Confidential Computing
Confidential Computing is a new paradigm for protecting data in use from unauthorised access. This is achieved through novel hardware security extensions that enable the creation of Trusted Execution Environments (TEEs). Such TEEs are protected from the surrounding environment, including privileged system software layers and privileged actors such as a system administrator.
The research group conducts holistic research on how these new hardware-enabled environments are programmed and used. This includes the development of system software abstractions to take advantage of the hardware mechanisms, but also to demonstrate the impact of Confidential Computing on applications. In the latter case, distributed applications are of particular interest, as established security assumptions have to be re-evaluated. The group also focuses on the study of the hardware-enabled mechanisms themselves, in particular their non-functional properties such as performance and resource requirements. Furthermore, the gained understanding of the technology leads to identifying vulnerabilities and developing countermeasures.
Projects:
Distributed Ledger Technologies (DLTs), often referred to as blockchains, enable the realisation of reliable and attack-resilient services without a central infrastructure. However, the widely used proof-of-work mechanisms for DLTs suffer from high latencies of operations and enormous energy costs. Byzantine fault-tolerant (BFT) consensus protocols prove to be a potentially energy-efficient alternative to proof-of-work. However, current BFT protocols also present challenges that still limit their practical use in production systems. This research project addresses these challenges by (1) improving the scalability of BFT consensus protocols without reducing their resilience, (2) applying modelling approaches for making the expected performance and timing behaviour of these protocols more predictable, even under attacks, taking into consideration environmental conditions, and (3) supporting the design process for valid, automated testable BFT systems from specification to deployment in a blockchain infrastructure. The topic of scalability aims at finding practical solutions that take into account challenges such as recovery from major outages or upgrades, as well as reconfigurations at runtime. We also want to design a resilient communication layer that decouples the choice of a suitable communication topology from the actual BFT consensus protocol and thus reduces its complexity.This should be supported by the use of trusted hardware components. In addition, we want to investigate combinations of these concepts with suitable cryptographic primitives to further improve scalability. Using systematic modelling techniques, we want to be able to analyse the efficiency of scalable, complex BFT protocols (for example, in terms of throughput and latency of operations), already before deploying them in a real environment, based on knowledge of system size, computational power of nodes, and basic characteristics of the communication links. We also want to investigate robust countermeasures that help defending against targeted attacks in large-scale blockchain systems. The third objective is to support the systematic and valid implementation in a practical system, structured into a constructive, modular approach, in which a validatable BFT protocol is assembled based on smaller, validatable building blocks; the incorporation of automated test procedures based on a heuristic algorithm which makes the complex search space of misbehaviour in BFT systems more manageable; and a tool for automated deployment with accompanying benchmarking and stress testing in large-scale DLTs.
Participating Scientists:
Publications:
Trustworthy confidential virtual machines for the masses
24th ACM/IFIP International Middleware Conference, Middleware 2023
DOI: 10.1145/3590140.3629124 , , , , , :
SCONE: Secure linux containers with Intel SGX
12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016 (Savannah, GA, USA, 2. November 2016 - 4. November 2016)
In: Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016 2016 , , , , , , , , , , , , , , :
Glamdring: Automatic application partitioning for intel SGX
2017 USENIX Annual Technical Conference, USENIX ATC 2017 (Santa Clara, CA, USA, 12. July 2017 - 14. July 2017)
In: Proceedings of the 2017 USENIX Annual Technical Conference, USENIX ATC 2017 2019 , , , , , , , , , , , :
Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution
26th USENIX Security Symposium (Vancouver, BC, 16. August 2017 - 18. August 2017)
In: Proceedings of the 26th USENIX Security Symposium 2017 , , , , :
SecureKeeper: Confidential ZooKeeper using Intel SGX
17th International Middleware Conference, Middleware 2016 (Trento, ITA, 12. December 2016 - 16. December 2016)
In: Proceedings of the 17th International Middleware Conference, Middleware 2016 2016
DOI: 10.1145/2988336.2988350 , , , , , , , :
Hybrids on Steroids: SGX-based High Performance BFT
EuroSys 2017 (Belgrade)
In: Proceedings of the 12th European Conference on Computer Systems (EuroSys '17) 2017
URL: https://www4.cs.fau.de/Publications/2017/behl_17_eurosys.pdf , , :
SGX-Perf: A performance analysis tool for intel SGX enclaves
19th ACM/IFIP/USENIX International Middleware Conference, Middleware 2018 (Rennes, Brittany, FRA, 10. December 2018 - 14. December 2018)
In: Proceedings of the 19th International Middleware Conference, Middleware 2018 2018
DOI: 10.1145/3274808.3274824 , , :
AsyncShock: Exploiting synchronisation bugs in intel SGX enclaves
21st European Symposium on Research in Computer Security, ESORICS 2016 (Heraklion, GRC, 26. September 2016 - 30. September 2016)
In: Sokratis Katsikas, Catherine Meadows, Ioannis Askoxylakis, Sotiris Ioannidis (ed.): Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 2016
DOI: 10.1007/978-3-319-45744-4_22 , , , :
Precursor: A fast, client-centric and trusted key-value store using RDMA and Intel SGX
22nd International Middleware Conference, Middleware 2021 (Virtual, Online, CAN, 6. December 2021 - 10. December 2021)
In: Middleware 2021 - Proceedings of the 22nd International Middleware Conference 2021
DOI: 10.1145/3464298.3476129 , , , , , :
Acctee: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting
20th ACM/IFIP/USENIX Middleware Conference, Middleware 2019 (Davis, CA, USA, 9. December 2019 - 13. December 2019)
In: Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference 2019
DOI: 10.1145/3361525.3361541 , , , :