SoK:下一代安全计算的软硬件安全协同设计机会

Deeksha Dangwal, M. Cowan, Armin Alaghi, Vincent T. Lee, Brandon Reagen, Caroline Trippel
{"title":"SoK:下一代安全计算的软硬件安全协同设计机会","authors":"Deeksha Dangwal, M. Cowan, Armin Alaghi, Vincent T. Lee, Brandon Reagen, Caroline Trippel","doi":"10.1145/3458903.345891","DOIUrl":null,"url":null,"abstract":"Users are demanding increased data security. As a result, security is rapidly becoming a first-order design constraint in next generation computing systems. Researchers and practitioners are exploring various security technologies to meet user demand such as trusted execution environments (e.g., Intel SGX, ARM TrustZone), homomorphic encryption, and differential privacy. Each technique provides some degree of security, but differs with respect to threat coverage, performance overheads, as well as implementation and deployment challenges. In this paper, we present a systemization of knowledge (SoK) on these design considerations and trade-offs using several prominent security technologies. Our study exposes the need for software-hardware-security codesign to realize efficient and effective solutions of securing user data. In particular, we explore how design considerations across applications, hardware, and security mechanisms must be combined to overcome fundamental limitations in current technologies so that we can minimize performance overhead while achieving sufficient threat model coverage. Finally, we propose a set of guidelines to facilitate putting these secure computing technologies into practice.","PeriodicalId":141766,"journal":{"name":"Hardware and Architectural Support for Security and Privacy","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"SoK: Opportunities for Software-Hardware-Security Codesign for Next Generation Secure Computing\",\"authors\":\"Deeksha Dangwal, M. Cowan, Armin Alaghi, Vincent T. Lee, Brandon Reagen, Caroline Trippel\",\"doi\":\"10.1145/3458903.345891\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Users are demanding increased data security. As a result, security is rapidly becoming a first-order design constraint in next generation computing systems. Researchers and practitioners are exploring various security technologies to meet user demand such as trusted execution environments (e.g., Intel SGX, ARM TrustZone), homomorphic encryption, and differential privacy. Each technique provides some degree of security, but differs with respect to threat coverage, performance overheads, as well as implementation and deployment challenges. In this paper, we present a systemization of knowledge (SoK) on these design considerations and trade-offs using several prominent security technologies. Our study exposes the need for software-hardware-security codesign to realize efficient and effective solutions of securing user data. In particular, we explore how design considerations across applications, hardware, and security mechanisms must be combined to overcome fundamental limitations in current technologies so that we can minimize performance overhead while achieving sufficient threat model coverage. Finally, we propose a set of guidelines to facilitate putting these secure computing technologies into practice.\",\"PeriodicalId\":141766,\"journal\":{\"name\":\"Hardware and Architectural Support for Security and Privacy\",\"volume\":\"33 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-10-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Hardware and Architectural Support for Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3458903.345891\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Hardware and Architectural Support for Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3458903.345891","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

摘要

用户要求提高数据安全性。因此,安全性正迅速成为下一代计算系统的一级设计约束。研究人员和从业者正在探索各种安全技术,以满足用户的需求,如可信执行环境(例如,Intel SGX、ARM TrustZone)、同态加密和差分隐私。每种技术都提供了一定程度的安全性,但在威胁覆盖范围、性能开销以及实现和部署挑战方面有所不同。在本文中,我们使用几种著名的安全技术提供了关于这些设计考虑和权衡的系统化知识(SoK)。我们的研究揭示了软件-硬件-安全协同设计的必要性,以实现高效和有效的保护用户数据的解决方案。特别是,我们将探讨如何将跨应用程序、硬件和安全机制的设计考虑结合起来,以克服当前技术中的基本限制,从而在实现充分的威胁模型覆盖的同时最小化性能开销。最后,我们提出了一套指导方针,以促进将这些安全计算技术付诸实践。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
SoK: Opportunities for Software-Hardware-Security Codesign for Next Generation Secure Computing
Users are demanding increased data security. As a result, security is rapidly becoming a first-order design constraint in next generation computing systems. Researchers and practitioners are exploring various security technologies to meet user demand such as trusted execution environments (e.g., Intel SGX, ARM TrustZone), homomorphic encryption, and differential privacy. Each technique provides some degree of security, but differs with respect to threat coverage, performance overheads, as well as implementation and deployment challenges. In this paper, we present a systemization of knowledge (SoK) on these design considerations and trade-offs using several prominent security technologies. Our study exposes the need for software-hardware-security codesign to realize efficient and effective solutions of securing user data. In particular, we explore how design considerations across applications, hardware, and security mechanisms must be combined to overcome fundamental limitations in current technologies so that we can minimize performance overhead while achieving sufficient threat model coverage. Finally, we propose a set of guidelines to facilitate putting these secure computing technologies into practice.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信