pith. sign in

arxiv: 2509.02413 · v3 · submitted 2025-09-02 · 💻 cs.CR

A Secure, Confidential, and Verifiable Decision Support System

Edoardo Marangone , Eugenio Nerio Nemmi , Daniele Friolo , Giuseppe Ateniese , Ingo Weber , Claudio Di Ciccio This is my paper

Pith reviewed 2026-05-18 19:25 UTC · model grok-4.3

classification 💻 cs.CR
keywords decision support systemstrusted execution environmentsdata privacydata integrityverifiabilitynotarized dataaccess policiescryptographic techniques
0
0 comments X

The pith

SPARTA deploys user-defined decision rules as certified software objects inside trusted execution environments to guarantee privacy, integrity, and verifiability of automated decisions on notarized data.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper presents SPARTA as a system for decision support that must protect sensitive information while still allowing organizations to customize rules and verify outcomes. It places user-written decision rules into certified software objects that run inside trusted execution environments, operating on data that has first been notarized and is accessed only through explicit policies. Cryptographic methods enforce confidentiality and integrity, and experiments on benchmark and synthetic data indicate the approach scales with only modest extra cost over unsecured versions. A reader would care because industries and governments increasingly automate high-stakes choices that involve private records, yet current tools cannot deliver all six required properties at once.

Core claim

SPARTA employs efficient cryptographic techniques on notarized data with access mediated through user-defined access policies. Users define decision rules, which are translated to certified software objects deployed within TEEs, thereby guaranteeing customization, verifiability, and security of the process. Experiments on public benchmarks and synthetic data show the approach is scalable and adds limited overhead compared to non-cryptographically secured solutions.

What carries the argument

The SPARTA architecture that translates user-defined decision rules into certified software objects deployed inside TEEs on notarized data with policy-mediated access.

If this is right

  • Automated decision processes can satisfy privacy, integrity, availability, customization, security, and verifiability simultaneously.
  • The system stays practical for real workloads because it scales on standard benchmarks while adding only modest overhead.
  • Policy-mediated access lets organizations control who may invoke or inspect decisions without revealing the underlying data or logic.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same pattern of certified rule objects in hardware enclaves could support other rule-driven automation such as compliance checks or diagnostic support.
  • Wider availability of trusted execution hardware might allow decision systems to operate without relying on a single centralized trusted party.
  • A direct test would measure whether current TEE attestation and isolation hold against targeted side-channel or supply-chain attacks on the deployed objects.

Load-bearing premise

The security guarantees depend on the trusted execution environment correctly isolating the running code and on the notarization and cryptographic methods remaining secure against attacks.

What would settle it

An experiment in which an attacker extracts the decision rules or alters an outcome inside the TEE without detection would disprove the privacy and integrity claims.

Figures

Figures reproduced from arXiv: 2509.02413 by Claudio Di Ciccio, Daniele Friolo, Edoardo Marangone, Eugenio Nerio Nemmi, Giuseppe Ateniese, Ingo Weber.

Figure 1
Figure 1. Figure 1: An overview of the SPARTA approach with the software components, user roles, and main information flow [PITH_FULL_IMAGE:figures/full_fig_p004_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Memory savings for each decision rules, 7 input columns, and 3 output columns correspond￾ing to the final decisions). We measure the performance impact under varied conditions, specifically by increasing (a) the number of records and columns, and (b) the num￾ber of rules. In addition to the core scalability tests, we use the same dataset to measure: (c) the performance overhead of our aggregation function,… view at source ↗
Figure 3
Figure 3. Figure 3: Decision execution time 200 400 600 800 1000 1200 1400 Number of Rules 0 1000 2000 3000 4000 5000 6000 7000 Execution Time [ms] Parameters: Columns: 28 Users: 16000 Mean Execution Time Min-Max Range [PITH_FULL_IMAGE:figures/full_fig_p012_3.png] view at source ↗
Figure 5
Figure 5. Figure 5: Execution time with prior aggregation 0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 Time [s] 0.0 0.2 0.4 0.6 0.8 1.0 RAM Usage [Bytes] 1e8 (a) RAM usage over time without prior aggregation 0.0 0.5 1.0 1.5 2.0 2.5 Time [s] 0.0 0.2 0.4 0.6 0.8 1.0 RAM Usage [Bytes] 1e8 (b) RAM usage over time with prior aggregation [PITH_FULL_IMAGE:figures/full_fig_p012_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: RAM usage over time with and without prior aggregation [PITH_FULL_IMAGE:figures/full_fig_p012_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Comparison between light and heavy encryption [PITH_FULL_IMAGE:figures/full_fig_p013_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Execution time comparison between server and TEE [PITH_FULL_IMAGE:figures/full_fig_p013_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: VAX, MED, and CARD datasets execution time tracts for automated decision-making [58]–[62]. Finally, we conducted experiments with public benchmarks show￾ing good performance and scalability of our approach with low overhead. Nevertheless, an on-field use of SPARTA in real-world settings is paramount for validation purposes. 8. Related Work In recent years, numerous approaches have been proposed in the fiel… view at source ↗
read the original abstract

Decision support systems are increasingly adopted to automate decision-making processes across industries, organizations, and governments. Decision support demands data privacy, integrity, and availability while ensuring customization, security, and verifiability of the decision process. Existing solutions fail to guarantee those properties altogether. To overcome this limitation, we propose SPARTA, an approach based on Trusted Execution Environments (TEEs) that automates decision processes. To guarantee privacy, integrity, and availability, SPARTA employs efficient cryptographic techniques on notarized data with access mediated through user-defined access policies. Our solution allows users to define decision rules, which are translated to certified software objects deployed within TEEs, thereby guaranteeing customization, verifiability, and security of the process. With experiments run on public benchmarks and synthetic data, we show our approach is scalable and adds limited overhead compared to non-cryptographically secured solutions.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 2 minor

Summary. The manuscript presents SPARTA, a decision support system architecture that deploys user-defined rules as certified software objects inside Trusted Execution Environments (TEEs) operating on notarized data with policy-mediated access. It claims to simultaneously guarantee privacy, integrity, and availability of decision processes while providing customization, verifiability, and security, and reports experimental results on public benchmarks and synthetic data showing scalability with only limited overhead relative to non-cryptographic baselines.

Significance. If the TEE isolation and attestation assumptions can be rigorously supported, the work supplies a practical, implemented construction that combines TEEs with cryptographic notarization and policy enforcement for secure decision support; this could be relevant for high-stakes domains requiring both confidentiality and auditability. The experimental component supplies initial evidence of deployability.

major comments (1)
  1. [Abstract and §3] Abstract and §3 (System Architecture): The repeated claims that SPARTA 'guarantees privacy, integrity, and availability' and 'guaranteeing customization, verifiability, and security of the process' are predicated on the premise that the selected TEE implementation and attestation mechanism enforce isolation against all relevant adversaries. No threat model is supplied that enumerates adversary capabilities or explains mitigation of documented TEE attacks (cache-timing, enclave-exit, or attestation forgery). This assumption is load-bearing for the central security contribution.
minor comments (2)
  1. [§5] §5 (Evaluation): Overhead measurements are reported without error bars, confidence intervals, or details on the number of runs, which weakens the quantitative claim of 'limited overhead'.
  2. [§4] Notation for the notarization and policy objects is introduced without a clear table or diagram relating the cryptographic primitives to the TEE interface.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for their thoughtful review and constructive criticism. We agree that an explicit threat model is necessary to support the security claims and will revise the manuscript accordingly to address this point.

read point-by-point responses

  1. Referee: [Abstract and §3] Abstract and §3 (System Architecture): The repeated claims that SPARTA 'guarantees privacy, integrity, and availability' and 'guaranteeing customization, verifiability, and security of the process' are predicated on the premise that the selected TEE implementation and attestation mechanism enforce isolation against all relevant adversaries. No threat model is supplied that enumerates adversary capabilities or explains mitigation of documented TEE attacks (cache-timing, enclave-exit, or attestation forgery). This assumption is load-bearing for the central security contribution.

    Authors: We acknowledge the validity of this observation. The original manuscript presents SPARTA under the standard security assumptions of TEEs (isolation and remote attestation) but does not include a dedicated threat model section that explicitly enumerates adversary capabilities or addresses specific documented attacks. In the revised version we will add a new subsection (likely in §3) that defines the threat model. This will specify the assumed adversary (e.g., a malicious host OS or network attacker with software-level access but without physical control of the TEE hardware), state the trust assumptions on the TEE implementation and attestation service, and discuss relevant attack vectors. For cache-timing attacks we will note reliance on constant-time code paths where data-dependent operations occur inside the enclave; for enclave-exit attacks we will describe the use of secure channel establishment and state sealing; and for attestation forgery we will rely on hardware-rooted attestation with certificate validation. The security claims will be qualified as holding under these assumptions. This addition will make the load-bearing premises explicit without altering the core architecture or experimental results. revision: yes

Circularity Check

0 steps flagged

No significant circularity in the derivation chain

full rationale

The paper describes an implemented system architecture (SPARTA) that deploys user-defined rules as certified objects inside TEEs on notarized data, with claims of privacy/integrity/verifiability supported by the construction itself plus experimental measurements on public benchmarks and synthetic data. No mathematical derivation, fitted parameters, or self-referential definitions are present that would reduce a claimed result to its own inputs by construction. The central guarantees rest on external assumptions about TEE correctness rather than any internal circular reduction, making the work self-contained against the described benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The architecture depends on the trustworthiness of commercial TEEs and on the correctness of the rule-to-software translation step; no new physical constants or fitted numerical parameters are introduced.

axioms (2)
  • domain assumption Trusted Execution Environments provide hardware-enforced isolation, confidentiality, and integrity for code and data running inside them.
    Invoked when the paper states that TEEs guarantee security and verifiability of the decision process.
  • domain assumption Notarization and the chosen cryptographic primitives correctly certify data origin and prevent undetected tampering.
    Required for the claim that privacy and integrity are maintained on notarized data.

pith-pipeline@v0.9.0 · 5693 in / 1433 out tokens · 33073 ms · 2026-05-18T19:25:09.869153+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

68 extracted references · 68 canonical work pages

  1. [1]

    Eight key issues for the decision support systems discipline,

    D. Arnott and G. Pervan, “Eight key issues for the decision support systems discipline,” Decision Support Systems , vol. 44, no. 3, pp. 657–672, 2008

    work page 2008

  2. [2]

    Integration of decision support systems to improve decision support perfor- mance,

    S. Liu, A. H. Duffy, R. I. Whitfield, and I. M. Boyle, “Integration of decision support systems to improve decision support perfor- mance,” Knowledge and Information Systems , vol. 22, pp. 261– 286, 2010

    work page 2010

  3. [3]

    Enhancing healthcare decision support through explainable AI models for risk prediction,

    S. Niu, Q. Yin, J. Ma, Y . Song, Y . Xu, L. Bai, W. Pan, and X. Yang, “Enhancing healthcare decision support through explainable AI models for risk prediction,” Decision Support Systems , vol. 181, p. 114228, 2024

    work page 2024

  4. [4]

    Decision support tool to de- fine the optimal pool testing strategy for SARS-CoV-2,

    B. Barracosa, J. Fel ´ıcio, A. Carvalho, L. M. Moreira, F. Mendes, S. C. Verde, and T. Pinto-Varela, “Decision support tool to de- fine the optimal pool testing strategy for SARS-CoV-2,” Decision Support Systems, vol. 175, p. 114046, 2023

    work page 2023

  5. [5]

    A hybrid decision support system for adaptive trading strategies: Combining a rule-based expert system with a deep reinforcement learning strategy,

    Y . Kwon and Z. Lee, “A hybrid decision support system for adaptive trading strategies: Combining a rule-based expert system with a deep reinforcement learning strategy,” Decision Support Systems, vol. 177, p. 114100, 2024

    work page 2024

  6. [6]

    Supporting organizational decisions on how to improve customer repurchase using multi-instance coun- terfactual explanations,

    A. Artelt and A. Gregoriades, “Supporting organizational decisions on how to improve customer repurchase using multi-instance coun- terfactual explanations,” Decision Support Systems , vol. 182, p. 114249, 2024

    work page 2024

  7. [7]

    Customer models for artificial intelligence-based decision support in fashion online retail supply chains,

    A. M. Pereira, J. A. B. Moura, E. D. B. Costa, T. Vieira, A. R. Landim, E. Bazaki, and V . Wanick, “Customer models for artificial intelligence-based decision support in fashion online retail supply chains,” Decision Support Systems , vol. 158, p. 113795, 2022

    work page 2022

  8. [8]

    From BPM- Nprocess models to DMN decision models,

    E. Bazhenova, F. Zerbato, B. Oliboni, and M. Weske, “From BPM- Nprocess models to DMN decision models,” Information Systems, vol. 83, pp. 69–88, 2019

    work page 2019

  9. [9]

    The P2P approach to interorganizational workflows,

    W. M. van der Aalst and M. Weske, “The P2P approach to interorganizational workflows,” in Advanced Information Systems Engineering: 13th International Conference, CAiSE 2001 Inter- laken, Switzerland, June 4–8, 2001 Proceedings 13 . Springer, 2001, pp. 140–156

    work page 2001

  10. [10]

    Hybrid privacy-preserving clinical decision support system in fog–cloud computing,

    X. Liu, R. H. Deng, Y . Yang, H. N. Tran, and S. Zhong, “Hybrid privacy-preserving clinical decision support system in fog–cloud computing,” Future Generation Computer Systems , vol. 78, pp. 825–837, 2018

    work page 2018

  11. [11]

    DMN decision execution on the ethereum blockchain,

    S. Haarmann, K. Batoulis, A. Nikaj, and M. Weske, “DMN decision execution on the ethereum blockchain,” in Advanced Information Systems Engineering: 30th International Conference, CAiSE 2018, Tallinn, Estonia, June 11-15, 2018, Proceedings 30 . Springer, 2018, pp. 327–341

    work page 2018

  12. [12]

    Trusted execution environment: What it is, and what it is not,

    M. Sabt, M. Achemlal, and A. Bouabdallah, “Trusted execution environment: What it is, and what it is not,” in TrustCom 2015. IEEE, 2015, pp. 57–64

    work page 2015

  13. [13]

    Dumas, M

    M. Dumas, M. La Rosa, J. Mendling, and H. A. Reijers, Fun- damentals of Business Process Management, Second Edition . Springer, 2018

    work page 2018

  14. [14]

    Springer Nature Singapore, 2022

    Confidential Computing: Hardware Based Memory Protection . Springer Nature Singapore, 2022

    work page 2022

  15. [15]

    A technical analysis of confidential computing (v1.3),

    C. C. Consortium, “A technical analysis of confidential computing (v1.3),” 2022. [Online]. Available: https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/ 03/CCC-A-Technical-Analysis-of-Confidential-Computing-v1.3 unlocked.pdf

    work page 2022

  16. [16]

    Survey of research on confidential computing,

    D. Feng, Y . Qin, W. Feng, W. Li, K. Shang, and H. Ma, “Survey of research on confidential computing,” IET Communications, 2024

    work page 2024

  17. [17]

    Confidential computing and related technologies: a critical review,

    M. U. Sardar and C. Fetzer, “Confidential computing and related technologies: a critical review,” Cybersecurity, vol. 6, no. 1, 2023

    work page 2023

  18. [18]

    Intel SGX explained,

    V . Costan and S. Devadas, “Intel SGX explained,” Cryptology ePrint Archive, Paper 2016/086, 2016. [Online]. Available: https://eprint.iacr.org/2016/086

    work page 2016

  19. [19]

    Innovative instructions and software model for isolated execution,

    F. McKeen, I. Alexandrovich, A. Berenzon, C. V . Rozas, H. Shafi, V . Shanbhogue, and U. R. Savagaonkar, “Innovative instructions and software model for isolated execution,” in Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy , ser. HASP ’13. New York, NY , USA: Association for Computing Machinery, 2013

    work page 2013

  20. [20]

    Innovative technology for CPU based attestation and sealing,

    I. Anati, S. Gueron, S. Johnson, and V . Scarlata, “Innovative technology for CPU based attestation and sealing,” in Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy , vol. 13, no. 7. ACM New York, NY , USA, 2013

    work page 2013

  21. [21]

    Accelerat- ing encrypted deduplication via SGX,

    Y . Ren, J. Li, Z. Yang, P. P. C. Lee, and X. Zhang, “Accelerat- ing encrypted deduplication via SGX,” in 2021 USENIX Annual Technical Conference (USENIX ATC 21) . USENIX Association, 2021, pp. 957–971

    work page 2021

  22. [22]

    Decision model and notation (DMN) v1.5 (2024),

    OMG, “Decision model and notation (DMN) v1.5 (2024),” Object Management Group, vol. 1, no. 4, p. 18, 2011. [Online]. Available: https://www.omg.org/spec/DMN

    work page 2024

  23. [23]

    Extracting decision logic from process models,

    K. Batoulis, A. Meyer, E. Bazhenova, G. Decker, and M. Weske, “Extracting decision logic from process models,” in Advanced Information Systems Engineering: 27th International Conference, CAiSE 2015, Stockholm, Sweden, June 8-12, 2015, Proceedings

    work page 2015

  24. [24]

    Springer, 2015, pp. 349–366

    work page 2015

  25. [25]

    Integrating BPMN and DMN: modeling and analysis,

    M. De Leoni, P. Felli, and M. Montali, “Integrating BPMN and DMN: modeling and analysis,”Journal on Data Semantics, vol. 10, no. 1, pp. 165–188, 2021

    work page 2021

  26. [26]

    Semantics and analysis of DMN decision tables,

    D. Calvanese, M. Dumas, ¨U. Laurson, F. M. Maggi, M. Montali, and I. Teinemaa, “Semantics and analysis of DMN decision tables,” in Business Process Management: 14th International Conference, BPM 2016, Rio de Janeiro, Brazil, September 18-22, 2016. Pro- ceedings 14. Springer, 2016, pp. 217–233

    work page 2016

  27. [27]

    Ethereum: A secure decentralised generalised transac- tion ledger,

    G. Wood, “Ethereum: A secure decentralised generalised transac- tion ledger,” pp. 1–18, 2014

    work page 2014

  28. [28]

    Algorand: A secure and efficient distributed ledger,

    J. Chen and S. Micali, “Algorand: A secure and efficient distributed ledger,” Theor. Comput. Sci., vol. 777, pp. 155–183, 2019

    work page 2019

  29. [29]

    Dannen, Introducing Ethereum and Solidity: Foundations of Cryptocurrency and Blockchain Programming for Beginners

    C. Dannen, Introducing Ethereum and Solidity: Foundations of Cryptocurrency and Blockchain Programming for Beginners . Apress, 2017

    work page 2017

  30. [30]

    An overview on smart contracts: Challenges, advances and platforms,

    Z. Zheng, S. Xie, H.-N. Dai, W. Chen, X. Chen, J. Weng, and M. Imran, “An overview on smart contracts: Challenges, advances and platforms,” Future Gener. Comput. Syst. , vol. 105, pp. 475– 491, 2020

    work page 2020

  31. [31]

    X. Xu, I. Weber, and M. Staples, Architecture for Blockchain Applications. Springer, 2019

    work page 2019

  32. [32]

    IPFS - content addressed, versioned, P2P file system,

    J. Benet, “IPFS - content addressed, versioned, P2P file system,” 2014

    work page 2014

  33. [33]

    Redesign of vaccine distribution networks,

    J. Lim, B. A. Norman, and J. Rajgopal, “Redesign of vaccine distribution networks,” International Transactions in Operational Research, vol. 29, no. 1, pp. 200–225, 2022

    work page 2022

  34. [34]

    Which group should be vaccinated first?: a systematic review,

    E. B. Noh, H.-K. Nam, and H. Lee, “Which group should be vaccinated first?: a systematic review,” Infection & chemotherapy , vol. 53, no. 2, p. 261, 2021

    work page 2021

  35. [35]

    vetKeys: How a blockchain can keep many secrets,

    A. Cerulli, A. Connolly, G. Neven, F. Preiss, and V . Shoup, “vetKeys: How a blockchain can keep many secrets,” IACR Cryp- tol. ePrint Arch. , p. 616, 2023

    work page 2023

  36. [36]

    The NHS as a proving ground for cryptosystems,

    C. R. Dalton, “The NHS as a proving ground for cryptosystems,” Inf. Secur. Tech. Rep., vol. 8, no. 3, pp. 73–88, 2003

    work page 2003

  37. [37]

    Oceanbase: a 707 million tpmC distributed rela- tional database system,

    Z. Yang, C. Yang, F. Han, M. Zhuang, B. Yang, Z. Yang, X. Cheng, Y . Zhao, W. Shi, H. Xi, H. Yu, B. Liu, Y . Pan, B. Yin, J. Chen, and Q. Xu, “Oceanbase: a 707 million tpmC distributed rela- tional database system,” Proc. VLDB Endow. , vol. 15, no. 12, p. 3385–3397, aug 2022

    work page 2022

  38. [38]

    Digital signature standard (DSS),

    N. I. of Standards and T. (US), “Digital signature standard (DSS),” Washington, D.C., Tech. Rep., feb 2023

    work page 2023

  39. [39]

    Remote attestation procedures (RATS) architecture,

    H. Birkholz, D. Thaler, M. Richardson et al., “Remote attestation procedures (RATS) architecture,” RFC, vol. 9334, pp. 1–46, 2023

    work page 2023

  40. [40]

    Recommendation for pair-wise key-establishment schemes using discrete logarithm cryptography,

    E. Barker, L. Chen, A. Roginsky, A. Vassilev, and R. Davis, “Recommendation for pair-wise key-establishment schemes using discrete logarithm cryptography,” Tech. Rep., apr 2018

    work page 2018

  41. [41]

    Curve25519: New Diffie-Hellman speed records,

    D. J. Bernstein, “Curve25519: New Diffie-Hellman speed records,” in Public Key Cryptography - PKC 2006 , M. Yung, Y . Dodis, A. Kiayias, and T. Malkin, Eds. Springer Berlin Heidelberg, 2006, pp. 207–228

    work page 2006

  42. [42]

    Keccak implementation overview,

    G. Bertoni, J. Daemen, M. Peeters, G. Van Assche, and R. Van Keer, “Keccak implementation overview,” 2012

    work page 2012

  43. [43]

    US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF),

    T. Hansen and D. E. E. 3rd, “US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF),” may 2011

    work page 2011

  44. [44]

    AES Galois Counter Mode (GCM) Cipher Suites for TLS,

    J. A. Salowey, D. McGrew, and A. Choudhury, “AES Galois Counter Mode (GCM) Cipher Suites for TLS,” RFC 5288, aug

    work page

  45. [45]

    Available: https://www.rfc-editor.org/info/rfc5288

    [Online]. Available: https://www.rfc-editor.org/info/rfc5288

    work page

  46. [46]

    The security and performance of the Galois/Counter Mode (GCM) of operation,

    D. A. McGrew and J. Viega, “The security and performance of the Galois/Counter Mode (GCM) of operation,” in Progress in Cryptology - INDOCRYPT 2004, A. Canteaut and K. Viswanathan, Eds. Springer Berlin Heidelberg, 2005, pp. 343–355

    work page 2004

  47. [47]

    Graphene-SGX: A practical library OS for unmodified applications on SGX,

    C. che Tsai, D. E. Porter, and M. Vij, “Graphene-SGX: A practical library OS for unmodified applications on SGX,” in 2017 USENIX Annual Technical Conference (USENIX ATC 17) . Santa Clara, CA: USENIX Association, jul 2017, pp. 645–658

    work page 2017

  48. [48]

    Occlum: Secure and efficient multitasking inside a single enclave of Intel SGX,

    Y . Shen, H. Tian, Y . Chen, K. Chen, R. Wang, Y . Xu, Y . Xia, and S. Yan, “Occlum: Secure and efficient multitasking inside a single enclave of Intel SGX,” in Proceedings of the Twenty-Fifth International Conference on Architectural Support for Program- ming Languages and Operating Systems , ser. ASPLOS ’20. New York, NY , USA: Association for Computing...

    work page 2020

  49. [49]

    Zerotrace : Oblivious memory primitives from Intel SGX,

    S. Sasy, S. Gorbunov, and C. W. Fletcher, “Zerotrace : Oblivious memory primitives from Intel SGX,” in 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018 . The Internet Society, 2018

    work page 2018

  50. [50]

    Oblix: An efficient oblivious search index,

    P. Mishra, R. Poddar, J. Chen, A. Chiesa, and R. A. Popa, “Oblix: An efficient oblivious search index,” in 2018 IEEE Symposium on Security and Privacy (SP) , 2018, pp. 279–296

    work page 2018

  51. [51]

    PRO-ORAM: Practical Read-Only oblivious RAM,

    S. Tople, Y . Jia, and P. Saxena, “PRO-ORAM: Practical Read-Only oblivious RAM,” in 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019) , 2019, pp. 197–211

    work page 2019

  52. [52]

    Bulkor: Enabling bulk loading for path ORAM,

    X. Li, Y . Luo, and M. Gao, “Bulkor: Enabling bulk loading for path ORAM,” in 2024 IEEE Symposium on Security and Privacy (SP), 2024, pp. 4258–4276

    work page 2024

  53. [53]

    Sgx- Pectre: Stealing Intel secrets from SGX enclaves via speculative execution,

    G. Chen, S. Chen, Y . Xiao, Y . Zhang, Z. Lin, and T. H. Lai, “Sgx- Pectre: Stealing Intel secrets from SGX enclaves via speculative execution,” in 2019 IEEE European Symposium on Security and Privacy (EuroS&P), 2019, pp. 142–157

    work page 2019

  54. [54]

    Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX,

    W. Wang, G. Chen, X. Pan, Y . Zhang, X. Wang, V . Bindschaedler, H. Tang, and C. A. Gunter, “Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX,” in Pro- ceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security , ser. CCS ’17. New York, NY , USA: Association for Computing Machinery, 2017, p. 2421–2434

    work page 2017

  55. [55]

    Inferring fine-grained control flow inside SGX enclaves with branch shadowing,

    S. Lee, M.-W. Shih, P. Gera, T. Kim, H. Kim, and M. Peinado, “Inferring fine-grained control flow inside SGX enclaves with branch shadowing,” in26th USENIX Security Symposium (USENIX Security 17) . Vancouver, BC: USENIX Association, aug 2017, pp. 557–574

    work page 2017

  56. [56]

    Ci- pherfix: Mitigating ciphertext Side-Channel attacks in software,

    J. Wichelmann, A. P ¨atschke, L. Wilke, and T. Eisenbarth, “Ci- pherfix: Mitigating ciphertext Side-Channel attacks in software,” in 32nd USENIX Security Symposium (USENIX Security 23) . Ana- heim, CA: USENIX Association, aug 2023, pp. 6789–6806

    work page 2023

  57. [57]

    Strong and efficient cache Side-Channel protection using hardware transactional memory,

    D. Gruss, J. Lettner, F. Schuster, O. Ohrimenko, I. Haller, and M. Costa, “Strong and efficient cache Side-Channel protection using hardware transactional memory,” in 26th USENIX Security Symposium (USENIX Security 17) . Vancouver, BC: USENIX Association, aug 2017, pp. 217–233

    work page 2017

  58. [58]

    Obelix: Mitigating side-channels through dynamic obfuscation,

    J. Wichelmann, A. Rabich, A. P ¨atschke, and T. Eisenbarth, “Obelix: Mitigating side-channels through dynamic obfuscation,” in 2024 IEEE Symposium on Security and Privacy (SP) , 2024, pp. 4182–4199

    work page 2024

  59. [59]

    HybCache: Hy- brid Side-Channel-Resilient caches for trusted execution environ- ments,

    G. Dessouky, T. Frassetto, and A.-R. Sadeghi, “HybCache: Hy- brid Side-Channel-Resilient caches for trusted execution environ- ments,” in 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, aug 2020, pp. 451–468

    work page 2020

  60. [60]

    SGXonerated: Finding (and partially fixing) privacy flaws in TEE-based smart contract platforms without breaking the TEE,

    N. Jean-Louis, Y . Li, Y . Ji, H. Malvai, T. Yurek, S. Bellemare, and A. Miller, “SGXonerated: Finding (and partially fixing) privacy flaws in TEE-based smart contract platforms without breaking the TEE,” Cryptology ePrint Archive, Paper 2023/378, 2023

    work page 2023

  61. [61]

    SECAUCTEE: Securing auction smart contracts using trusted execution environments,

    H. Desai and M. Kantarcioglu, “SECAUCTEE: Securing auction smart contracts using trusted execution environments,” in 2021 IEEE International Conference on Blockchain (Blockchain) , 2021, pp. 448–455

    work page 2021

  62. [62]

    Ekiden: A platform for confidentiality- preserving, trustworthy, and performant smart contracts,

    R. Cheng, F. Zhang, J. Kos, W. He, N. Hynes, N. Johnson, A. Juels, A. Miller, and D. Song, “Ekiden: A platform for confidentiality- preserving, trustworthy, and performant smart contracts,” in 2019 IEEE European Symposium on Security and Privacy (EuroS&P) , 2019, pp. 185–200

    work page 2019

  63. [63]

    SoK: TEE-assisted confidential smart contract,

    R. Li, Q. Wang, Q. Wang, D. Galindo, and M. Ryan, “SoK: TEE-assisted confidential smart contract,” Proceedings on Privacy Enhancing Technologies, vol. 2022, no. 3, p. 711–731, jul 2022

    work page 2022

  64. [64]

    Shad- oweth: Private smart contract on public blockchain,

    R. Yuan, Y .-B. Xia, H.-B. Chen, B.-Y . Zang, and J. Xie, “Shad- oweth: Private smart contract on public blockchain,” Journal of Computer Science and Technology , vol. 33, no. 3, p. 542–556, may 2018

    work page 2018

  65. [65]

    Privacy-preserving decision-making over blockchain,

    J. Zhang, B. Zhang, A. Nastenko, H. Balogun, and R. Oliynykov, “Privacy-preserving decision-making over blockchain,” IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 6, pp. 4648–4663, 2023

    work page 2023

  66. [66]

    Privacy-preserving patient-centric clinical decision support system on na ¨ıve Bayesian classification,

    X. Liu, R. Lu, J. Ma, L. Chen, and B. Qin, “Privacy-preserving patient-centric clinical decision support system on na ¨ıve Bayesian classification,” IEEE Journal of Biomedical and Health Informat- ics, vol. 20, no. 2, pp. 655–668, 2016

    work page 2016

  67. [67]

    Privacy-preserving clinical decision support system using Gaussian kernel-based classification,

    Y . Rahulamathavan, S. Veluru, R. C.-W. Phan, J. A. Chambers, and M. Rajarajan, “Privacy-preserving clinical decision support system using Gaussian kernel-based classification,” IEEE Journal of Biomedical and Health Informatics , vol. 18, no. 1, pp. 56–66, 2014

    work page 2014

  68. [68]

    TEBDS: A trusted execution environment-and-blockchain-supported IoT data sharing system,

    H. Xie, J. Zheng, T. He, S. Wei, and C. Hu, “TEBDS: A trusted execution environment-and-blockchain-supported IoT data sharing system,” Future Generation Computer Systems , vol. 140, pp. 321– 330, 2023. Appendix A. Running example decisions In the following, Tab. 7 and Tab. 8 present the DMN tables containing the decision logic for the two remaining decisi...

    work page 2023