{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T01:18:57Z","timestamp":1775265537415,"version":"3.50.1"},"reference-count":40,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2018,11,6]],"date-time":"2018-11-06T00:00:00Z","timestamp":1541462400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"the National Science Foundation of China","award":["61572517"],"award-info":[{"award-number":["61572517"]}]},{"name":"the Science and Technology Plan Projects of Shenzhen","award":["JCYJ20170302145623566"],"award-info":[{"award-number":["JCYJ20170302145623566"]}]},{"name":"the grants from the Department of Industrial and Systems Engineering, the Hong Kong Polytechnic University, China","award":["H-ZG3K"],"award-info":[{"award-number":["H-ZG3K"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Today cloud computing is widely used in various industries. While benefiting from the services provided by the cloud, users are also faced with some security issues, such as information leakage and data tampering. Utilizing trusted computing technology to enhance the security mechanism, defined as trusted cloud, has become a hot research topic in cloud security. Currently, virtual TPM (vTPM) is commonly used in a trusted cloud to protect the integrity of the cloud environment. However, the existing vTPM scheme lacks protections of vTPM itself at a runtime environment. This paper proposed a novel scheme, which designed a new trusted cloud platform security component, \u2018enclave TPM (eTPM)\u2019 to protect cloud and employed Intel SGX to enhance the security of eTPM. The eTPM is a software component that emulates TPM functions which build trust and security in cloud and runs in \u2018enclave\u2019, an isolation memory zone introduced by SGX. eTPM can ensure its security at runtime, and protect the integrity of Virtual Machines (VM) according to user-specific policies. Finally, a prototype for the eTPM scheme was implemented, and experiment manifested its effectiveness, security, and availability.<\/jats:p>","DOI":"10.3390\/s18113807","type":"journal-article","created":{"date-parts":[[2018,11,7]],"date-time":"2018-11-07T03:45:22Z","timestamp":1541562322000},"page":"3807","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":20,"title":["eTPM: A Trusted Cloud Platform Enclave TPM Scheme Based on Intel SGX Technology"],"prefix":"10.3390","volume":"18","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7714-6006","authenticated-orcid":false,"given":"Haonan","family":"Sun","sequence":"first","affiliation":[{"name":"Information Science and Technology Institute, Information Engineering University, Zhengzhou 450001, China"}]},{"given":"Rongyu","family":"He","sequence":"additional","affiliation":[{"name":"Information Science and Technology Institute, Information Engineering University, Zhengzhou 450001, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4290-9098","authenticated-orcid":false,"given":"Yong","family":"Zhang","sequence":"additional","affiliation":[{"name":"ATR Key Laboratory of National Defense Technology, Shenzhen University, Shenzhen 518060, China"}]},{"given":"Ruiyun","family":"Wang","sequence":"additional","affiliation":[{"name":"Information Science and Technology Institute, Information Engineering University, Zhengzhou 450001, China"}]},{"given":"Wai Hung","family":"Ip","sequence":"additional","affiliation":[{"name":"Department of Industrial and Systems Engineering, the Hong Kong Polytechnic University, Hong Kong SAR 999077, China"}]},{"given":"Kai Leung","family":"Yung","sequence":"additional","affiliation":[{"name":"Department of Industrial and Systems Engineering, the Hong Kong Polytechnic University, Hong Kong SAR 999077, China"}]}],"member":"1968","published-online":{"date-parts":[[2018,11,6]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Mell, P., and Grance, T. (2011). The NIST Definition of Cloud Computing, National Institute of Standards and Technology.","DOI":"10.6028\/NIST.SP.800-145"},{"key":"ref_2","unstructured":"Chen, Y., Paxson, V., and Katz, R.H. (2010). What\u2019s New about Cloud Computing Security, University of California. University of California, Berkeley Report No. UCB\/EECS-2010-5 August."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Ristenpart, T., Tromer, E., Shacham, H., and Savage, S. (2009, January 9\u201313). Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL, USA.","DOI":"10.1145\/1653662.1653687"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"342","DOI":"10.1109\/TII.2015.2510226","article-title":"A trust model based on cloud theory in underwater acoustic sensor networks","volume":"13","author":"Jiang","year":"2017","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1109\/MSP.2009.87","article-title":"Data security in the world of cloud computing","volume":"7","author":"Kaufman","year":"2009","journal-title":"IEEE Secur. Priv."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1","DOI":"10.3390\/computers3010001","article-title":"Cloud computing security: A survey","volume":"3","author":"Khalil","year":"2014","journal-title":"Computers"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"119","DOI":"10.5626\/JCSE.2015.9.3.119","article-title":"A survey of security and privacy challenges in cloud computing: Solutions and future directions","volume":"9","author":"Liu","year":"2015","journal-title":"J. Comput. Sci. Eng."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"126","DOI":"10.1016\/j.compeleceng.2016.03.004","article-title":"Cloud security: Emerging threats and current solutions","volume":"59","author":"Coppolino","year":"2017","journal-title":"Comput. Electr. Eng."},{"key":"ref_9","unstructured":"Martin, A. (2008). The Ten-Page Introduction to Trusted Computing, Computing Laboratory, Oxford University."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Achemlal, M., Gharout, S., and Gaber, C. (2011, January 18\u201321). Trusted platform module as an enabler for security in cloud computing. Proceedings of the IEEE 2011 Conference on Network and Information Systems Security (SAR-SSI), La Rochelle, France.","DOI":"10.1109\/SAR-SSI.2011.5931361"},{"key":"ref_11","unstructured":"Berger, S., Goldman, K.A., Perez, R., Sailer, R., and Doorn, L. (August, January 31). Vtpm: Virtualizing the Trusted Platform Module. Proceedings of the 15th Conference on Usenix Security Symposium, Vancouver, BC, Canada."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Yan, Q., Han, J., Li, Y., Deng, R.H., and Li, T. (2011, January 22\u201324). A software-based root-of-trust primitive on multicore platforms. Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, Hong Kong, China.","DOI":"10.1145\/1966913.1966957"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Riad, K. (2016, January 17\u201319). Multi-authority trust access control for cloud storage. Proceedings of the IEEE 2016 4th International Conference on Cloud Computing and Intelligence Systems (CCIS), Beijing, China.","DOI":"10.1109\/CCIS.2016.7790297"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., and Boneh, D. (2003, January 19\u201322). Terra: A virtual machine-based platform for trusted computing. Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, Bolton Landing, NY, USA.","DOI":"10.1145\/945445.945464"},{"key":"ref_15","unstructured":"Takemura, C., and Crawford, L.S. (2009). The Book of Xen, No Starch Press."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"159","DOI":"10.1007\/s11859-006-0277-9","article-title":"XEN virtual machine technology and its security analysis","volume":"12","author":"Xue","year":"2007","journal-title":"Wuhan Univ. J. Nat. Sci."},{"key":"ref_17","unstructured":"Garfinkel, T., Rosenblum, M., and Dan, B. (2003, January 18\u201321). Flexible OS support and applications for trusted computing. Proceedings of the Conference on Hot Topics in Operating Systems, Lihue, HI, USA."},{"key":"ref_18","unstructured":"Wojtczuk, R., Rutkowska, J., and Tereshkin, A. (2008). Xen 0wning Trilogy, Invisible Things Lab."},{"key":"ref_19","unstructured":"Anati, I., Gueron, S., Johnson, S., and Scarlata, V. (2013, January 23\u201324). Innovative technology for CPU based attestation and sealing. Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.V., Shafi, H., Shanbhogue, V., and Savagaonkar, U.R. (2013, January 23\u201324). Innovative instructions and software model for isolated execution. Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel.","DOI":"10.1145\/2487726.2488368"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Hoekstra, M., Lal, R., Pappachan, P., Phegade, V., and Del Cuvillo, J. (2013, January 23\u201324). Using innovative instructions to create trustworthy software solutions. Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel.","DOI":"10.1145\/2487726.2488370"},{"key":"ref_22","unstructured":"Intel Inc. (2018, August 21). Intel Software Guard Extensions. Available online: https:\/\/software.Intel.com\/en-us\/SGX."},{"key":"ref_23","unstructured":"Intel Inc. (2018, August 21). Intel Software Guard Extensions Reference. Available online: https:\/\/software.Intel.com\/sites\/default\/files\/332680-002.pdf."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Schuster, F., Costa, M., Fournet, C., Gkantsidis, C., Peinado, M., Mainar-Ruiz, G., and Russinovich, M. (2015, January 17\u201321). VC3: Trustworthy data analytics in the cloud using SGX. Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.","DOI":"10.1109\/SP.2015.10"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"447","DOI":"10.23919\/TST.2017.8030534","article-title":"A trust enclave-based architecture for ensuring run-time security in embedded terminals","volume":"22","author":"Chang","year":"2017","journal-title":"Tsinghua Sci. Technol."},{"key":"ref_26","first-page":"133","article-title":"Vtse: A solution of sgx-based vtpm secure enhancement","volume":"49","author":"Yan","year":"2017","journal-title":"Adv. Eng. Sci."},{"key":"ref_27","unstructured":"(2018, August 23). Trusted Computing Group: Trusted Platform Module (tpm) Specifications. Technical Report. Available online: https:\/\/www.trustedcomputinggroup.org\/specs\/TPM."},{"key":"ref_28","unstructured":"Stumpf, F., Benz, M., Hermanowski, M., and Eckert, C. (2007, January 11\u201313). An approach to a trustworthy system architecture using virtualization. Proceedings of the International Conference on Autonomic and Trusted Computing, Hong Kong, China."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"505","DOI":"10.1007\/s11859-015-1126-5","article-title":"A security-improved scheme for virtual TPM based on KVM","volume":"20","author":"Shi","year":"2015","journal-title":"Wuhan Univ. J. Nat. Sci."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"1905","DOI":"10.3923\/itj.2013.1905.1913","article-title":"A User-specific Trusted Virtual Environment for Cloud Computing","volume":"12","author":"Rongyu","year":"2013","journal-title":"Inf. Technol. J."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Fortino, G., Fotia, L., Messina, F., Rosaci, D., and Sarn, G.M. (2018, January 15\u201317). Forming Groups in the Cloud of Things Using Trust Measures. Proceedings of the International Symposium on Intelligent and Distributed Computing, Bilbao, Spain.","DOI":"10.1007\/978-3-319-99626-4_26"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"142","DOI":"10.1504\/IJGUC.2017.085915","article-title":"Combining reputation and QoS measures to improve cloud service composition","volume":"8","author":"Messina","year":"2017","journal-title":"Int. J. Grid Util. Comput."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Iyengar, A., Kundu, A., Sharma, U., and Zhang, P. (2018, January 2\u20135). A Trusted Healthcare Data Analytics Cloud Platform. Proceedings of the IEEE International Conference on Distributed Computing Systems, Vienna, Austria.","DOI":"10.1109\/ICDCS.2018.00123"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2799647","article-title":"Shielding Applications from an Untrusted Cloud with Haven","volume":"33","author":"Baumann","year":"2014","journal-title":"ACM Trans. Comput. Syst."},{"key":"ref_35","unstructured":"Arnautov, S., Trach, B., Gregor, F., Knauth, T., Martin, A., Priebe, C., Lind, J., Muthukumaran, D., O\u2019keeffe, D., and Stillwell, M. (2016, January 2\u20134). SCONE: Secure Linux Containers with Intel SGX. Proceedings of the OSDI, Savannah, GA, USA."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Fetzer, C., Mazzeo, G., Oliver, J., Romano, L., and Verburg, M. (29\u20131, January 29). Integrating Reactive Cloud Applications in SERECA. Proceedings of the 12th International Conference on Availability, Reliability and Security, Reggio Calabria, Italy.","DOI":"10.1145\/3098954.3105820"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Brenner, S., Hundt, T., Mazzeo, G., and Kapitza, R. (2017, January 19\u201322). Secure Cloud Micro Services Using Intel SGX. Proceedings of the IFIP International Conference on Distributed Applications and Interoperable Systems, Neuch\u00e2tel, Switzerland.","DOI":"10.1007\/978-3-319-59665-5_13"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Arthur, W., and Challener, D. (2015). A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security, Apress.","DOI":"10.1007\/978-1-4302-6584-9"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Syverson, P.F., and Oorschot, P.C.V. (1994, January 16\u201318). On Unifying Some Cryptographic Protocol Logics. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA.","DOI":"10.21236\/ADA465512"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Syverson, P. (1996). A Unified Cryptographic Protocol Logic, NRL. NRL Chaos Report.","DOI":"10.21236\/ADA464967"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/18\/11\/3807\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T00:13:52Z","timestamp":1775261632000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/18\/11\/3807"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,11,6]]},"references-count":40,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2018,11]]}},"alternative-id":["s18113807"],"URL":"https:\/\/doi.org\/10.3390\/s18113807","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,11,6]]}}}