Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a 17-minute conference talk from USENIX FAST '25 that introduces AtomicDisk, a novel secure virtual disk solution for Trusted Execution Environments (TEEs) designed to protect against eviction attacks. Learn how researchers from Ant Group, NICE Lab at Xiamen University, Nankai University, and Shanghai Jiao Tong University identified vulnerabilities in SGX-PFS, the previous state-of-the-art secure storage solution for TEEs. Understand how privileged adversaries can exploit transient on-disk states (snapshots) generated by cache evictions inside TEEs, creating security loopholes. Discover the new "sync atomicity" security property proposed by the team, which ensures writes before a sync request are committed in an all-or-nothing manner. See how AtomicDisk enhances SGX-PFS by introducing an internal commit operation that distinguishes evicted (uncommitted) writes from synced (committed) writes, effectively preventing eviction attacks. The presentation includes performance comparisons showing AtomicDisk not only eliminates the hundreds of thousands of vulnerable snapshots generated by SGX-PFS but also achieves better overall performance.
