Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Thu 9 Jul 2020 00:48 - 01:00 at Baekje - P13-Security Chair(s): Joshua Garcia

The big data industry is facing new challenges as concerns about privacy leakage soar. One of the remedies to privacy breach incidents is to encapsulate computations over sensitive data within hardware-assisted Trusted Execution Environments (TEE). Such TEE-powered software is called secure enclaves. Security enclaves hold various advantages against competing privacy-preserving computation techniques; however, enclaves are much more challenging to build than ordinary software. The reason is that developing TEE software has to follow a restrictive programming model to make effective use of the strong memory encryption and segregation enforced by hardware. These constraints transitively apply to all third-party dependencies of the software, thus costing developers considerably more engineering efforts. High development and maintenance cost is one of the major obstacles against employing TEE-based privacy protection in production.

In this paper, we present our experience and achievements with regard to constructing and continuously maintaining a third-party library supply chain for TEE developers. In particular, we port a large collection of Rust third-party libraries into Intel SGX, one of the most mature trusted computing platforms. Our supply chain accepts upstream patches in a timely manner with SGX-specific security auditing. We have been able to maintain the SGX ports of 159 open-source Rust libraries with reasonable operational costs. Our work can effectively reduce the engineering cost of developing SGX enclaves for privacy-preserving data processing and exchange.

Thu 9 Jul
Times are displayed in time zone: (UTC) Coordinated Universal Time change

00:00 - 01:00: Paper Presentations - P13-Security at Baekje
Chair(s): Joshua GarciaUniversity of California, Irvine
icse-2020-papers00:00 - 00:12
Changwei ZouUNSW Sydney, Jingling XueUNSW Sydney
icse-2020-Software-Engineering-in-Practice00:12 - 00:24
Chen YangVeracode, Inc., Andrew SantosaVeracode, Inc., Asankhaya SharmaVeracode, Inc., David LoSingapore Management University
Pre-print Media Attached
icse-2020-papers00:24 - 00:36
Yude BaiTianjin University, Zhenchang XingAustralia National University, Li XiaohongTianJin University, Zhiyong FengTianjin University, Duoyuan MaTianjin University
icse-2020-papers00:36 - 00:48
Shengjian GuoBaidu X-Lab, Yueqi ChenThe Pennsylvania State University, Peng LiBaidu X-Lab, Yueqiang ChengBaidu Security, Huibo WangBaidu X-Lab, Meng WuAnt Financial, Zhiqiang ZuoNanjing University, China
icse-2020-Software-Engineering-in-Practice00:48 - 01:00
Pei WangBaidu X-Lab, Yu DingBaidu X-Lab, Mingshen SunBaidu X-Lab, Huibo WangBaidu X-Lab, Tongxin LiBaidu X-Lab, Rundong ZhouBaidu X-Lab, Zhaofeng Chen, Yiming JingBaidu X-Lab