote attestation

    Robert Buhren, Christian Werling, and Jean-Pierre Seifert. Insecure until proven updated: Analyzing AMD sev’s remote attestation. InACM Conference on Computer and Communications Security (CCS), 2019

    work page 2019

  25. [25]

    SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control

    Jo Van Bulck, Frank Piessens, and Raoul Strackx. SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control. InWorkshop on System Software for Trusted Execution (SysTEX), 2017

    work page 2017

  26. [26]

    A Systematic Evaluation of Transient Execution Attacks and Defenses

    Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Ben- jamin von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, and Daniel Gruss. A Systematic Evaluation of Transient Execution Attacks and Defenses. InUSENIX Security Symposium, 2019

    work page 2019

  27. [27]

    AnyTEE: An Open and Interoperable Software Defined TEE Framework.IEEE Access, 2025

    David Cerdeira, Jos ´e Martins, Nuno Santos, and Sandro Pinto. AnyTEE: An Open and Interoperable Software Defined TEE Framework.IEEE Access, 2025

    work page 2025

  28. [28]

    Securing Data Analytics on SGX with Randomization

    Swarup Chandra, Vishal Karande, Zhiqiang Lin, Latifur Khan, Murat Kantarcioglu, and Bhavani Thuraisingham. Securing Data Analytics on SGX with Randomization. InEuropean Symposium on Research in Computer Security (ESORICS), 2017

    work page 2017

  29. [29]

    SgxPectre: Stealing Intel Secrets From SGX Enclaves via Speculative Execution.IEEE Symposium on Security and Privacy (S&P), 2020

    Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten-Hwang Lai. SgxPectre: Stealing Intel Secrets From SGX Enclaves via Speculative Execution.IEEE Symposium on Security and Privacy (S&P), 2020

    work page 2020

  30. [30]

    Intel TDX Demystified: A Top-Down Approach.ACM Computing Surveys (CSUR), 56(9), 2024

    Pau-Chen Cheng, Wojciech Ozga, Enriquillo Valdez, Salman Ahmed, Zhongshu Gu, Hani Jamjoom, Hubertus Franke, and James Bottomley. Intel TDX Demystified: A Top-Down Approach.ACM Computing Surveys (CSUR), 56(9), 2024

    work page 2024

  31. [31]

    Secret Key Recovery in a Global-Scale End-to-End Encryption System

    Graeme Connell, Vivian Fang, Rolfe Schmidt, Emma Dauterman, and Raluca Ada Popa. Secret Key Recovery in a Global-Scale End-to-End Encryption System. InSymposium on Operating Systems Design and Implementation (OSDI), 2024

    work page 2024

  32. [32]

    AEX-Notify: Thwarting Precise Single-Stepping Attacks through Interrupt Awareness for Intel SGX Enclaves

    Scott Constable, Jo Van Bulck, Xiang Cheng, Yuan Xiao, Cedric Xing, Ilya Alexandrovich, Taesoo Kim, Frank Piessens, Mona Vij, and Mark Silberstein. AEX-Notify: Thwarting Precise Single-Stepping Attacks through Interrupt Awareness for Intel SGX Enclaves. InUSENIX Security Symposium, 2023

    work page 2023

  33. [33]

    Technology

    Cosmian. Technology. https://cosmian.com/technology/, 2024. Ac- cessed: 2025-08-25

    work page 2024

  34. [34]

    Intel SGX Explained

    Victor Costan and Srinivas Devadas. Intel SGX Explained. Technical report, IACR Cryptology ePrint Archive, 2016. https://eprint.iacr.org/ 2016/086

    work page 2016

  35. [35]

    Lebedev, and Srinivas Devadas

    Victor Costan, Ilia A. Lebedev, and Srinivas Devadas. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. InUSENIX Security Symposium, 2016

    work page 2016

  36. [36]

    Abu-Ghazaleh, and Dmitry Ponomarev

    Dmitry Evtyushkin, Ryan Riley, Nael B. Abu-Ghazaleh, and Dmitry Ponomarev. BranchScope: A New Side-Channel Attack on Directional Branch Predictor. InConference on Architectural Support for Program- ming Languages and Operating Systems (ASPLOS), 2018

    work page 2018

  37. [37]

    Komodo: Using verification to disentangle secure-enclave hard- ware from software

    Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, and Bryan Parno. Komodo: Using verification to disentangle secure-enclave hard- ware from software. InSymposium on Operating Systems Principles (SOSP), 2017

    work page 2017

  38. [38]

    Block Building inside SGX

    Flashbots. Block Building inside SGX. https://writings.flashbots.net/ block-building-inside-sgx#our-sepolia-sgx-builder, 2023. Accessed: 2025-08-25

    work page 2023

  39. [39]

    Anthony C. J. Fox, Gareth Stockwell, Shale Xiong, Hanno Becker, Dominic P. Mulligan, Gustavo Petri, and Nathan Chong. A Verification Methodology for the Arm® Confidential Computing Architecture: From a Secure Specification to Safe Implementations.ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), 2023

    work page 2023

  40. [40]

    SGX- LAPD: Thwarting Controlled Side Channel Attacks via Enclave Ver- ifiable Page Faults

    Yangchun Fu, Erick Bauman, Raul Quinonez, and Zhiqiang Lin. SGX- LAPD: Thwarting Controlled Side Channel Attacks via Enclave Ver- ifiable Page Faults. InSymposium on Recent Advances in Intrusion Detection (RAID), 2017

    work page 2017

  41. [41]

    Tau VM: the first Google Compute Engine VM running on an ARM chip

    Google. Tau VM: the first Google Compute Engine VM running on an ARM chip. https://cloud.google.com/blog/products/compute/tau-t2a-is- first-compute-engine-vm-on-an-arm-chip, 2022. Accessed: 2025-08-25

    work page 2022

  42. [42]

    Cache Attacks on Intel SGX

    Johannes G ¨otzfried, Moritz Eckert, Sebastian Schinzel, and Tilo M ¨uller. Cache Attacks on Intel SGX. InACM European Workshop on System Security (EuroSec), 2017

    work page 2017

  43. [43]

    ARM-Based Servers Market Summary

    Grand View Research. ARM-Based Servers Market Summary. https://www.grandviewresearch.com/industry-analysis/arm-based- servers-market-report, 2025. Accessed: 2025-08-27

    work page 2025

  44. [44]

    TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone

    Le Guan, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, and Trent Jaeger. TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone. InACM International Conference on Mobile Systems, Applications, and Services (MobiSys), 2017

    work page 2017

  45. [45]

    Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv8

    Lorenz Hetterich, Markus Bauer, Michael Schwarz, and Christian Rossow. Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv8. InACM Symposium on Information, Com- puter and Communications Security (ASIACCS), 2024

    work page 2024

  46. [46]

    Branch Different - Spectre Attacks on Apple Silicon

    Lorenz Hetterich and Michael Schwarz. Branch Different - Spectre Attacks on Apple Silicon. InDetection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), 2022. 14

    work page 2022

  47. [47]

    Using innovative instructions to create trustwor- thy software solutions

    Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Vinay Phegade, and Juan del Cuvillo. Using innovative instructions to create trustwor- thy software solutions. InInternational Workshop on Hardware and Architectural Support for Security and Privacy (HASP), 2013

    work page 2013

  48. [48]

    HiveTEE: Scalable and Fine- grained Isolated Domains with RME and MTE Co-assisted.IEEE Transactions on Information Forensics and Security, 2026

    Haoyang Huang and Fengwei Zhangy. HiveTEE: Scalable and Fine- grained Isolated Domains with RME and MTE Co-assisted.IEEE Transactions on Information Forensics and Security, 2026

    work page 2026

  49. [49]

    Bluethunder: A 2-level Directional Predictor Based Side-Channel Attack against SGX.IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(1), 2020

    Tianlin Huo, Xiaoni Meng, Wenhao Wang, Chunliang Hao, Pei Zhao, Jian Zhai, and Mingshu Li. Bluethunder: A 2-level Directional Predictor Based Side-Channel Attack against SGX.IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(1), 2020

    work page 2020

  50. [50]

    Intel® Software Guard Extensions (Intel® SGX)

    Intel. Intel® Software Guard Extensions (Intel® SGX). https: //cdrdv2-public.intel.com/671581/intel-sgx-developer-guide.pdf, 2018. Accessed: 2025-08-25

    work page 2018

  51. [51]

    11th generation intel® core™ processors

    Intel. 11th generation intel® core™ processors. https://cdrdv2.intel.com/ v1/dl/getContent/634648, 2020. Accessed: 2025-08-25

    work page 2020

  52. [52]

    Intel SGX Protects German Electronic Patient Records

    Intel. Intel SGX Protects German Electronic Patient Records. https://www.intel.com/content/www/us/en/newsroom/news/intel-sgx- protects-german-electronic-patient-records.html#gs.heuo6x, 2021. Accessed: 2025-08-25

    work page 2021

  53. [53]

    Microsoft Protects $25B in Customer Payments

    Intel. Microsoft Protects $25B in Customer Payments. https://www.intel.com/content/www/us/en/security/resources/microsoft- azure-confidential-computing-brief.html, 2023. Accessed: 2025-08-25

    work page 2023

  54. [54]

    Securing Your Trust Boundary with Intel SGX and Intel TDX

    Intel. Securing Your Trust Boundary with Intel SGX and Intel TDX. https://www.intel.com/content/www/us/en/content-details/ 816053/securing-your-trust-boundary-with-intel-sgx-and-intel- tdx.html?DocID=816053, 2024. Accessed: 2025-08-25

    work page 2024

  55. [55]

    HyperEnclave: An Open and Cross- platform Trusted Execution Environment

    Yuekai Jia, Shuang Liu, Wenhao Wang, Yu Chen, Zhengde Zhai, Shoumeng Yan, and Zhengyu He. HyperEnclave: An Open and Cross- platform Trusted Execution Environment. InUSENIX Annual Technical Conference (ATC), 2022

    work page 2022

  56. [56]

    Spectre Attacks: Ex- ploiting Speculative Execution

    Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. Spectre Attacks: Ex- ploiting Speculative Execution. InIEEE Symposium on Security and Privacy (S&P), 2019

    work page 2019

  57. [57]

    Reverse Engineering x86 Processor Microcode

    Philipp Koppe, Benjamin Kollenda, Marc Fyrbiak, Christian Kison, Robert Gawlik, Christof Paar, and Thorsten Holz. Reverse Engineering x86 Processor Microcode. InUSENIX Security Symposium, 2017

    work page 2017

  58. [58]

    Keystone: an open framework for architecting trusted execution environments

    Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanovic, and Dawn Song. Keystone: an open framework for architecting trusted execution environments. InEuropean Conference on Computer Systems (EuroSys), 2020

    work page 2020

  59. [59]

    Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing

    Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. InUSENIX Security Symposium, 2017

    work page 2017

  60. [60]

    Design and Verification of the Arm Confidential Compute Architecture

    Xupeng Li, Xuheng Li, Christoffer Dall, Ronghui Gu, Jason Nieh, Yousuf Sait, and Gareth Stockwell. Design and Verification of the Arm Confidential Compute Architecture. InSymposium on Operating Systems Design and Implementation (OSDI), 2022

    work page 2022

  61. [61]

    Hans Liljestrand, Thomas Nyman, Kui Wang, Carlos Chinea Perez, Jan- Erik Ekberg, and N. Asokan. PAC it up: Towards Pointer Integrity using ARM Pointer Authentication. InUSENIX Security Symposium, 2019

    work page 2019

  62. [62]

    EL3XIR: Fuzzing COTS Secure Monitors

    Christian Lindenmeier, Mathias Payer, and Marcel Busch. EL3XIR: Fuzzing COTS Secure Monitors. InUSENIX Security Symposium, 2024

    work page 2024

  63. [63]

    Meltdown: Reading Kernel Memory from User Space

    Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. Meltdown: Reading Kernel Memory from User Space. InUSENIX Security Symposium, 2018

    work page 2018

  64. [64]

    NanoZone: Scalable, Efficient, and Secure Memory Protection for Arm CCA.arXiv, 2025

    Shiqi Liu, Yongpeng Gao, Mingyang Zhang, and Jie Wang. NanoZone: Scalable, Efficient, and Secure Memory Protection for Arm CCA.arXiv, 2025

    work page 2025

  65. [65]

    Shiqi Liu, Zhouqi Jiang, Jie Wang, Wei Zhou, Kun Sun, Zhaohui Chen, and Yulai Xie. More granular, less trust: Enforcing intra-process isolation with arm cca in an untrusted management environment.IEEE Transactions on Information Forensics and Security, 20:12507–12522, 2025

    work page 2025

  66. [66]

    Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R

    Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V . Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. In- novative instructions and software model for isolated execution. In International Workshop on Hardware and Architectural Support for Security and Privacy (HASP), 2013

    work page 2013

  67. [67]

    Azure Virtual Machines with Ampere Altra ARM-based processors generally available

    Microsoft. Azure Virtual Machines with Ampere Altra ARM-based processors generally available. https://azure.microsoft.com/en-us/ blog/azure-virtual-machines-with-ampere-altra-arm-based-processors- generally-available/, 2022. Accessed: 2025-08-25

    work page 2022

  68. [68]

    CacheZoom: How SGX Amplifies the Power of Cache Attacks

    Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. CacheZoom: How SGX Amplifies the Power of Cache Attacks. InConference on Cryptographic Hardware and Embedded Systems (CHES), 2017

    work page 2017

  69. [69]

    Privacy-preserving digital ads infrastructure: An overview of Anonym’s technology

    Mozilla. Privacy-preserving digital ads infrastructure: An overview of Anonym’s technology. https://blog.mozilla.org/en/products/anonym- technology-overview/, 2025. Accessed: 2025-08-25

    work page 2025

  70. [70]

    Mulligan, Gustavo Petri, Nick Spinale, Gareth Stockwell, and Hugo J

    Dominic P. Mulligan, Gustavo Petri, Nick Spinale, Gareth Stockwell, and Hugo J. M. Vincent. Confidential Computing - a brave new world. In International Symposium on Secure and Private Execution Environment Design (SEED), 2021

    work page 2021

  71. [71]

    NGINX. nginx. https://nginx.org/en/, 2024. Accessed: 2025-08-25

    work page 2024

  72. [72]

    Everything You Should Know About Intel SGX Performance on Virtualized Systems.ACM on Measurement and Analysis of Computing Systems (POMACS), 2019

    Tu Dinh Ngoc, Bao Bui, Stella Bitchebe, Alain Tchana, Valerio Schi- avoni, Pascal Felber, and Daniel Hagimont. Everything You Should Know About Intel SGX Performance on Virtualized Systems.ACM on Measurement and Analysis of Computing Systems (POMACS), 2019

    work page 2019

  73. [73]

    A Survey of Published Attacks on Intel SGX

    Alexander Nilsson, Pegah Nikbakht Bideh, and Joakim Brorsson. A Survey of Published Attacks on Intel SGX. Technical report, arXiv,

    work page

  74. [74]

    https://arxiv.org/abs/2006.13598

    work page arXiv 2006

  75. [75]

    Demystifying Arm TrustZone: A Comprehensive Survey.ACM Computing Surveys (CSUR), 51(6), 2019

    Sandro Pinto and Nuno Santos. Demystifying Arm TrustZone: A Comprehensive Survey.ACM Computing Surveys (CSUR), 51(6), 2019

    work page 2019

  76. [76]

    Tarnhelm: Isolated, Transparent & Confiden- tial Execution of Arbitrary Code in ARM’s TrustZone

    Davide Quarta, Michele Ianni, Aravind Machiry, Yanick Fratantonio, Eric Gustafson, Davide Balzarotti, Martina Lindorfer, Giovanni Vigna, and Christopher Kruegel. Tarnhelm: Isolated, Transparent & Confiden- tial Execution of Arbitrary Code in ARM’s TrustZone. InResearch on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, 2021

    work page 2021

  77. [77]

    Flip Feng Shui: Hammering a needle in the software stack

    Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuf- frida, and Herbert Bos. Flip Feng Shui: Hammering a needle in the software stack. InUSENIX Security Symposium, 2016

    work page 2016

  78. [78]

    Portal: Fast and secure device access with arm cca for modern arm mobile system- on-chips (socs)

    Fan Sang, Jaehyuk Lee, Xiaokuan Zhang, and Taesoo Kim. Portal: Fast and secure device access with arm cca for modern arm mobile system- on-chips (socs). InIEEE Symposium on Security and Privacy (S&P), 2025

    work page 2025

  79. [79]

    BarriCCAde: Isolating Closed-Source Drivers with ARM CCA

    Matti Schulze, Christian Lindenmeier, and Jonas R ¨ockl. BarriCCAde: Isolating Closed-Source Drivers with ARM CCA. InIEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2024

    work page 2024

  80. [80]

    Exploiting the DRAM rowhammer bug to gain kernel privileges

    Mark Seaborn and Thomas Dullien. Exploiting the DRAM rowhammer bug to gain kernel privileges. https://googleprojectzero.blogspot.com/ 2015/03/exploiting-dram-rowhammer-bug-to-gain.html, 2015

    work page 2015

Showing first 80 references.