29 research outputs found
Cloud Anchor: An Exploration of Service Integrity Attestation with Hardware Roots of Trust
Distributed computing has enabled developers and researchers to solve complex problems at an impressive scale. Users implicitly trust these subtasks to be performed accurately and this trust can be abused by malicious service providers who aim to compromise the integrity of the system. These problems can be solved by using dedicated hardware; however it is expensive or impossible to distribute this solution to all providers in a system. In this paper, we explore InTest, a service integrity attestation framework that uses replay-based consistency checks to detect malicious service providers without the use of dedicated hardware. We investigate if its performance is affected by network topology, its accuracy in the face of incomplete information, and if it can be improved by minimally utilizing dedicated hardware. Our preliminary solution, Cloud Anchor, reduces the number of duplicated tasks by 30% while providing identical detection rates as the prior solution
Security of Field Devices in Future Water Management
Water management as a part of critical infrastructure is undergoing transformation alongside the
advancement of digitalization. Future water management systems will incorporate both edge and cloud services.
Increased connectivity of systems and the use of remote management together with growing heterogeneity and
complexity of systems will bring new demands and challenges for security systems. In order to address these
future security challenges, we study the zero trust approach and its possible realization with a physical unclonable
function facility. Especially in our focus are resource-constrained devices like sensors in the field and their safety
PIM-Enclave: Bringing Confidential Computation Inside Memory
Demand for data-intensive workloads and confidential computing are the
prominent research directions shaping the future of cloud computing. Computer
architectures are evolving to accommodate the computing of large data better.
Protecting the computation of sensitive data is also an imperative yet
challenging objective; processor-supported secure enclaves serve as the key
element in confidential computing in the cloud. However, side-channel attacks
are threatening their security boundaries. The current processor architectures
consume a considerable portion of its cycles in moving data. Near data
computation is a promising approach that minimizes redundant data movement by
placing computation inside storage. In this paper, we present a novel design
for Processing-In-Memory (PIM) as a data-intensive workload accelerator for
confidential computing. Based on our observation that moving computation closer
to memory can achieve efficiency of computation and confidentiality of the
processed information simultaneously, we study the advantages of confidential
computing \emph{inside} memory. We then explain our security model and
programming model developed for PIM-based computation offloading. We construct
our findings into a software-hardware co-design, which we call PIM-Enclave. Our
design illustrates the advantages of PIM-based confidential computing
acceleration. Our evaluation shows PIM-Enclave can provide a side-channel
resistant secure computation offloading and run data-intensive applications
with negligible performance overhead compared to baseline PIM model