Confidential remote computing

Thesis

Since their market launch in late 2015, trusted hardware enclaves have revolutionised the computing world with data-in-use protections. Their security features of confidentiality, integrity and attestation attract many application developers to move their valuable assets, such as cryptographic keys, password managers, private data, secret algorithms and mission-critical operations, into them. The potential security issues have not been well explored yet, and the quick integration movement into these widely available hardware technologies has created emerging problems. Today system and application designers utilise enclave-based protections for critical assets; however, the gap within the area of hardware-software co-design causes these applications to fail to benefit from strong hardware features. This research presents hands-on experiences, techniques and models on the correct utilisation of hardware enclaves in real-world systems.

We begin with designing a generic template for scalable many-party applications processing private data with mutually agreed public code. Many-party applications can vary from smart-grid systems to electronic voting infrastructures and block-chain smart contracts to internet-of-things deployments. Next, our research extensively examines private algorithms executing inside trusted hardware enclaves. We present practical use cases for protecting intellectual property, valuable algorithms and business or game logic besides private data. Our mechanisms allow querying private algorithms on rental services, querying private data with privacy filters such as differential privacy budgets, and integrity-protected computing power as a service. These experiences lead us to consolidate the disparate research into a unified Confidential Remote Computing (CRC) model. CRC consists of three main areas: the trusted hardware, the software development and the attestation domains. It resolves the ambiguity of trust in relevant fields and provides a systematic view of the field from past to future. Lastly, we examine the questions and misconceptions about malicious software profiting from security features offered by the hardware.

The more popular idea of confidential computing focuses on servers managed by major technology vendors and cloud infrastructures. In contrast, CRC focuses on practices in a more decentralised setting for end-users, system designers and developers.

Authors: Küçük, KA

• DOI: 10.5287/ora-2rovaxbjd
• Type of award: DPhil
• Level of award: Doctoral
• Awarding institution: University of Oxford
• Language: English
• Keywords: malware; confidential remote computing; software guard eXtensions; confidential computing; Intel SGX; trusted execution environment; private algorithms; CRC; secret code execution; TEE
• Subjects: Confidential communications; Cryptography; Digital rights management; ARM microprocessors; Computer programming; Attest function (Auditing); Computers; Reduced instruction set computers; Smart power grids; Engineering; Software container technologies; Computer algorithms; Data encryption (Computer science); Trust; Data integrity; Edge computing; Remote procedure calls; Hardware; C++ (Computer program language); Cyberinfrastructure; Cloud computing; Internet of things; Malware (Computer software); Computer security; Data privacy; Public key cryptography; CISC microprocessors; Hashing (Computer science); Software; X86 assembly language (Computer program language); Computer network architectures