Confidential Computing

Confidential Computing is a new paradigm for protecting data in use from unauthorised access. This is achieved through novel hardware security extensions that enable the creation of Trusted Execution Environments (TEEs). Such TEEs are protected from the surrounding environment, including privileged system software layers and privileged actors such as a system administrator. 

The research group conducts holistic research on how these new hardware-enabled environments are programmed and used. This includes the development of system software abstractions to take advantage of the hardware mechanisms, but also to demonstrate the impact of Confidential Computing on applications. In the latter case, distributed applications are of particular interest, as established security assumptions have to be re-evaluated. The group also focuses on the study of the hardware-enabled mechanisms themselves, in particular their non-functional properties such as performance and resource requirements. Furthermore, the gained understanding of the technology leads to identifying vulnerabilities and developing countermeasures.

Projects:

Distributed Ledger Technologies (DLTs), often referred to as blockchains, enable the realisation of reliable and attack-resilient services without a central infrastructure. However, the widely used proof-of-work mechanisms for DLTs suffer from high latencies of operations and enormous energy costs. Byzantine fault-tolerant (BFT) consensus protocols prove to be a potentially energy-efficient alternative to proof-of-work. However, current BFT protocols also present challenges that still limit their practical use in production systems. This research project addresses these challenges by (1) improving the scalability of BFT consensus protocols without reducing their resilience, (2) applying modelling approaches for making the expected performance and timing behaviour of these protocols more predictable, even under attacks, taking into consideration environmental conditions, and (3) supporting the design process for valid, automated testable BFT systems from specification to deployment in a blockchain infrastructure. The topic of scalability aims at finding practical solutions that take into account challenges such as recovery from major outages or upgrades, as well as reconfigurations at runtime. We also want to design a resilient communication layer that decouples the choice of a suitable communication topology from the actual BFT consensus protocol and thus reduces its complexity.This should be supported by the use of trusted hardware components. In addition, we want to investigate combinations of these concepts with suitable cryptographic primitives to further improve scalability. Using systematic modelling techniques, we want to be able to analyse the efficiency of scalable, complex BFT protocols (for example, in terms of throughput and latency of operations), already before deploying them in a real environment, based on knowledge of system size, computational power of nodes, and basic characteristics of the communication links. We also want to investigate robust countermeasures that help defending against targeted attacks in large-scale blockchain systems. The third objective is to support the systematic and valid implementation in a practical system, structured into a constructive, modular approach, in which a validatable BFT protocol is assembled based on smaller, validatable building blocks; the incorporation of automated test procedures based on a heuristic algorithm which makes the complex search space of misbehaviour in BFT systems more manageable; and a tool for automated deployment with accompanying benchmarking and stress testing in large-scale DLTs.

More information

Participating Scientists:

Publications: