{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:12:24Z","timestamp":1750219944837,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":30,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,10,1]],"date-time":"2022-10-01T00:00:00Z","timestamp":1664582400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"InnovateUK","award":["105592"],"award-info":[{"award-number":["105592"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,10]]},"DOI":"10.1145\/3569562.3569568","type":"proceedings-article","created":{"date-parts":[[2023,9,22]],"date-time":"2023-09-22T04:09:08Z","timestamp":1695355748000},"page":"35-44","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["SoK: How Not to Architect Your Next-Generation TEE Malware?"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5484-7096","authenticated-orcid":false,"given":"Kubilay Ahmet","family":"K\u00fc\u00e7\u00fck","sequence":"first","affiliation":[{"name":"Department of Computer Science, University of Oxford, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4814-425X","authenticated-orcid":false,"given":"Steve","family":"Moyle","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Oxford, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8236-980X","authenticated-orcid":false,"given":"Andrew","family":"Martin","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Oxford, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5376-2194","authenticated-orcid":false,"given":"Alexandru","family":"Mereacre","sequence":"additional","affiliation":[{"name":"nquiringMinds LTD, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7473-0565","authenticated-orcid":false,"given":"Nicholas","family":"Allott","sequence":"additional","affiliation":[{"name":"nquiringMinds LTD, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,9,21]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3465481.3470116"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00020"},{"key":"e_1_3_2_1_3_1","unstructured":"Intel Corporation. 2019. Performance Monitoring Impact of Intel Transactional Synchronization Extension Memory. http:\/\/cdrdv2.intel.com\/v1\/dl\/getContent\/604224. Document Number: 604224. Last Accessed 28 Feb 2021.  Intel Corporation. 2019. Performance Monitoring Impact of Intel Transactional Synchronization Extension Memory. http:\/\/cdrdv2.intel.com\/v1\/dl\/getContent\/604224. Document Number: 604224. Last Accessed 28 Feb 2021."},{"key":"e_1_3_2_1_4_1","unstructured":"Broadcom\u00a0Technical Documents. 2021. Symantec Endpoint Protection Memory Exploit Mitigation Techniques. https:\/\/techdocs.broadcom.com\/us\/en\/symantec-security-software\/endpoint-security-and-management\/endpoint-protection\/all\/Using-policies-to-manage-security\/hardening-windows-clients-against-memory-tampering-v123149922-d3859e12879\/memory-exploit-mitigation-techniques-v114221375-d53e13441.html. Symantec Endpoint Protection Installation and Administration Guide. Online.  Broadcom\u00a0Technical Documents. 2021. Symantec Endpoint Protection Memory Exploit Mitigation Techniques. https:\/\/techdocs.broadcom.com\/us\/en\/symantec-security-software\/endpoint-security-and-management\/endpoint-protection\/all\/Using-policies-to-manage-security\/hardening-windows-clients-against-memory-tampering-v123149922-d3859e12879\/memory-exploit-mitigation-techniques-v114221375-d53e13441.html. Symantec Endpoint Protection Installation and Administration Guide. Online."},{"volume-title":"Intel\u00ae Software Guard Extensions Enclave Writer\u2019s Guide v1.02 (revision 1.02ed.)","year":"2019","key":"e_1_3_2_1_5_1","unstructured":"Intel. 2015. Intel\u00ae Software Guard Extensions Enclave Writer\u2019s Guide v1.02 (revision 1.02ed.) . Intel Corporation , Portland, OR, USA . https:\/\/software.intel.com\/sites\/default\/files\/managed\/ae\/48\/Software-Guard-Extensions-Enclave-Writers-Guide.pdfvisited on 03\/ Jun\/ 2019 . Intel. 2015. Intel\u00ae Software Guard Extensions Enclave Writer\u2019s Guide v1.02 (revision 1.02ed.). Intel Corporation, Portland, OR, USA. https:\/\/software.intel.com\/sites\/default\/files\/managed\/ae\/48\/Software-Guard-Extensions-Enclave-Writers-Guide.pdfvisited on 03\/Jun\/2019."},{"key":"e_1_3_2_1_6_1","volume-title":"Spectre Attacks: Exploiting Speculative Execution. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 1\u201319","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher , Jann Horn , Anders Fogh , Daniel Genkin , Daniel Gruss , Werner Haas , Mike Hamburg , Moritz Lipp , Stefan Mangard , Thomas Prescher , 2019 . Spectre Attacks: Exploiting Speculative Execution. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 1\u201319 . Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, 2019. Spectre Attacks: Exploiting Speculative Execution. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 1\u201319."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053035"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1186\/s13635-019-0091-5"},{"key":"e_1_3_2_1_9_1","volume-title":"CRC: Fully General Model of Confidential Remote Computing. CoRR abs\/2104.03868(2021). arXiv:2104.03868https:\/\/arxiv.org\/abs\/2104.03868","author":"K\u00fc\u00e7\u00fck Kubilay\u00a0Ahmet","year":"2021","unstructured":"Kubilay\u00a0Ahmet K\u00fc\u00e7\u00fck and Andrew\u00a0 C. Martin . 2021 . CRC: Fully General Model of Confidential Remote Computing. CoRR abs\/2104.03868(2021). arXiv:2104.03868https:\/\/arxiv.org\/abs\/2104.03868 Kubilay\u00a0Ahmet K\u00fc\u00e7\u00fck and Andrew\u00a0C. Martin. 2021. CRC: Fully General Model of Confidential Remote Computing. CoRR abs\/2104.03868(2021). arXiv:2104.03868https:\/\/arxiv.org\/abs\/2104.03868"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3007788.3007793"},{"key":"e_1_3_2_1_11_1","unstructured":"Kubilay\u00a0Ahmet K\u00fc\u00e7\u00fck. 2020. How Infeasible The Malware Deployment In SGX Is In Real-life? 12 Myths In 15 Minutes. Can Malware Benefit From SGX?https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/research\/kubilay-kucuk-malware-infeasibility-sgx.pdf. Intel\u2019s 2nd SGX Community Day. Online.  Kubilay\u00a0Ahmet K\u00fc\u00e7\u00fck. 2020. How Infeasible The Malware Deployment In SGX Is In Real-life? 12 Myths In 15 Minutes. Can Malware Benefit From SGX?https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/research\/kubilay-kucuk-malware-infeasibility-sgx.pdf. Intel\u2019s 2nd SGX Community Day. Online."},{"key":"e_1_3_2_1_12_1","volume-title":"Meltdown: Reading Kernel Memory From User Space. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 973\u2013990.","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp , Michael Schwarz , Daniel Gruss , Thomas Prescher , Werner Haas , Anders Fogh , Jann Horn , Stefan Mangard , Paul Kocher , Daniel Genkin , 2018 . Meltdown: Reading Kernel Memory From User Space. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 973\u2013990. Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, 2018. Meltdown: Reading Kernel Memory From User Space. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 973\u2013990."},{"key":"e_1_3_2_1_13_1","unstructured":"Marion Marschalek. 2018. The Wolf In SGX Clothing.https:\/\/www.infosecurity.us\/blog\/2018\/2\/7\/bluehat-il-2018-marion-marschalek-s-the-wolf-in-sgx-clothing. Bluehat IL.  Marion Marschalek. 2018. The Wolf In SGX Clothing.https:\/\/www.infosecurity.us\/blog\/2018\/2\/7\/bluehat-il-2018-marion-marschalek-s-the-wolf-in-sgx-clothing. Bluehat IL."},{"key":"e_1_3_2_1_14_1","volume-title":"Dispelling Myths Around SGX Malware. https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/sgx-malware-explainer. Symantec Enterprise Blogs \/ Threat Intelligence. Last Accessed","author":"Rudnai Tamas","year":"2021","unstructured":"Tamas Rudnai . 2019. Dispelling Myths Around SGX Malware. https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/sgx-malware-explainer. Symantec Enterprise Blogs \/ Threat Intelligence. Last Accessed 28 Feb 2021 . Tamas Rudnai. 2019. Dispelling Myths Around SGX Malware. https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/sgx-malware-explainer. Symantec Enterprise Blogs \/ Threat Intelligence. Last Accessed 28 Feb 2021."},{"key":"e_1_3_2_1_15_1","unstructured":"Joanna Rutkowska. 2013. Thoughts on Intel\u2019s Upcoming Software Guard Extensions (Part 1). https:\/\/theinvisiblethings.blogspot.com\/2013\/08\/thoughts-on-intels-upcoming-software.html. The Invisible Things Lab\u2019s blog. Online.  Joanna Rutkowska. 2013. Thoughts on Intel\u2019s Upcoming Software Guard Extensions (Part 1). https:\/\/theinvisiblethings.blogspot.com\/2013\/08\/thoughts-on-intels-upcoming-software.html. The Invisible Things Lab\u2019s blog. Online."},{"key":"e_1_3_2_1_16_1","unstructured":"Joanna Rutkowska. 2013. Thoughts on Intel\u2019s upcoming Software Guard Extensions (Part 2). https:\/\/theinvisiblethings.blogspot.com\/2013\/09\/thoughts-on-intels-upcoming-software.html. The Invisible Things Lab\u2019s blog. Online.  Joanna Rutkowska. 2013. Thoughts on Intel\u2019s upcoming Software Guard Extensions (Part 2). https:\/\/theinvisiblethings.blogspot.com\/2013\/09\/thoughts-on-intels-upcoming-software.html. The Invisible Things Lab\u2019s blog. Online."},{"key":"e_1_3_2_1_17_1","unstructured":"Joanna Rutkowska and Rafa\u0142 Wojtczuk. 2008. Preventing and Detecting Xen Hypervisor Subversions. https:\/\/invisiblethingslab.com\/resources\/bh08\/part2-full.pdf.  Joanna Rutkowska and Rafa\u0142 Wojtczuk. 2008. Preventing and Detecting Xen Hypervisor Subversions. https:\/\/invisiblethingslab.com\/resources\/bh08\/part2-full.pdf."},{"key":"e_1_3_2_1_18_1","volume-title":"Practical Enclave Malware With Intel SGX. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 177\u2013196","author":"Schwarz Michael","year":"2019","unstructured":"Michael Schwarz , Samuel Weiser , and Daniel Gruss . 2019 . Practical Enclave Malware With Intel SGX. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 177\u2013196 . Michael Schwarz, Samuel Weiser, and Daniel Gruss. 2019. Practical Enclave Malware With Intel SGX. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 177\u2013196."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_1"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-019-0042-y"},{"key":"e_1_3_2_1_21_1","unstructured":"Alexander Tereshkin and Rafal Wojtczuk. 2009. Introducing Ring-3 Rootkits. https:\/\/invisiblethingslab.com\/resources\/bh09usa\/Ring%20-3%20Rootkits.pdf.  Alexander Tereshkin and Rafal Wojtczuk. 2009. Introducing Ring-3 Rootkits. https:\/\/invisiblethingslab.com\/resources\/bh09usa\/Ring%20-3%20Rootkits.pdf."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-78372-3_13"},{"key":"e_1_3_2_1_23_1","volume-title":"Foreshadow: Extracting The Keys To The Intel {SGX} Kingdom With Transient Out-of-order Execution. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 991\u20131008.","author":"Van\u00a0Bulck Jo","year":"2018","unstructured":"Jo Van\u00a0Bulck , Marina Minkin , Ofir Weisse , Daniel Genkin , Baris Kasikci , Frank Piessens , Mark Silberstein , Thomas\u00a0 F Wenisch , Yuval Yarom , and Raoul Strackx . 2018 . Foreshadow: Extracting The Keys To The Intel {SGX} Kingdom With Transient Out-of-order Execution. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 991\u20131008. Jo Van\u00a0Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas\u00a0F Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting The Keys To The Intel {SGX} Kingdom With Transient Out-of-order Execution. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 991\u20131008."},{"key":"e_1_3_2_1_24_1","volume-title":"The design of malware on modern hardware: Malware inside Intel SGX enclaves","author":"van Prooijen J","year":"2016","unstructured":"J van Prooijen . 2016. The design of malware on modern hardware: Malware inside Intel SGX enclaves . University of Amsterdam , Tech. Rep( 2016 ), 2015\u20132016. J van Prooijen. 2016. The design of malware on modern hardware: Malware inside Intel SGX enclaves. University of Amsterdam, Tech. Rep(2016), 2015\u20132016."},{"key":"e_1_3_2_1_25_1","unstructured":"Rafal Wojtczuk. 2012. A Stitch In Time Saves Nine: A Case of Multiple OS Vulnerability. https:\/\/media.blackhat.com\/bh-us-12\/Briefings\/Wojtczuk\/BH_US_12_Wojtczuk_A_Stitch_In_Time_WP.pdf.  Rafal Wojtczuk. 2012. A Stitch In Time Saves Nine: A Case of Multiple OS Vulnerability. https:\/\/media.blackhat.com\/bh-us-12\/Briefings\/Wojtczuk\/BH_US_12_Wojtczuk_A_Stitch_In_Time_WP.pdf."},{"key":"e_1_3_2_1_26_1","unstructured":"Rafal Wojtczuk and Joanna Rutkowska. 2009. Attacking Intel Trusted Execution Technology. https:\/\/invisiblethingslab.com\/resources\/bh09dc\/Attacking%20Intel%20TXT%20-%20paper.pdf. 6\u00a0pages.  Rafal Wojtczuk and Joanna Rutkowska. 2009. Attacking Intel Trusted Execution Technology. https:\/\/invisiblethingslab.com\/resources\/bh09dc\/Attacking%20Intel%20TXT%20-%20paper.pdf. 6\u00a0pages."},{"key":"e_1_3_2_1_27_1","unstructured":"Rafal Wojtczuk and Joanna Rutkowska. 2011. Attacking Intel TXT via SINIT Code Execution Hijacking. https:\/\/invisiblethingslab.com\/resources\/2011\/Attacking_Intel_TXT_via_SINIT_hijacking.pdf.  Rafal Wojtczuk and Joanna Rutkowska. 2011. Attacking Intel TXT via SINIT Code Execution Hijacking. https:\/\/invisiblethingslab.com\/resources\/2011\/Attacking_Intel_TXT_via_SINIT_hijacking.pdf."},{"key":"e_1_3_2_1_28_1","unstructured":"Rafal Wojtczuk and Joanna Rutkowska. 2011. Following the White Rabbit: Software Attacks Against Intel VT-d Technology. https:\/\/invisiblethingslab.com\/resources\/2011\/Software%20Attacks%20on%20Intel%20VT-d.pdf.  Rafal Wojtczuk and Joanna Rutkowska. 2011. Following the White Rabbit: Software Attacks Against Intel VT-d Technology. https:\/\/invisiblethingslab.com\/resources\/2011\/Software%20Attacks%20on%20Intel%20VT-d.pdf."},{"key":"e_1_3_2_1_29_1","unstructured":"Rafal Wojtczuk Joanna Rutkowska and Alexander Tereshkin. 2009. Another Way to Circumvent Intel Trusted Execution Technology. https:\/\/invisiblethingslab.com\/resources\/misc09\/Another%20TXT%20Attack.pdf. 8\u00a0pages.  Rafal Wojtczuk Joanna Rutkowska and Alexander Tereshkin. 2009. Another Way to Circumvent Intel Trusted Execution Technology. https:\/\/invisiblethingslab.com\/resources\/misc09\/Another%20TXT%20Attack.pdf. 8\u00a0pages."},{"key":"e_1_3_2_1_30_1","unstructured":"Rafal Wojtczuk and Alexander Tereshkin. 2009. Attacking Intel Bios. https:\/\/invisiblethingslab.com\/resources\/bh09usa\/Attacking%20Intel%20BIOS.pdf.  Rafal Wojtczuk and Alexander Tereshkin. 2009. Attacking Intel Bios. https:\/\/invisiblethingslab.com\/resources\/bh09usa\/Attacking%20Intel%20BIOS.pdf."}],"event":{"name":"HASP '22: Hardware and Architectural Support for Security and Privacy","acronym":"HASP '22","location":"Chicago IL USA"},"container-title":["Proceedings of the 11th International Workshop on Hardware and Architectural Support for Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3569562.3569568","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3569562.3569568","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:57Z","timestamp":1750182537000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3569562.3569568"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10]]},"references-count":30,"alternative-id":["10.1145\/3569562.3569568","10.1145\/3569562"],"URL":"https:\/\/doi.org\/10.1145\/3569562.3569568","relation":{},"subject":[],"published":{"date-parts":[[2022,10]]},"assertion":[{"value":"2023-09-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}