pith. sign in

arxiv: 2604.04082 · v1 · submitted 2026-04-05 · 💻 cs.CR

Styx: Collaborative and Private Data Processing With TEE-Enforced Sticky Policy

Shixuan Zhao , Weicheng Wang , Ninghui Li , Zhiqiang Lin This is my paper

Pith reviewed 2026-05-13 16:59 UTC · model grok-4.3

classification 💻 cs.CR
keywords sticky policiestrusted execution environmentsdata privacycollaborative computingpolicy enforcementsecure data processingAI trainingdata lifecycle
0
0 comments X p. Extension

The pith

Styx uses TEE-protected middleware to enforce sticky policies across the full data lifecycle in collaborative computations.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces Styx to protect sensitive data in collaborations involving multiple mutually distrusting parties, such as joint AI training. It combines sticky policies with Trusted Execution Environments through a hardware-protected middleware and programming language runtime that creates a sandbox for both processing and enforcement. This setup enforces policies on data and all derived outputs throughout their lifecycle, supporting data-in-use protection and dynamic multi-node work. A sympathetic reader would care because it offers a path to policy-compliant shared computation without exposing raw information or relying solely on software isolation.

Core claim

Styx employs a hardware-TEE-protected middleware with a programming language runtime to form a sandboxed environment for both the data processing and policy enforcement, enabling strong yet flexible data-specific policy enforcement throughout the entire data lifecycle and data derivation to achieve data-in-use protection, data lifecycle protection and dynamic collaboration.

What carries the argument

The TEE-protected middleware combined with a programming language runtime, which forms the sandbox that handles processing while binding and checking sticky policies at every step.

If this is right

  • Collaborative AI training becomes feasible among distrusting stakeholders while remaining policy-compliant and privacy-preserving.
  • Policies remain attached and enforced on derived data and across multi-node pipelines.
  • Single-node computation carries reasonable overhead and the design supports scaling to large distributed deployments.
  • Data-in-use protection and dynamic collaboration are achieved without exposing raw data.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same sandbox could support other multi-party tasks that require varying per-data rules, such as medical record analysis.
  • It reduces dependence on a single trusted intermediary by shifting enforcement into hardware-protected execution.
  • Performance measurements on real TEE hardware would clarify whether the overhead stays acceptable as node count grows.

Load-bearing premise

The TEE hardware and custom middleware correctly isolate execution and enforce sticky policies without leaks, bypasses, or violations during data derivation and multi-node collaboration.

What would settle it

A test in which Styx-processed data violates its attached policy or leaks to an unauthorized party during a joint AI training run across multiple nodes would show the central claim does not hold.

Figures

Figures reproduced from arXiv: 2604.04082 by Ninghui Li, Shixuan Zhao, Weicheng Wang, Zhiqiang Lin.

Figure 1
Figure 1. Figure 1: A motivating scenario that hospitals jointly train a [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: A BNF specification for Pad. ⟨encrypted-payload⟩ is obtained from aes-encryptdatakey(⟨plaintext-payload⟩). Data Producer. A data producer is a TEE-protected program that generates and packs the raw data into Pad. It is provisioned with policies and encryption keys directly from the data custodian. Data Consumer. A data consumer is a program that reads and operates on Pad. It is not allowed to access the da… view at source ↗
Figure 3
Figure 3. Figure 3: The workflow of the Styx. Raw Data Attributes Data Derivation Checked Policy Derived Data Attributes Policy Check PAD Output Input Policy Derived Policy Derived Data Attributes Sandbox Consumer Program Sandbox Policy Engine [PITH_FULL_IMAGE:figures/full_fig_p006_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Data and policy derivation workflow. Green back [PITH_FULL_IMAGE:figures/full_fig_p006_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: The format of Pad in our implementation. The left side shows the view of a Pad before decryption. alternatives based on the need of the application. The source code of Styx will be released on GitHub upon paper publication. We follow our design philosophy that the data protocol and framework should be detached from a specific architecture so the data can be processed on heterogeneous processing nodes. Then… view at source ↗
Figure 7
Figure 7. Figure 7: Timeline breakdown of the jointly training example [PITH_FULL_IMAGE:figures/full_fig_p009_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Per-Pad latency on large scale distributed deploy￾ment from simulation. were lower than 0.4 ms, meaning that Styx can maintain a good scalability and low overhead even with heavy inputs and outputs. It is worth noting that the overheads of the policy check sig￾nificantly depend on how complex the logic of the policy engine implements. As a module for the runtime, the performance is also highly related to t… view at source ↗
Figure 9
Figure 9. Figure 9: Normalized NBench slowdown of WAMR over a vanilla result. [PITH_FULL_IMAGE:figures/full_fig_p011_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Normalized libonnx benchmark slowdown of the 6 models provided. [PITH_FULL_IMAGE:figures/full_fig_p011_10.png] view at source ↗
read the original abstract

Protecting sensitive information in data-driven collaborations, such as AI training, while meeting the diverse requirements of multiple mutually distrusted stakeholders, is both crucial and challenging. This paper presents Styx, a novel framework to address this challenge by integrating sticky policies with Trusted Execution Environments (TEEs). At a high level, Styx employs a hardware-TEE-protected middleware with a programming language runtime to form a sandboxed environment for both the data processing and policy enforcement. We carefully designed a data processing workflow and pipelines to enable a strong yet flexible data-specific policy enforcement throughout the entire data lifecycle and data derivation to achieve data-in-use protection, data lifecycle protection and dynamic collaboration. We implemented Styx and demonstrated its ability to make collaborative computing, such as joint AI training, more secure, privacy-preserving, and policy-compliant. Our evaluation shows the performance overheads imposed by Styx are reasonable on single-node computation with the capability to scale to a large distributed multi-node deployment.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper presents Styx, a framework integrating sticky policies with Trusted Execution Environments (TEEs) to enable secure collaborative data processing among mutually distrusted parties. It uses a hardware-TEE-protected middleware together with a programming-language runtime to create a sandboxed environment that enforces data-specific policies throughout the data lifecycle, including during derivation and multi-node collaboration, with an implementation and evaluation claiming reasonable overheads on single-node workloads and scalability to distributed deployments such as joint AI training.

Significance. If the TEE isolation and policy-enforcement mechanisms function as described, Styx would offer a practical advance in privacy-preserving collaborative computation by providing both hardware-backed isolation and flexible sticky-policy support for data-in-use protection. The emphasis on dynamic collaboration and data-derivation tracking addresses a real gap in existing TEE and policy systems, with potential impact on secure AI training and multi-party data analytics.

major comments (2)
  1. [§5] §5 (Evaluation): the claim of 'reasonable overheads' and scalability to large multi-node deployments is central, yet the section provides only high-level statements without quantitative breakdowns of policy-enforcement cost during data derivation or direct comparisons against non-TEE baselines.
  2. [§3] §3 (System Architecture): the security argument rests on the assumption that the custom middleware and runtime correctly propagate policy tags and prevent bypasses or leaks across derivation steps and nodes; no formal threat model, proof sketch, or analysis of side-channel or runtime vulnerabilities is supplied to support this load-bearing claim.
minor comments (2)
  1. [Abstract] Abstract: the phrase 'reasonable overheads' is used without referencing any concrete numbers or figures from the evaluation, reducing immediate clarity.
  2. [§4] §4 (Workflow): a diagram illustrating the end-to-end pipeline with policy-tag propagation would improve readability of the data-derivation steps.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their positive assessment and constructive feedback on our manuscript. We address the major comments below and will revise the paper accordingly to strengthen the evaluation and security arguments.

read point-by-point responses

  1. Referee: §5 (Evaluation): the claim of 'reasonable overheads' and scalability to large multi-node deployments is central, yet the section provides only high-level statements without quantitative breakdowns of policy-enforcement cost during data derivation or direct comparisons against non-TEE baselines.

    Authors: We agree that the evaluation section would benefit from more detailed quantitative analysis. In the revised version, we will expand §5 to include specific measurements of the overhead introduced by policy enforcement during data derivation operations. We will also add direct performance comparisons against equivalent non-TEE implementations to better contextualize the 'reasonable overheads' claim. These additions will provide a clearer picture of the costs and scalability. revision: yes

  2. Referee: §3 (System Architecture): the security argument rests on the assumption that the custom middleware and runtime correctly propagate policy tags and prevent bypasses or leaks across derivation steps and nodes; no formal threat model, proof sketch, or analysis of side-channel or runtime vulnerabilities is supplied to support this load-bearing claim.

    Authors: The design of Styx relies on the isolation guarantees provided by the TEE hardware, with the middleware and runtime implementing policy tag propagation within the protected environment. We acknowledge the absence of an explicit threat model in the current manuscript. In the revision, we will add a formal threat model subsection to §3, including a proof sketch for the policy propagation mechanism and a discussion of potential side-channel and runtime vulnerabilities, along with mitigations based on our design choices. revision: yes

Circularity Check

0 steps flagged

No significant circularity; claims rest on system construction and evaluation

full rationale

The paper describes a concrete system architecture (TEE-protected middleware plus language runtime) for enforcing sticky policies across data lifecycle and derivation. Central claims are justified by the explicit workflow design, implementation details, and reported performance measurements on single-node and distributed setups. No equations, fitted parameters, or derivations appear that reduce to self-definitions or prior self-citations. Security assumptions are stated as given (standard TEE isolation plus custom tags) and evaluated empirically rather than derived circularly from the same inputs. This is a standard systems-construction paper with independent implementation evidence.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The framework depends on the security guarantees of TEE hardware and the correctness of the custom middleware and workflow design; no free parameters or quantitative fits are mentioned.

axioms (1)
  • domain assumption Trusted Execution Environments provide isolated execution that prevents unauthorized access or policy bypass by the host system
    This is the foundational premise for the sandboxed middleware and policy enforcement described in the abstract.
invented entities (1)
  • Styx TEE-protected middleware and runtime no independent evidence
    purpose: To sandbox data processing and enforce sticky policies across the data lifecycle
    New system component introduced to achieve the claimed protections.

pith-pipeline@v0.9.0 · 5471 in / 1254 out tokens · 48516 ms · 2026-05-13T16:59:37.156997+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

89 extracted references · 89 canonical work pages

  1. [1]

    Amazon Web Services

    Inc. Amazon Web Services. 2011. AWS Identity and Access Management (IAM). https://aws.amazon.com/iam/

    work page 2011

  2. [2]

    Amazon Web Services

    Inc. Amazon Web Services. 2020. AWS Key Management Service. https://aws. amazon.com/kms/

    work page 2020

  3. [3]

    Amazon Web Services

    Inc. Amazon Web Services. 2020. AWS Nitro Enclaves. https://aws.amazon.com/ ec2/nitro/nitro-enclaves/

    work page 2020

  4. [4]

    Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer

    Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implem...

    work page 2016

  5. [5]

    N Asokan, Jan-Erik Ekberg, Kari Kostiainen, Anand Rajan, Carlos Rozas, Ahmad- Reza Sadeghi, Steffen Schulz, and Christian Wachsmann. 2014. Mobile trusted computing.Proc. IEEE102, 8 (2014), 1189–1206

    work page 2014

  6. [6]

    Web Assembly. [n. d.]. WebAssembly. https://webassembly.org. (Accessed on 30/04/2022)

    work page 2022

  7. [7]

    John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-policy attribute-based encryption. In2007 IEEE symposium on security and privacy (SP’07). IEEE, 321–334

    work page 2007

  8. [8]

    Peter Bogetoft, Dan Lund Christensen, Ivan Damgård, Martin Geisler, Thomas Jakobsen, Mikkel Krøigaard, Janus Dam Nielsen, Jesper Buus Nielsen, Kurt Nielsen, Jakob Pagter, et al . 2009. Secure multiparty computation goes live. InFinancial Cryptography and Data Security: 13th International Conference, FC 2009, Accra Beach, Barbados, February 23-26, 2009. Re...

    work page 2009

  9. [9]

    Dan Boneh and Matt Franklin. 2001. Identity-based encryption from the Weil pairing. InAnnual international cryptology conference. Springer, 213–229

    work page 2001

  10. [10]

    Zvika Brakerski and Vinod Vaikuntanathan. 2011. Efficient Fully Homomorphic Encryption from (Standard) LWE.SIAM J. Comput.43, 2 (2011), 831–871. https: //eccc.weizmann.ac.il/report/2011/078/

    work page 2011

  11. [11]

    Andrew Brown. [n. d.]. WebAssembly/wasi-sdk: WASI-enabled WebAssembly C/C++ toolchain. https://github.com/WebAssembly/wasi-sdk. (Accessed on 28/11/2023)

    work page 2023

  12. [12]

    Chih-Chung Chang and Chih-Jen Lin. [n. d.]. cjlin1/libsvm: LIBSVM – A Library for Support Vector Machines. https://github.com/cjlin1/libsvm (Accessed on 14/04/2024)

    work page 2024

  13. [13]

    Fabrizio Cicala, Weicheng Wang, Tianhao Wang, Ninghui Li, Elisa Bertino, Fam- ing Liang, and Yang Yang. 2021. Pure: A framework for analyzing proximity-based contact tracing protocols.ACM Computing Surveys (CSUR)55, 1 (2021), 1–36

    work page 2021

  14. [14]

    Google Cloud. 2020. Google Cloud Key Management Service. https://cloud. google.com/kms/

    work page 2020

  15. [15]

    Google Cloud. 2020. Google Cloud Shielded VMs. https://cloud.google.com/ security/shielded-cloud/shielded-vm

    work page 2020

  16. [16]

    Luigi Coppolino, Salvatore D’Antonio, Giovanni Mazzeo, and Luigi Romano

    work page

  17. [17]

    doi:10.1016/j.cose.2025.104457

    An experimental evaluation of TEE technology: Benchmarking transparent approaches based on SGX, SEV, and TDX.Computers & Security154 (2025), 104457. doi:10.1016/j.cose.2025.104457

    work page doi:10.1016/j.cose.2025.104457 2025

  18. [18]

    2015.Secure multiparty computation

    Ronald Cramer, Ivan Bjerre Damgård, et al. 2015.Secure multiparty computation. Cambridge University Press

    work page 2015

  19. [19]

    Haotian Deng, Weicheng Wang, and Chunyi Peng. 2018. Ceive: Combating caller id spoofing on 4g mobile phones via callee-only inference and verification. In Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. 369–384

    work page 2018

  20. [20]

    Frank Denis. [n. d.]. Performance of WebAssembly runtimes in 2023 | Frank DENIS random thoughts. https://00f.net/2023/01/04/webassembly-benchmark-2023/. (Accessed on 28/11/2023)

    work page 2023

  21. [21]

    Nathan Dowlin, Ran Gilad-Bachrach, Kim Laine, Kristin Lauter, Michael Naehrig, and John Wernsing. 2016. CryptoNets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy. InInternational Conference on Machine Learning (ICML). http://proceedings.mlr.press/v48/dowlin16.pdf

    work page 2016

  22. [22]

    Zvi Galil, Stuart Haber, and Moti Yung. 1987. Cryptographic computation: Secure fault-tolerant protocols and the public-key model. InConference on the Theory and Application of Cryptographic Techniques. Springer, 135–155

    work page 1987

  23. [23]

    Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. 2003. Terra: A virtual machine-based platform for trusted computing. InProceedings of the nineteenth ACM symposium on Operating systems principles. 193–206

    work page 2003

  24. [24]

    2009.A Fully Homomorphic Encryption Scheme

    Craig Gentry. 2009.A Fully Homomorphic Encryption Scheme. Technical Report STAN-CS-09-XXX. Stanford University. https://crypto.stanford.edu/craig/craig- thesis.pdf

    work page 2009

  25. [25]

    Craig Gentry and Shai Halevi. 2011. Implementing Gentry’s Fully-Homomorphic Encryption Scheme. InProceedings of the 31st Annual International Conference on Advances in Cryptology (CRYPTO ’11). 129–148. https://eprint.iacr.org/2011/133. pdf

    work page 2011

  26. [26]

    Dimitra Giantsidi, Julian Pritzi, Felix Gust, Antonios Katsarakis, Atsushi Koshiba, and Pramod Bhatotia. 2025. TNIC: A Trusted NIC Architecture: A hardware- network substrate for building high-performance trustworthy distributed sys- tems. InProceedings of the 30th ACM International Conference on Architectural Support for Programming Languages and Operati...

    work page doi:10.1145/3676641.3716277 2025

  27. [27]

    Alexanda S Gillis. 2019. confidential computing. https://www.techtarget.com/ searchcloudcomputing/definition/confidential-computing

    work page 2019

  28. [28]

    Oded Goldreich, Silvio Micali, and Avi Wigderson. 2019. How to play any mental game, or a completeness theorem for protocols with honest majority. InProviding Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali. 307–328

    work page 2019

  29. [29]

    Google. [n. d.]. View build provenance ; cloud build documentation; google cloud. https://cloud.google.com/build/docs/securing-builds/view-build-provenance

    work page

  30. [30]

    Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute- based encryption for fine-grained access control of encrypted data. InProceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, Alexandria, V A, USA, October 30 - November 3, 2006, Ari Juels, Rebecca N. Wright, and Sabrina De Capitani di Vimercati (E...

    work page doi:10.1145/1180405 2006

  31. [31]

    Matthew Green and Giuseppe Ateniese. 2007. Identity-based proxy re-encryption. InApplied Cryptography and Network Security: 5th International Conference, ACNS 2007, Zhuhai, China, June 5-8, 2007. Proceedings 5. Springer, 288–306

    work page 2007

  32. [32]

    Franz Gregor, Wojciech Ozga, Sébastien Vaucher, Rafael Pires, Do Le Quoc, Sergei Arnautov, André Martin, Valerio Schiavoni, Pascal Felber, and Christof Fetzer

    work page

  33. [33]

    In2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

    Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders. In2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 502–514. doi:10.1109/DSN48063.2020. 00063

    work page doi:10.1109/dsn48063.2020 2020

  34. [34]

    Jinnan Guo, Peter Pietzuch, Andrew Paverd, and Kapil Vaswani. 2024. Trustwor- thy AI Using Confidential Federated Learning.Commun. ACM67, 9 (Aug. 2024), 48–53. doi:10.1145/3677390

    work page doi:10.1145/3677390 2024

  35. [35]

    Yan Huang, David Evans, Jonathan Katz, and Lior Malka. 2011. Faster secure {Two-Party} computation using garbled circuits. In20th USENIX Security Sym- posium (USENIX Security 11)

    work page 2011

  36. [36]

    Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel. 2016. Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). USENIX Association, Savannah, GA, 533–549. https://www.usenix.org/ conference/osdi16/technical-sessions/presentation/hunt

    work page 2016

  37. [37]

    Syed Hussain, Omar Chowdhury, Shagufta Mehnaz, and Elisa Bertino. 2018. LTEInspector: A systematic approach for adversarial testing of 4G LTE. InNet- work and Distributed Systems Security (NDSS) Symposium 2018

    work page 2018

  38. [38]

    Jianjun Jiang. [n. d.]. xboot/libonnx: A lightweight, portable pure C99 onnx inference engine for embedded devices with hardware acceleration support. https://github.com/xboot/libonnx (Accessed on 14/04/2024)

    work page 2024

  39. [39]

    Imtiaz Karim, Abdullah Al Ishtiaq, Syed Rafiul Hussain, and Elisa Bertino. 2023. BLEDiff: Scalable and Property-Agnostic Noncompliance Checking for BLE Im- plementations. In2023 IEEE Symposium on Security and Privacy (SP). IEEE, 3209– 3227

    work page 2023

  40. [40]

    Günter Karjoth, Matthias Schunter, and Michael Waidner. 2002. Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data. InPrivacy Enhancing Technologies, Second International Workshop, PET 2002, San Francisco, CA, USA, April 14-15, 2002, Revised Papers (Lecture Notes in Computer Science, Vol. 2482). Springer, 69–84

    work page 2002

  41. [41]

    Byeongwook Kim, Jaewon Hur, Adil Ahmad, and Byoungyoung Lee. 2025. Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Iso- lated Execution. In32nd Annual Network and Distributed System Security Sympo- sium, NDSS 2025, San Diego, California, USA, February 24-28, 2025. The Internet So- ciety. https://www.ndss-symposium.org/ndss-p...

    work page 2025

  42. [42]

    2006.Trusted platform module basics: using TPM in embedded systems

    Steven L Kinney. 2006.Trusted platform module basics: using TPM in embedded systems. Elsevier. , , Shixuan Zhao, Weicheng Wang, Ninghui Li, and Zhiqiang Lin

    work page 2006

  43. [43]

    Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In 2019 40th IEEE Symposium on Security and Privacy, SP 2019. IEEE

    work page 2019

  44. [44]

    Dmitrii Kuvaiskii, Dimitrios Stavrakakis, Kailun Qin, Cedric Xing, Pramod Bhato- tia, and Mona Vij. 2024. Gramine-TDX: A Lightweight OS Kernel for Confidential VMs. InProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security(Salt Lake City, UT, USA)(CCS ’24). Association for Com- puting Machinery, New York, NY, USA, 4598–461...

    work page doi:10.1145/3658644.3690323 2024

  45. [45]

    Programming Language and compiler Benchmarks. 2024. C VS Javascript bench- marks. https://programming-language-benchmarks.vercel.app/c-vs-javascript. (Accessed on 26/01/2024)

    work page 2024

  46. [46]

    Programming Language and compiler Benchmarks. 2024. C VS Python bench- marks. https://programming-language-benchmarks.vercel.app/c-vs-python. (Ac- cessed on 26/01/2024)

    work page 2024

  47. [47]

    Dahlia Malkhi, Noam Nisan, Benny Pinkas, Yaron Sella, et al . 2004. Fairplay- Secure Two-Party Computation System.. InUSENIX security symposium, Vol. 4. San Diego, CA, USA, 9

    work page 2004

  48. [48]

    Uwe F. Mayer. [n. d.]. Linux/Unix nbench. https://www.math.utah.edu/~mayer/ linux/bmark.html. (Accessed on 28/11/2023)

    work page 2023

  49. [49]

    Daniele Miorandi, Alessandra Rizzardi, Sabrina Sicari, and Alberto Coen-Porisini

    work page

  50. [50]

    Sticky Policies: A Survey.IEEE Trans. Knowl. Data Eng.32, 12 (2020), 2481–2499. doi:10.1109/TKDE.2019.2936353

    work page doi:10.1109/tkde.2019.2936353 2020

  51. [51]

    Payman Mohassel and Yupeng Zhang. 2017. Secureml: A system for scalable privacy-preserving machine learning. In2017 IEEE symposium on security and privacy (SP). IEEE, 19–38

    work page 2017

  52. [52]

    Marco Casassa Mont, Siani Pearson, and Pete Bramhall. 2003. Towards Account- able Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. In14th International Workshop on Database and Expert Systems Appli- cations (DEXA’03), September 1-5, 2003, Prague, Czech Republic. IEEE Computer Society, 377–382. doi:10.1109/DEXA.2003.1232051

    work page doi:10.1109/dexa.2003.1232051 2003

  53. [53]

    Steven J Murdoch. 2015. Introduction to Trusted Execution Environments (TEE)—IY5606.CiteSeerx: University Park, PA, USA(2015)

    work page 2015

  54. [54]

    Jämes Ménétrey, Marcelo Pasin, Pascal Felber, Valerio Schiavoni, Giovanni Mazzeo, Arne Hollum, and Darshan Vaydia. 2024. A Comprehensive Trusted Runtime for WebAssembly With Intel SGX.IEEE Transactions on Dependable and Secure Computing21, 4 (2024), 3562–3579. doi:10.1109/TDSC.2023.3334516

    work page doi:10.1109/tdsc.2023.3334516 2024

  55. [55]

    Nataraj Nagaratnam. 2020. What is confidential computing? https://www.ibm. com/cloud/learn/confidential-computing

    work page 2020

  56. [56]

    David Naylor, Alessandro Finamore, Ilias Leontiadis, Yan Grunenberger, Marco Mellia, Maurizio Munafò, Konstantina Papagiannaki, and Peter Steenkiste. 2014. The Cost of the "S" in HTTPS. InProceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies(Sydney, Australia)(CoNEXT ’14). Association for Computing Mac...

    work page doi:10.1145/2674005.2674991 2014

  57. [57]

    NVDIA. [n. d.]. Confidential Computing | NVIDIA. https://www.nvidia.com/en- us/data-center/solutions/confidential-computing/. (Accessed on 27/1/2024)

    work page 2024

  58. [58]

    ONNX. [n. d.]. ONNX | Home. https://onnx.ai. (Accessed on 25/01/2024)

    work page 2024

  59. [59]

    Julian Padget and Wamberto W Vasconcelos. 2015. Policy-carrying data: A step towards transparent data sharing.Procedia Computer Science52 (2015), 59–66

    work page 2015

  60. [60]

    Jaehong Park and Ravi Sandhu. 2002. Towards usage control models: beyond traditional access control. InProceedings of the seventh ACM symposium on Access control models and technologies. 57–64

    work page 2002

  61. [61]

    Jaehong Park and Ravi S. Sandhu. 2004. The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur.7, 1 (2004), 128–174. doi:10.1145/984334.984339

    work page doi:10.1145/984334.984339 2004

  62. [62]

    Siani Pearson and Marco Casassa Mont. 2011. Sticky Policies: An Approach for Managing Privacy across Multiple Parties.Computer44, 9 (2011), 60–68. doi:10.1109/MC.2011.225

    work page doi:10.1109/mc.2011.225 2011

  63. [63]

    Ron Perez. 2021. Case study: Confidential Computing. https://www.intel.es/ content/dam/www/central-libraries/us/en/documents/confidential-computing- case-studies.pdf

    work page 2021

  64. [64]

    Matthieu Pigaglio, Joachim Bruneau-Queyreix, Yérom-David Bromberg, Davide Frey, Etienne Rivière, and Laurent Réveillère. 2022. RAPTEE: Leveraging trusted execution environments for Byzantine-tolerant peer sampling services. In2022 IEEE 42nd International Conference on Distributed Computing Systems (ICDCS). 603–613. doi:10.1109/ICDCS54860.2022.00064

    work page doi:10.1109/icdcs54860.2022.00064 2022

  65. [65]

    Alexander Pretschner, Manuel Hilty, and David A. Basin. 2006. Distributed usage control.Commun. ACM49, 9 (2006), 39–44. doi:10.1145/1151030.1151053

    work page doi:10.1145/1151030.1151053 2006

  66. [66]

    Patrick Sabanic, Masanori Misono, Teofil Bodea, Julian Pritzi, Michael Hackl, Dimitrios Stavrakakis, and Pramod Bhatotia. 2025. Confidential Serverless Com- puting. arXiv:2504.21518 [cs.CR] https://arxiv.org/abs/2504.21518

    work page arXiv 2025

  67. [67]

    AMD Sev-Snp. 2020. Strengthening VM isolation with integrity protection and more.White Paper, January53 (2020), 1450–1465

    work page 2020

  68. [68]

    Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. 2017. Panoply: Low-TCB Linux Applications With SGX Enclaves.. InNDSS

    work page 2017

  69. [69]

    Arm Blueprint staff. 2021. What Is Confidential Computing? Here’s A Great Example. https://www.arm.com/blogs/blueprint/confidential-computing

    work page 2021

  70. [70]

    François-Xavier Standaert. 2010. Introduction to side-channel attacks.Secure integrated circuits and systems(2010), 27–42

    work page 2010

  71. [71]

    Mingshen Sun and Ram Rachum. [n. d.]. mesalock-linux/mesapy: A Fast and Safe Python based on PyPy. https://github.com/mesalock-linux/mesapy. (Accessed on 27/1/2024)

    work page 2024

  72. [72]

    Microsoft team. 2022. Azure confidential computing: Use cases and scenar- ios. https://learn.microsoft.com/en-us/azure/confidential-computing/use-cases- scenarios

    work page 2022

  73. [73]

    Shota Tokuda, Shohei Kakei, Yoshiaki Shiraishi, and Shoichi Saito. 2025. De- centralized Data Usage Control with Confidential Data Processing on Trusted Execution Environment and Distributed Ledger Technology. InNetwork and System Security, Houbing Herbert Song, Roberto Di Pietro, Saed Alrabaee, Mo- hammad Tubishat, Mousa Al-kfairy, and Omar Alfandi (Eds....

    work page 2025

  74. [74]

    Vinod Vaikuntanathan. 2010. Computing Blindfolded: New Developments in Fully Homomorphic Encryption.Bulletin of the EATCS100 (2010), 31–54. https: //eccc.weizmann.ac.il/report/2010/131/

    work page 2010

  75. [75]

    Amit Vasudevan, Emmanuel Owusu, Zongwei Zhou, James Newsome, and Jonathan M McCune. 2012. Trustworthy execution on mobile devices: What security properties can my mobile platform give me?. InTrust and Trustworthy Computing: 5th International Conference, TRUST 2012, Vienna, Austria, June 13-15,

    work page 2012

  76. [76]

    Springer, 159–178

    Proceedings 5. Springer, 159–178

    work page

  77. [77]

    Robert Walther, Carsten Weinhold, Peter Amthor, and Michael Roitzsch. 2024. Multi-Stakeholder Policy Enforcement for Distributed Systems. InProceedings of the 10th International Workshop on Container Technologies and Container Clouds (Hong Kong, Hong Kong)(WoC ’24). Association for Computing Machinery, New York, NY, USA, 7–12. doi:10.1145/3702637.3702958

    work page doi:10.1145/3702637.3702958 2024

  78. [78]

    Weicheng Wang, Fabrizio Cicala, Syed Rafiul Hussain, Elisa Bertino, and Ninghui Li. 2020. Analyzing the attack landscape of Zigbee-enabled IoT systems and reinstating users’ privacy. InProceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 133–143

    work page 2020

  79. [79]

    Weicheng Wang, Hyunwoo Lee, Yan Huang, Elisa Bertino, and Ninghui Li. 2023. Towards Efficient Privacy-Preserving Deep Packet Inspection. InEuropean Sym- posium on Research in Computer Security. Springer, 166–192

    work page 2023

  80. [80]

    Wolberg William, Mangasarian Olvi, Street Nick, and Street W. [n. d.]. Breast Cancer Wisconsin (Diagnostic). https://archive.ics.uci.edu/dataset/17/breast+ cancer+wisconsin+diagnostic (Accessed on 14/04/2024)

    work page 2024

Showing first 80 references.