Towards improving isolation between trusted runtimes and enclave user applications
Event details
| Date | 22.08.2022 |
| Hour | 16:30 › 18:30 |
| Speaker | Neelu Shivprakash Kalani |
| Location | |
| Category | Conferences - Seminars |
EDIC candidacy exam
Exam president: Prof. Babak Falsafi
Thesis advisor: Prof. Edouard Bugnion
Co-examiner: Prof. Mathias Payer
Abstract
Continuously emerging applications of Trusted Execution Environments (TEEs) starting from cloud services to embedded devices have led to growth in this research area. Existing TEE designs vary in numerous aspects such as their adaptability for use-cases, development costs, feature support, etc. Among these designs, we pick and describe three different approaches of building TEEs that provide similar isolation guarantees by leveraging different system characteristics in software (e.g. virtualization) or hardware (e.g. security primitives), and provide varying magnitudes of flexibility in their designs. We compare and contrast these designs over a set of desirable TEE characteristics, and extract several limitations that still need to be addressed for creating optimal TEEs. Building on these insights, we present our proposal to improve over existing TEE designs by minimizing trust and improving modularity in TEE architectures.
Background papers
1) Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems (https://dl.acm.org/doi/pdf/10.1145/1353535.1346284)
2) Keystone: An Open Framework for Architecting Trusted Execution Environments (https://n.ethz.ch/~sshivaji/publications/keystone_eurosys20.pdf)
3) CURE: A Security Architecture with CUstomizable and Resilient Enclaves (https://www.usenix.org/system/files/sec21summer_bahmani.pdf)
Exam president: Prof. Babak Falsafi
Thesis advisor: Prof. Edouard Bugnion
Co-examiner: Prof. Mathias Payer
Abstract
Continuously emerging applications of Trusted Execution Environments (TEEs) starting from cloud services to embedded devices have led to growth in this research area. Existing TEE designs vary in numerous aspects such as their adaptability for use-cases, development costs, feature support, etc. Among these designs, we pick and describe three different approaches of building TEEs that provide similar isolation guarantees by leveraging different system characteristics in software (e.g. virtualization) or hardware (e.g. security primitives), and provide varying magnitudes of flexibility in their designs. We compare and contrast these designs over a set of desirable TEE characteristics, and extract several limitations that still need to be addressed for creating optimal TEEs. Building on these insights, we present our proposal to improve over existing TEE designs by minimizing trust and improving modularity in TEE architectures.
Background papers
1) Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems (https://dl.acm.org/doi/pdf/10.1145/1353535.1346284)
2) Keystone: An Open Framework for Architecting Trusted Execution Environments (https://n.ethz.ch/~sshivaji/publications/keystone_eurosys20.pdf)
3) CURE: A Security Architecture with CUstomizable and Resilient Enclaves (https://www.usenix.org/system/files/sec21summer_bahmani.pdf)
Practical information
- General public
- Free