Cloud Anchor: An Exploration of Service Integrity Attestation with Hardware Roots of Trust

Distributed computing has enabled developers and researchers to solve complex problems at an impressive scale. Users implicitly trust these subtasks to be performed accurately and this trust can be abused by malicious service providers who aim to compromise the integrity of the system. These problems can be solved by using dedicated hardware; however it is expensive or impossible to distribute this solution to all providers in a system. In this paper, we explore InTest, a service integrity attestation framework that uses replay-based consistency checks to detect malicious service providers without the use of dedicated hardware. We investigate if its performance is affected by network topology, its accuracy in the face of incomplete information, and if it can be improved by minimally utilizing dedicated hardware. Our preliminary solution, Cloud Anchor, reduces the number of duplicated tasks by 30% while providing identical detection rates as the prior solution

Security of Field Devices in Future Water Management

Water management as a part of critical infrastructure is undergoing transformation alongside the advancement of digitalization. Future water management systems will incorporate both edge and cloud services. Increased connectivity of systems and the use of remote management together with growing heterogeneity and complexity of systems will bring new demands and challenges for security systems. In order to address these future security challenges, we study the zero trust approach and its possible realization with a physical unclonable function facility. Especially in our focus are resource-constrained devices like sensors in the field and their safety

PIM-Enclave: Bringing Confidential Computation Inside Memory

Demand for data-intensive workloads and confidential computing are the prominent research directions shaping the future of cloud computing. Computer architectures are evolving to accommodate the computing of large data better. Protecting the computation of sensitive data is also an imperative yet challenging objective; processor-supported secure enclaves serve as the key element in confidential computing in the cloud. However, side-channel attacks are threatening their security boundaries. The current processor architectures consume a considerable portion of its cycles in moving data. Near data computation is a promising approach that minimizes redundant data movement by placing computation inside storage. In this paper, we present a novel design for Processing-In-Memory (PIM) as a data-intensive workload accelerator for confidential computing. Based on our observation that moving computation closer to memory can achieve efficiency of computation and confidentiality of the processed information simultaneously, we study the advantages of confidential computing \emph{inside} memory. We then explain our security model and programming model developed for PIM-based computation offloading. We construct our findings into a software-hardware co-design, which we call PIM-Enclave. Our design illustrates the advantages of PIM-based confidential computing acceleration. Our evaluation shows PIM-Enclave can provide a side-channel resistant secure computation offloading and run data-intensive applications with negligible performance overhead compared to baseline PIM model