![]()
NDSS 2025 – A Formal Approach To Multi-Layered Privileges For Enclaves
嗯,用户让我帮忙总结一篇文章的内容,控制在100字以内,而且不需要特定的开头。首先,我需要仔细阅读用户提供的文章内容,找出关键信息。
文章标题是“Trusted Hardware and Execution”,看起来是关于可信执行环境的。作者们来自上海交通大学,他们提出了一种名为Palantir的模型。这个模型用于安全地扩展 enclave 的功能,通过多层特权机制来增强安全性。
接下来,我需要提取主要点:Palantir模型、多层特权、父 enclave 对子 enclave 的控制权限、基于RISC-V平台的实现。这些信息需要简洁地表达出来,不超过100字。
然后,我要确保语言流畅,不使用复杂的术语,让用户容易理解。同时,避免使用“这篇文章”或“文章内容总结”这样的开头,直接进入描述。
最后,检查字数是否符合要求,并确保所有关键点都被涵盖。这样用户就能快速了解文章的核心内容了。
</think>
该研究提出了一种名为Palantir的多层特权模型,用于增强可信执行环境(TEE)的安全性。通过建立父-子enclave关系和多层特权机制,该模型实现了安全的功能扩展,并在RISC-V平台上进行了原型实现。
2025-12-26 20:0:0
Author: securityboulevard.com(查看原文)
阅读量:4
收藏
Session 7B: Trusted Hardware and Execution
Authors, Creators & Presenters: Ganxiana Yana (Shanghai Jiao Tona Universitv). Chenvana Liu (Shanghai Jiao Tong Universitv). Zhen Huana (Shanghai Jiao Tona Universitv). Guoxina Chen (Shanghail Ganxiang Yang (Shanghai Jiao Tong University), Chenyang Liu (Shanghai Jiao Tong University), Zhen Huang (Shanghai Jiao Tong University), Guoxing Chen (Shanghai Jiao Tong University), Hongfei Fu (Shanghai Jiao Tong University), Yuanyuan Zhang (Shanghai Jiao Tong University), Hao|in Zhu (Shanghai Jiao Tong University
PAPER
A Formal Approach to Multi-Layered Privileges for Enclaves
Trusted Execution Environments (TEE) have been widely adopted as a protection approach for security-critical applications. Although feature extensions have been previously proposed to improve the usability of enclaves, their provision patterns are still confronted with security challenges. This paper presents Palantir, a verifiable multi-layered inter-enclave privilege model for secure feature extensions to enclaves. Specifically, a parent-children inter-enclave relationship, with which a parent enclave is granted two privileged permissions, the Execution Control and Spatial Control, over its children enclaves to facilitate secure feature extensions, is introduced. Moreover, by enabling nesting parent-children relationships, Palantir achieves multi-layered privileges (MLP) that allow feature extensions to be placed in various privilege layers following the Principle of Least Privilege. To prove the security of Palantir, we verified that our privilege model does not break or weaken the security guarantees of enclaves by building and verifying a formal model named TAPinfty. Furthermore, We implemented a prototype of Palantir on Penglai, an open-sourced RISC-V TEE platform.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations’ YouTube Channel.
*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.infosecurity.us/blog/2025/12/26/ndss-2025-a-formal-approach-to-multi-layered-privileges-for-enclaves
文章来源: https://securityboulevard.com/2025/12/ndss-2025-a-formal-approach-to-multi-layered-privileges-for-enclaves/
如有侵权请联系:admin#unsafe.sh