SeFS: A Secure and Efficient File Sharing Framework based on the Trusted Execution Environment

As the cloud-based file sharing becomes increasingly popular, it is crucial to protect the outsourced data against unauthorized access. In this paper, we propose EnShare, a secure and practical file sharing system that leverages cooperation of server-side and client-side enclaves to enforce access control, with the former responsible for registration, authentication and access control enforcement and the latter performing file decryption. Such design significantly reduces the computation workload of server-side enclaves, thus capable of handling concurrent requests. Meanwhile, it also supports immediate permission revocation, since the file decryption keys inside the client-side enclaves are destroyed immediately after use. We implement a prototype of EnShare and the evaluation demonstrates it enforces access control securely with high throughput and low latency.

Smart contracts running on blockchains have emerged as an indispensable mechanism to enhance trust, security, transparency and traceability of data shared among critical distributed applications. Unfortunately, a smart contract deployed on a blockchain by itself is usually inadequate in maintaining data security and privacy because the data are replicated to all the nodes on the network. There has been some recent work that tries to tackle this privacy leakage issue in smart contract execution by integrating blockchains with hardware supported trusted execution environments(TEEs). Although TEEs ensure privacy to some extent, the smart contract execution can still be compromised if the developed code does not use the TEEs' capabilities correctly. One important security issue for leveraging TEEs in practice is the memory access pattern disclosure. Even though the TEEs encrypt all the memory content during the program execution, the memory access sequence can be observed by the malicious operating system, and can be used to infer sensitive information such as “who submitted the second highest bid to the auction?”. Hence, for enhanced security for TEE based applications, the memory access pattern leakage need to be addressed. Given these observations, an apparent question that comes to light is, how can we use TEEs correctly to enable efficient, privacy enhancing and secure applications? In this work, we address this challenge in the context of digital auctions. We develop a novel generic and secure framework that allow an auction smart contract to run inside secure enclaves over Intel SGX based TEEs on a blockchain. To our knowledge, this is the first work that provides access pattern leakage free TEE based secure auction smart contract deployment. We achieve this by implementing oblivious execution (i.e., no memory access pattern leakage) of both first price and second price sealed bid auctions as templates. Furthermore, we implement an end-to-end encryption service to keep the bids secure. Our empirical results and privacy analysis show that this architecture does not cause a significant impact to efficiency given the level of security achieved.

Objectives: The use of the mobile devices in cloud computing environment is susceptible to various kinds of attacks like, unauthorized access, account/service hijacking, data breach and malicious insider. These vulnerabilities make the cloud environment unsafe to share and store data for mobile users. Methods/Analysis: In this paper, we propose a secure file storing and retrieving mechanism to avoid the limitations in existing systems like, file encryption, access rights and key management. Asymmetric key cryptography is utilized to protect the data and retrieval of the data with minimal access rights. Findings: Privacy of the mobile users are protected from the malicious insiders along with the preservation of confidentiality and integrity of the files being accessed. The comparative analysis of different public key infrastructure algorithms utilizing the proposed methodology for key computation, encryption, decryption and resource utilization shows the performance of each algorithm for different file sizes. Application/Improvement: The proposed system provides user access management, key management, encryption and decryption of files through trusted third party to make the data secured in mobile cloud environment.

In the universal Android system, each application runs in its own sandbox, and the permission mechanism is used to enforce access control to the system APIs and applications. However, permission leak could happen when an application without certain permission illegally gain access to protected resources through other privileged applications. In order to address permission leak in a trusted execution environment, this paper designs security architecture which contains sandbox module, middleware module, usage and access control module, and proposes an effective usage and access control scheme that can prevent permission leak in a trusted execution environment. Security architecture based on the scheme has been implemented on an ARM-Android platform, and the evaluation of the proposed scheme demonstrates its effectiveness in mitigating permission leak vulnerabilities.

Sensitive resources in Trusted Execution Environment (TEE) have suffered serious security threats in recent years. Previous protection approaches either lack a strong assurance of TEE security properties or are limited to a single platform. We propose a compatible verified TEE architecture, called <monospace>CVTEE</monospace> , which delegates a security monitor to manage TEE resources securely. This architecture has two key advantages: i) its functional correctness and security are guaranteed by a machine-checkable proof of security objectives of Trusted Application (TA) isolation, runtime confidentiality, and runtime integrity, and ii) it is applicable to different TEE platforms and implementation-independent due to its high level of abstraction and non-determinism of data types. Note that access control policy and information flow control policy are the core for security management of resources. After formally specifying the security attributes of TEE resources, we develop these policies based on Common Criteria (CC) in the security monitor and provide atomic interfaces. <monospace>CVTEE</monospace> is formally verified with 386 lemmas/theorems and <inline-formula><tex-math notation="LaTeX">$\sim$</tex-math></inline-formula> 10,000 LOC of Isabelle/HOL. In addition, we implement a proof of concept for the access control module of Teaclave, and prove that the constructed access control model meets the security requirements through 5 theorems.

In the IoT (Internet of Things) environment, the existing access control schemes for device resources have some problems, such as poor scalability, high latency, security, and dynamics. Combining the advantages of the permissioned blockchain and edge computing, an access control scheme for the Internet of Things based on the permissioned blockchain and edge computing is proposed. By authenticating the user’s identity at the edge, the user’s identity is reliable and the response time is improved. In the ABAC (Attribute Based Access Control) model, the blockchain is regarded as a trusted entity, and the access control policy is written into a smart contract and deployed on the blockchain for calling. Most of the existing consensus algorithms have the problems of low throughput and scalability. A Kraft (Kademlia–Raft) consensus algorithm is introduced to solve the above issues. Security analysis and experimental results show that the scheme can achieve fine-grained, dynamic access control, has high throughput and low latency, and ensures security and reliability.

Sensitive resources in Trusted Execution Environment (TEE) have suffered serious security threats in recent years. Previous protection approaches either lack a strong assurance of TEE security properties or are limited to a single platform. We propose a compatible verified TEE architecture, called CVTEE, which delegates a security monitor to manage TEE resources securely. This architecture has two key advantages: i) its functional correctness and security are guaranteed by a machine-checkable proof of security objectives of Trusted Application (TA) isolation, runtime confidentiality, and runtime integrity, and ii) it is applicable to different TEE platforms and implementation-independent due to its high level of abstraction and non-determinism of data types. Note that access control policy and information flow control policy are the core for security management of resources. After formally specifying the security attributes of TEE resources, we develop these policies based on CC in the security monitor and provide atomic interfaces. CVTEE is formally verified with 386 lemmas/theorems and ~ 10,000 LOC of Isabelle/HOL. In addition, we implement a proof of concept for the access control module of Teaclave, and prove that the constructed access control model meets the security requirements through 5 theorems.

Fine-grained access control based on Trusted Execution Environment

Traditional data access control schemes only prevent unauthorized access to private data with a single owner. They are not suitable for application in a Multi-Level Data Processing (MLDP) scenario, where data are processed by a series of parties who also insert new data. Hence, the accumulated dataset should be protected through access control handled by hierarchically-structured parties who are at least partial data owners in MLDP. Existing multi-owner access control schemes mainly focus on controlling access to co-owned data of multiple entities with the equal ownership, but seldom investigates how to apply access control in MLDP. In this paper, we base the off-the-shelf Trusted Execution Environment (TEE), Intel SGX, to propose an Efficient and Secure Multi-owner Access Control scheme (ESMAC) for access authorization in MLDP. Moreover, to prevent unauthorized data disclosure by non-root data owners aiming to gain extra profits, we further introduce undercover polices to supervise their behaviors. Specifically, we design a data protection scheme based on game theory to decide the payoffs and punishments of honest and dishonest data owners, which motivates data owners to behave honestly when claiming ownership over data. Through comprehensive security analysis and performance evaluation, we demonstrate ESMAC's security and effectiveness.

The increasing use of the Internet of Things (IoT) has driven the demand for enhanced and robust access control methods to protect resources from unauthorized access. A cloud-based access control approach brings significant challenges in terms of communication overhead, high latency, and complete reliance. In this paper, we propose a Fog-Based Adaptive Context-Aware Access Control (FB-ACAAC) framework for IoT devices, dynamically adjusting access policies based on contextual information to prevent unauthorised resource access. The main purpose of FB-ACAAC is to provide adaptability to changing access behaviors and context by bringing decision-making and information about policies closer to the end nodes of the network. FB-ACAAC improves the availability of resources and reduces the amount of time for information to be processed. FB-ACAAC extends the widely used eXtensible Access Control Markup Language (XACML) to manage access control decisions. Traditional XACML-based methods do not take into account changing environments, different contexts, and changing access behaviors and are vulnerable to certain types of attacks. To address these issues, FB-ACAAC proposes an adaptive context-aware XACML scheme for heterogeneous distributed IoT environments using fog computing and is designed to be context-aware, adaptable, and secure in the face of unauthorised access. The effectiveness of this new scheme is verified through experiments, and it has a low processing time overhead while providing extra features and improved security.

In today's digital landscape, the protection of sensitive data from unauthorized access is a critical concern for organizations of all sizes. Robust access control mechanisms are essential for maintaining data security and preventing breaches. This study conducted a comparative analysis of three widely used access control methods: Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), and Strong Passwords. The research employed a mixed-methods approach, combining a quantitative analysis of simulated data with a qualitative review of recent literature. The Access Control Simulation Environment (ACSE) was developed to generate data on the effectiveness of each access control method in preventing unauthorized access attempts. The qualitative component involved a systematic review of Scopus-indexed publications from 2018 to 2024, focusing on the strengths, weaknesses, and best practices associated with each method. The simulation data revealed that MFA provided the highest level of protection against unauthorized access, followed by RBAC and then Strong Passwords. The qualitative analysis identified key strengths and weaknesses of each method, highlighting the importance of contextual factors in selecting the most appropriate access control mechanism. In conclusion, the findings underscore the need for a layered approach to access control, combining multiple methods to achieve optimal security. While MFA offers the strongest protection, RBAC and Strong Passwords remain crucial components of a comprehensive security strategy. The study provides practical recommendations for organizations seeking to implement and optimize access control mechanisms to mitigate the risk of unauthorized data access.

Today’s smartphones and tablets offer compelling computing and storage capabilities enabling a variety of mobile applications with rich functionality. The integration of new interfaces, in particular near field communication (NFC) opens new opportunities for new applications and business models, as the most recent trend in industry for payment and ticketing shows. These applications require storing and processing security-critical data on smartphones, making them attractive targets for a variety of attacks. The state of the art to enhance platform security concerns outsourcing security-critical computations to hardware-isolated Trusted Execution Environments (TrEE). However, since these TrEEs are used by software running in commodity operating systems, malware could impersonate the software and use the TrEE in an unintended way. Further, existing NFC-based access control solutions for smartphones are either not public or based on strong assumptions that are hard to achieve in practice. We present the design and implementation of a generic access control system for NFC-enabled smartphones based on a multi-level security architecture for smartphones. Our solution allows users to delegate their access rights and addresses the bandwidth constraints of NFC. Our prototype captures electronic access to facilities, such as entrances and offices, and binds NFC operations to a software-isolated TrEE established on the widely used Android smartphone operating system. We provide a formal security analysis of our protocols and evaluate the performance of our solution.

With the application and popularization of the Internet of Things (IoT), while the IoT devices bring us intelligence and convenience, the privacy protection issue has gradually attracted people’s attention. Access control technology is one of the important methods to protect privacy. However, the existing IoT access control technologies have extensive problems such as coarse-grainedness, weak auditability, lack of access process control, and excessive privileges, which make the security and privacy of our IoT devices face great threats. Based on this, a blockchain-based and encrypted currency-based access control model CcBAC supported by Trusted Execution Environment (TEE) technology is proposed, which can provide fine-graininess, strong auditability, and access procedure control for the Internet of Things. In this study, the technical principle, characteristics, and research status of the control model are introduced, and the framework of the CcBAC model is expounded in detail and formally defined. Moreover, the functions in the model are described in detail, and a specific access control process in general scenarios is presented for the model. Finally, the practicability of this model is verified through theoretical analysis and experimental evaluation, which proves that this model not only enables resource owners to fully control the access to their resources, but also takes into account the fine-graininess and auditable access control.

Trusted execution environments (TEEs) are on the rise in devices all around us ranging from large-scale cloud-based solutions to resource-constrained embedded devices. With the introduction of ARM TrustZone-M, hardware-assisted trusted execution is now supported in IoT nodes. TrustZone-M provides isolated execution of security-critical operations and sensitive data-generating peripherals. However, TrustZone-M, like all other TEEs, does not provide a mechanism to monitor operations in the trusted areas of the device and software in the secure areas of an IoT device has access to the entire secure and nonsecure software stack. This is crucial due to the diversity of device manufacturers and component suppliers in the market, which manifests trust issues, especially when third-party peripherals are incorporated into a TEE. Compromised TEEs can be misused for industrial espionage, data exfiltration through system backdoors, and illegal data sharing. It is of utmost importance here that system peripheral behaviour in terms of resource access is in accordance with their intended usage that is specified during integration. We propose TEE-Watchdog, a lightweight framework that establishes MPU protections for secure system peripherals in TrustZone-enabled low-end IoT devices. TEE-Watchdog ensures blocking unauthorized peripheral accesses and logging of application misbehaviour running in the TEE based on a manifest file. We define lightweight specifications and structure for the application manifest file enlisting permissions for critical system peripherals using concise binary object representation (CBOR). We implement and evaluate TEE-Watchdog using a Musca-A2 test chipboard. Our microbenchmark evaluations on CPU time and RAM usage demonstrated the practicality of TEE-Watchdog. Securing the system peripherals using TEE-Watchdog protections induced a 1.4% overhead on the latency of peripheral accesses, which was 61 microseconds on our test board. Our optimized CBOR-encoded manifest file template also showed a decrease in manifest file size by 40% as compared to the standard file formats, e.g., JSON.

While we have long had principles describing how access control enforcement should be implemented, such as the reference monitor concept, imprecision in access control mechanisms and access control policies leads to risks that may enable exploitation. In practice, least privilege access control policies often allow information flows that may enable exploits. In addition, the implementation of access control mechanisms often tries to balance security with ease of use implicitly (e.g., with respect to determining where to place authorization hooks) and approaches to tighten access control, such as accounting for program context, are ad hoc. In this paper, we define four types of risks in access control enforcement and explore possible approaches and challenges in tracking those types of risks. In principle, we advocate runtime tracking to produce risk estimates for each of these types of risk. To better understand the potential of risk estimation for authorization, we propose risk estimate functions for each of the four types of risk, finding that benign program deployments accumulate risks in each of the four areas for ten Android programs examined. As a result, we find that tracking of relative risk may be useful for guiding changes to security choices, such as authorized unsafe operations or placement of authorization checks, when risk differs from that expected.