Trusted Computing on Modern Platforms: Analysis, Challenges, and Implications

Doctoral Thesis

Abstract

Computing architectures come in all forms and shapes, and they impact our daily lives significantly. Smartphones are omnipresent, most jobs require daily interactions with computers, and leisure time is dominated by the availability of decades worth of TV shows at the tip of a finger. As computing architectures dominate many fields, they must also process confidential data, from medical data and e-voting to personal communications in social networks. Protecting such confidential data is of utmost importance.

Recently, hardware support for confidential computing has been proposed for computing architectures called trusted execution environments (TEE). TEEs aim to enable computations on confidential data without trusting large codebases such as the operating system. They do so by launching a restricted environment isolated from all other software on the platform. Since TEE architectures have been made available in commercial products, they have been widely used in industrial and academic applications, and such confidential computing offerings have even permeated to major cloud providers.

While many TEE designs exist from academia and industry, keeping track of all proposals and understanding their advantages and disadvantages remains challenging. We start this thesis by studying numerous existing designs according to their security properties and design tradeoffs. We find that TEE designs are very much dictated by performance; thus, many designs end up with similar design decisions to keep the overhead to a minimum. Furthermore, TEE designs are restricted to the central processor, an apparent disconnect to modern platforms that offload computation to external accelerators. Therefore, we propose a TEE architecture that supports modern platforms with external specialized devices. Then, we turn to applications enabled by TEEs: We investigate an application that has the potential to negatively impact our society by increasing the effectiveness of fake news campaigns and potentially increasing the amount of sold votes in an e-voting system. While this is luckily not yet an acute problem, we highlight its implications and analyze defenses. Finally, we explore mitigations of side-channel attacks, an attack vector left to application developers to protect. We study how compilers can sometimes render state-of-the-art mitigations at the source-code level ineffective. We demonstrate multiple cases where modern cryptographic implementations that follow all guidelines for source-code mitigations produce binaries that may be vulnerable to side-channel attacks.

Research Area: Trusted Computing

People

BibTex

@PHDTHESIS{schneider2024trusted,
	copyright = {In Copyright - Non-Commercial Use Permitted},
	year = {2024},
	type = {Doctoral Thesis},
	author = {Schneider, Moritz},
	size = {184 p.},
	abstract = {Computing architectures come in all forms and shapes, and they impact our daily lives significantly. Smartphones are omnipresent, most jobs require daily interactions with computers, and leisure time is dominated by the availability of decades worth of TV shows at the tip of a finger. As computing architectures dominate many fields, they must also process confidential data, from medical data and e-voting to personal communications in social networks. Protecting such confidential data is of utmost importance. Recently, hardware support for confidential computing has been proposed for computing architectures called trusted execution environments (TEE). TEEs aim to enable computations on confidential data without trusting large codebases such as the operating system. They do so by launching a restricted environment isolated from all other software on the platform. Since TEE architectures have been made available in commercial products, they have been widely used in industrial and academic applications, and such confidential computing offerings have even permeated to major cloud providers.While many TEE designs exist from academia and industry, keeping track of all proposals and understanding their advantages and disadvantages remains challenging. We start this thesis by studying numerous existing designs according to their security properties and design tradeoffs. We find that TEE designs are very much dictated by performance; thus, many designs end up with similar design decisions to keep the overhead to a minimum. Furthermore, TEE designs are restricted to the central processor, an apparent disconnect to modern platforms that offload computation to external accelerators. Therefore, we propose a TEE architecture that supports modern platforms with external specialized devices. Then, we turn to applications enabled by TEEs: We investigate an application that has the potential to negatively impact our society by increasing the effectiveness of fake news campaigns and potentially increasing the amount of sold votes in an e-voting system. While this is luckily not yet an acute problem, we highlight its implications and analyze defenses. Finally, we explore mitigations of side-channel attacks, an attack vector left to application developers to protect. We study how compilers can sometimes render state-of-the-art mitigations at the source-code level ineffective. We demonstrate multiple cases where modern cryptographic implementations that follow all guidelines for source-code mitigations produce binaries that may be vulnerable to side-channel attacks.},
	keywords = {Hardware Security; Side channel attacks; Trusted Execution Environment; System Security},
	language = {en},
	address = {Zurich},
	publisher = {ETH Zurich},
	DOI = {10.3929/ethz-b-000671609},
	title = {Trusted Computing on Modern Platforms: Analysis, Challenges, and Implications},
	school = {ETH Zurich}
}

Research Collection: 20.500.11850/671609