Global ETD Search

11	Securing cloud-hosted IoT Workflows with Intel SGX Jamil Ahsan, Adnan January 2022 (has links) The rapid increase in the number of IoT devices and their widespread applications demands secure and scalable solutions for managing and executing IoT workflows. This thesis investigates the security of IoT workflows created in Node-RED, an open-source visual programming tool, and deployed on untrusted hosts managed by a major cloud service provider, Azure. The hypothesis was that the security of IoT workflows could be improved by utilizing a trusted execution environment, such as Intel SGX. Additionally, an assessment of consequent performance degradation was proposed. A threat model for an IoT workflow system scenario was established using the STRIDE threat modeling framework. An evaluation of the security guarantees provided by the prototype system was performed using an analysis comparing the security guarantees of underlying technologies, predominantly Intel SGX, and aggregating them to establish the security promises of the final system. The performance evaluation of the system was conducted using a set of experimental workflows, executed both natively on Linux and inside Intel SGX. The proposed prototype system was deemed to be capable of mitigating 15 out of 18 potential threats defined in the threat model, which indicates a significant threat risk reduction. However, the added security resulted in degraded performance, which was considerable when executing system calls and significantly noticeable for workflows requiring multi-threading. The results showed that node execution time inside SGX was 4.8 times slower and the mean round trip time for workflow execution was 6 times slower than the native execution. The thesis aims to provide a starting point for estimating performance degradation for potential future applications requiring secure IoT workflow deployment on untrusted hosts. / Den snabba ökningen av antalet IoT-enheter i dagens samhälle och deras breda användningsområden kräver säkra och skalbara lösningar för exekvering av IoT-arbetsflöden. Detta examensarbete undersöker säkerheten för IoT-arbetsflöden skapade i Node-RED, ett öppen källkodsverktyg för visuell programmering, i kontexten att dessa arbetsflöden exekveras på opålitliga enheter som hanteras av molntjänstföretag, som i detta fall är Azure. Hypotesen var att säkerhetsgarantin för IoT-arbetsflöden kunde förbättras genom att använda en betrodd exekveringmiljö, såsom Intel SGX. Dessutom krävdes en utvärdering av påföljderna på systemets prestanda som en konsekvens av den betrodda exekveringmiljöns användning. En hotmodell för ett IoT-arbetsflödesystem etablerades med hjälp av ramverket STRIDE. En bedömning av säkerhetsgarantierna som tillhandahålls av prototypsystemet genomfördes med hjälp av en kvalitativ analys som jämförde säkerhetsgarantier för underliggande teknologier, främst Intel SGX, och aggregerade dessa för att etablera säkerhetsgarantin för det slutgiltiga systemet. Prestandautvärderingen av systemet genomfördes med hjälp av ett antal experimentella arbetsflöden, som exekverades både direkt på Linux och inuti den betrodda exekveringsmiljön Intel SGX. I det föreslagna prototypsystemet ansågs 15 utav 18 potentiella hot som definierats i hotmodellen vara försumbara, vilket indikerar en signifikant reduktion av hotbilden. Dock resulterade den ökade säkerheten i en försämrad prestanda, som var betydande när systemanrop användes och synnerligen märkbar för flöden som krävde parallellisering. Resultaten visade att nodexekveringstiden inuti SGX var 4,8 gånger långsammare och medelvärdet för rundturstiden för exekvering av ett arbetsflöde var 6 gånger långsammare än den direkta exekveringen. Examensarbetet syftar till att ge en utgångspunkt för att bedöma prestandaförsämringen för potentiella framtida applikationer som kräver säkra IoT-arbetsflöden exekverade på opålitliga enheter. IoT Node-RED Azure SGX Gramine Trusted Execution Environment Security STRIDE Computer and Information Sciences Data- och informationsvetenskap
12	Towards an Ideal Execution Environment for Programmable Network Switches Gruesen, Michael G. January 2016 (has links) No description available. Computer Science Software Defined Networking SDN Execution environment Virtual machine Programmable network switch
13	Methodologies, Techniques, and Tools for Understanding and Managing Sensitive Program Information Liu, Yin 20 May 2021 (has links) Exfiltrating or tampering with certain business logic, algorithms, and data can harm the security and privacy of both organizations and end users. Collectively referred to as sensitive program information (SPI), these building blocks are part and parcel of modern software systems in domains ranging from enterprise applications to cyberphysical setups. Hence, protecting SPI has become one of the most salient challenges of modern software development. However, several fundamental obstacles stand on the way of effective SPI protection: (1) understanding and locating the SPI for any realistically sized codebase by hand is hard; (2) manually isolating SPI to protect it is burdensome and error-prone; (3) if SPI is passed across distributed components within and across devices, it becomes vulnerable to security and privacy attacks. To address these problems, this dissertation research innovates in the realm of automated program analysis, code transformation, and novel programming abstractions to improve the state of the art in SPI protection. Specifically, this dissertation comprises three interrelated research thrusts that: (1) design and develop program analysis and programming support for inferring the usage semantics of program constructs, with the goal of helping developers understand and identify SPI; (2) provide powerful programming abstractions and tools that transform code automatically, with the goal of helping developers effectively isolate SPI from the rest of the codebase; (3) provide programming mechanism for distributed managed execution environments that hides SPI, with the goal of enabling components to exchange SPI safely and securely. The novel methodologies, techniques, and software tools, supported by programming abstractions, automated program analysis, and code transformation of this dissertation research lay the groundwork for establishing a secure, understandable, and efficient foundation for protecting SPI. This dissertation is based on 4 conference papers, presented at TrustCom'20, GPCE'20, GPCE'18, and ManLang'17, as well as 1 journal paper, published in Journal of Computer Languages (COLA). / Doctor of Philosophy / Some portions of a computer program can be sensitive, referred to as sensitive program information (SPI). By compromising SPI, attackers can hurt user security/privacy. It is hard for developers to identify and protect SPI, particularly for large programs. This dissertation introduces novel methodologies, techniques, and software tools that facilitate software developments tasks concerned with locating and protecting SPI. Software Engineering Program Analysis and Transformation Program Comprehension Trusted Execution Environment Middleware
14	Optimizing TEE Protection by Automatically Augmenting Requirements Specifications Dhar, Siddharth 03 June 2020 (has links) An increasing number of software systems must safeguard their confidential data and code, referred to as critical program information (CPI). Such safeguarding is commonly accomplished by isolating CPI in a trusted execution environment (TEE), with the isolated CPI becoming a trusted computing base (TCB). TEE protection incurs heavy performance costs, as TEE-based functionality is expensive to both invoke and execute. Despite these costs, projects that use TEEs tend to have unnecessarily large TCBs. As based on our analysis, developers often put code and data into TEE for convenience rather than protection reasons, thus not only compromising performance but also reducing the effectiveness of TEE protection. In order for TEEs to provide maximum benefits for protecting CPI, their usage must be systematically incorporated into the entire software engineering process, starting from Requirements Engineering. To address this problem, we present a novel approach that incorporates TEEs in the Requirements Engineering phase by using natural language processing (NLP) to classify those software requirements that are security critical and should be isolated in TEE. Our approach takes as input a requirements specification and outputs a list of annotated software requirements. The annotations recommend to the developer which corresponding features comprise CPI that should be protected in a TEE. Our evaluation results indicate that our approach identifies CPI with a high degree of accuracy to incorporate safeguarding CPI into Requirements Engineering. / Master of Science / An increasing number of software systems must safeguard their confidential data like passwords, payment information, personal details, etc. This confidential information is commonly protected using a Trusted Execution Environment (TEE), an isolated environment provided by either the existing processor or separate hardware that interacts with the operating system to secure sensitive data and code. Unfortunately, TEE protection incurs heavy performance costs, with TEEs being slower than modern processors and frequent communication between the system and the TEE incurring heavy performance overhead. We discovered that developers often put code and data into TEE for convenience rather than protection purposes, thus not only hurting performance but also reducing the effectiveness of TEE protection. By thoroughly examining a project's features in the Requirements Engineering phase, which defines the project's functionalities, developers would be able to understand which features handle confidential data. To that end, we present a novel approach that incorporates TEEs in the Requirements Engineering phase by means of Natural Language Processing (NLP) tools to categorize the project requirements that may warrant TEE protection. Our approach takes as input a project's requirements and outputs a list of categorized requirements defining which requirements are likely to make use of confidential information. Our evaluation results indicate that our approach performs this categorization with a high degree of accuracy to incorporate safeguarding the confidentiality related features in the Requirements Engineering phase. Trusted Execution Environment Natural Language Processing Recommendation System Critical Program Information Requirements Specification
15	Recommending TEE-based Functions Using a Deep Learning Model Lim, Steven 14 September 2021 (has links) Trusted execution environments (TEEs) are an emerging technology that provides a protected hardware environment for processing and storing sensitive information. By using TEEs, developers can bolster the security of software systems. However, incorporating TEE into existing software systems can be a costly and labor-intensive endeavor. Software maintenance—changing software after its initial release—is known to contribute the majority of the cost in the software development lifecycle. The first step of making use of a TEE requires that developers accurately identify which pieces of code would benefit from being protected in a TEE. For large code bases, this identification process can be quite tedious and time-consuming. To help reduce the software maintenance costs associated with introducing a TEE into existing software, this thesis introduces ML-TEE, a recommendation tool that uses a deep learning model to classify whether an input function handles sensitive information or sensitive code. By applying ML-TEE, developers can reduce the burden of manual code inspection and analysis. ML-TEE's model was trained and tested on functions from GitHub repositories that use Intel SGX and on an imbalanced dataset. The accuracy of the final model used in the recommendation system has an accuracy of 98.86% and an F1 score of 80.00%. In addition, we conducted a pilot study, in which participants were asked to identify functions that needed to be placed inside a TEE in a third-party project. The study found that on average, participants who had access to the recommendation system's output had a 4% higher accuracy and completed the task 21% faster. / Master of Science / Improving the security of software systems has become critically important. A trusted execution environment (TEE) is an emerging technology that can help secure software that uses or stores confidential information. To make use of this technology, developers need to identify which pieces of code handle confidential information and should thus be placed in a TEE. However, this process is costly and laborious because it requires the developers to understand the code well enough to make the appropriate changes in order to incorporate a TEE. This process can become challenging for large software that contains millions of lines of code. To help reduce the cost incurred in the process of identifying which pieces of code should be placed within a TEE, this thesis presents ML-TEE, a recommendation system that uses a deep learning model to help reduce the number of lines of code a developer needs to inspect. Our results show that the recommendation system achieves high accuracy as well as a good balance between precision and recall. In addition, we conducted a pilot study and found that participants from the intervention group who used the output from the recommendation system managed to achieve a higher average accuracy and perform the assigned task faster than the participants in the control group. Trusted Execution Environment Recommendation System Machine learning Function Classification Abstract Syntax Tree Classification
16	A Study on Private and Secure Federated Learning / プライベートで安全な連合学習 Kato, Fumiyuki 25 March 2024 (has links) 京都大学 / 新制・課程博士 / 博士(情報学) / 甲第25427号 / 情博第865号 / 新制\|\|情\|\|145(附属図書館) / 京都大学大学院情報学研究科社会情報学専攻 / (主査)教授伊藤孝行, 教授黒田知宏, 教授岡部寿男, 吉川正俊(京都大学名誉教授) / 学位規則第4条第1項該当 / Doctor of Informatics / Kyoto University / DFAM Privacy-preserving Machine Learining Federated Learning Federated Analytics Differential Privacy Trusted Execution Environment 7
17	Towards attack-tolerant trusted execution environments : Secure remote attestation in the presence of side channels Crone, Max January 2021 (has links) In recent years, trusted execution environments (TEEs) have seen increasing deployment in computing devices to protect security-critical software from run-time attacks and provide isolation from an untrustworthy operating system (OS). A trusted party verifies the software that runs in a TEE using remote attestation procedures. However, the publication of transient execution attacks such as Spectre and Meltdown revealed fundamental weaknesses in many TEE architectures, including Intel Software Guard Exentsions (SGX) and Arm TrustZone. These attacks can extract cryptographic secrets, thereby compromising the integrity of the remote attestation procedure. In this work, we design and develop a TEE architecture that provides remote attestation integrity protection even when confidentiality of the TEE is compromised. We use the formally verified seL4 microkernel to build the TEE, which ensures strong isolation and integrity. We offload cryptographic operations to a secure co-processor that does not share any vulnerable microarchitectural hardware units with the main processor, to protect against transient execution attacks. Our design guarantees integrity of the remote attestation procedure. It can be extended to leverage co-processors from Google and Apple, for wide-scale deployment on mobile devices. / Under de senaste åren används betrodda exekveringsmiljöer (TEE) allt mera i datorutrustning för att skydda säkerhetskritisk programvara från attacker och för att isolera dem från ett opålitligt operativsystem. En betrodd part verifierar programvaran som körs i en TEE med hjälp av fjärrattestering. Nyliga mikroarkitekturella anfall, t.ex. Spectre och Meltdown, har dock visat grundläggande svagheter i många TEE-arkitekturer, inklusive Intel SGX och Arm TrustZone. Dessa attacker kan avslöja kryptografiska hemligheter och därmed äventyra integriteten av fjärrattestning. I det här arbetet utvecklar vi en arkitektur för en betrodd exekveringsmiljö (TEE) som ger integritetsskydd genom fjärrattestering även när TEE:s konfidentialitet äventyras. Vi använder den formellt verifierade seL4-mikrokärnan för att bygga TEE:n som garanterar stark isolering och integritet. För att skydda kryptografiska operationer, overför vi dem till en säker samprocessor som inte delar någon sårbar mikroarkitektur med huvudprocessorn. Vår arktektur garanterar fjärrattesteringens integritet och kan utnyttja medprocessorer från Google och Apple för att användas i stor skala på mobila enheter. trusted execution environment remote attestation sel4 microkernel arm trustzone intel sgx side-channels transient execution attacks trusted execution environment remote attestation sel4 microkernel arm trustzone intel sgx side-channels transient execution attacks Computer and Information Sciences Data- och informationsvetenskap
18	Side-Channel Attacks on Intel SGX: How SGX Amplifies The Power of Cache Attack Moghimi, Ahmad 27 April 2017 (has links) In modern computing environments, hardware resources are commonly shared, and parallel computation is more widely used. Users run their services in parallel on the same hardware and process information with different confidentiality levels every day. Running parallel tasks can cause privacy and security problems if proper isolation is not enforced. Computers need to rely on a trusted root to protect the data from malicious entities. Intel proposed the Software Guard eXtension (SGX) to create a trusted execution environment (TEE) within the processor. SGX allows developers to benefit from the hardware level isolation. SGX relies only on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards any kind of side-channel attacks. Researchers have demonstrated that microarchitectural sidechannels are very effective in thwarting the hardware provided isolation. In scenarios that involve SGX as part of their defense mechanism, system adversaries become important threats, and they are capable of initiating these attacks. This work introduces a new and more powerful cache side-channel attack that provides system adversaries a high resolution channel. The developed attack is able to virtually track all memory accesses of SGX execution with temporal precision. As a proof of concept, we demonstrate our attack to recover cryptographic AES keys from the commonly used implementations including those that were believed to be resistant in previous attack scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous attacks which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover the AES key from T-Table based implementations in a known plaintext and ciphertext scenario with an average of 15 and 7 samples respectively. key recovery trusted execution environment security cache attack T-Table TEE SGX cache side-channel attack AES cryptography
19	Detection of side-channel attacks targeting Intel SGX / Detektion av attacker mot Intel SGX Lantz, David January 2021 (has links) In recent years, trusted execution environments like Intel SGX have allowed developers to protect sensitive code inside so called enclaves. These enclaves protect its code and data even in the cases of a compromised OS. However, SGX enclaves have been shown to be vulnerable to numerous side-channel attacks. Therefore, there is a need to investigate ways that such attacks against enclaves can be detected. This thesis investigates the viability of using performance counters to detect an SGX-targeting side-channel attack, specifically the recent Load Value Injection (LVI) class of attacks. A case study is thus presented where performance counters and a threshold-based detection method is used to detect variants of the LVI attack. The results show that certain attack variants could be reliably detected using this approach without false positives for a range of benign applications. The results also demonstrate reasonable levels of speed and overhead for the detection tool. Some of the practical limitations of using performance counters, particularly in an SGX-context, are also brought up and discussed. Security Trusted execution environment Intel SGX side channel attacks Load value injection detection performance counters Computer Sciences Datavetenskap (datalogi)
20	TOWARDS TRUSTWORTHY ON-DEVICE COMPUTATION Heejin Park (12224933) 20 April 2022 (has links) <div>Driven by breakthroughs in mobile and IoT devices, on-device computation becomes promising. Meanwhile, there is a growing concern over its security: it faces many threats</div><div>in the wild, while not supervised by security experts; the computation is highly likely to touch users’ privacy-sensitive information. Towards trustworthy on-device computation, we present novel system designs focusing on two key applications: stream analytics, and machine learning training and inference.</div><div><br></div><div>First, we introduce Streambox-TZ (SBT), a secure stream analytics engine for ARM-based edge platforms. SBT contributes a data plane that isolates only analytics’ data and</div><div>computation in a trusted execution environment (TEE). By design, SBT achieves a minimal trusted computing base (TCB) inside TEE, incurring modest security overhead.</div><div><br></div><div>Second, we design a minimal GPU software stack (50KB), called GPURip. GPURip allows developers to record GPU computation ahead of time, which will be replayed later</div><div>on client devices. In doing so, GPURip excludes the original GPU stack from run time eliminating its wide attack surface and exploitable vulnerabilities.</div><div><br></div><div>Finally, we propose CoDry, a novel approach for TEE to record GPU computation remotely. CoDry provides an online GPU recording in a safe and practical way; it hosts GPU stacks in the cloud that collaboratively perform a dryrun with client GPU models. To overcome frequent interactions over a wireless connection, CoDry implements a suite of key optimizations.</div> Computer Engineering Computer System Security Edge Computing TrustZone System Security Trusted Execution Environment (TEE) On-device Computation Stream Analytics Mobile GPU

Search results