Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Thu 9 Jul 2020 00:48 - 01:00 at Baekje - P13-Security Chair(s): Joshua Garcia

The big data industry is facing new challenges as concerns about privacy leakage soar. One of the remedies to privacy breach incidents is to encapsulate computations over sensitive data within hardware-assisted Trusted Execution Environments (TEE). Such TEE-powered software is called secure enclaves. Security enclaves hold various advantages against competing privacy-preserving computation techniques; however, enclaves are much more challenging to build than ordinary software. The reason is that developing TEE software has to follow a restrictive programming model to make effective use of the strong memory encryption and segregation enforced by hardware. These constraints transitively apply to all third-party dependencies of the software, thus costing developers considerably more engineering efforts. High development and maintenance cost is one of the major obstacles against employing TEE-based privacy protection in production.

In this paper, we present our experience and achievements with regard to constructing and continuously maintaining a third-party library supply chain for TEE developers. In particular, we port a large collection of Rust third-party libraries into Intel SGX, one of the most mature trusted computing platforms. Our supply chain accepts upstream patches in a timely manner with SGX-specific security auditing. We have been able to maintain the SGX ports of 159 open-source Rust libraries with reasonable operational costs. Our work can effectively reduce the engineering cost of developing SGX enclaves for privacy-preserving data processing and exchange.

Thu 9 Jul
Times are displayed in time zone: (UTC) Coordinated Universal Time change

00:00 - 01:00: P13-SecurityPaper Presentations / Technical Papers / Software Engineering in Practice at Baekje
Chair(s): Joshua GarciaUniversity of California, Irvine
00:00 - 00:12
Burn After Reading: A Shadow Stack with Microsecond-level Runtime Rerandomization for Protecting Return AddressesTechnicalArtifact Available
Technical Papers
Changwei ZouUNSW Sydney, Jingling XueUNSW Sydney
00:12 - 00:24
Automated Identification of Libraries from Vulnerability DataSEIP
Software Engineering in Practice
Chen YangVeracode, Inc., Andrew SantosaVeracode, Inc., Asankhaya SharmaVeracode, Inc., David LoSingapore Management University
Pre-print Media Attached
00:24 - 00:36
Unsuccessful Story about Few Shot Malware-Family Classification and Siamese Network to the RescueTechnical
Technical Papers
Yude BaiTianjin University, Zhenchang XingAustralia National University, Li XiaohongTianJin University, Zhiyong FengTianjin University, Duoyuan MaTianjin University
00:36 - 00:48
SpecuSym: Speculative Symbolic Execution for Cache Timing Leak DetectionTechnical
Technical Papers
Shengjian GuoBaidu X-Lab, Yueqi ChenThe Pennsylvania State University, Peng LiBaidu X-Lab, Yueqiang ChengBaidu Security, Huibo WangBaidu X-Lab, Meng WuAnt Financial, Zhiqiang ZuoNanjing University, China
00:48 - 01:00
Building and Maintaining a Third-Party Library Supply Chain for Productive and Secure SGX Enclave DevelopmentSEIP
Software Engineering in Practice
Pei WangBaidu X-Lab, Yu DingBaidu X-Lab, Mingshen SunBaidu X-Lab, Huibo WangBaidu X-Lab, Tongxin LiBaidu X-Lab, Rundong ZhouBaidu X-Lab, Zhaofeng Chen, Yiming JingBaidu X-Lab