KAIST Graduate School of Information Security

[세미나] Securing applications from untrusted services - 권영진 교수 (KAIST)
작성일2020-06-23
저희 정보보호대학원에서는 KAIST전산학부 권영진 교수님을 모시고 "Securing applications from untrusted services" 주제로 아래와 같이 세미나를 개최하고자 합니다. 코로나19 확산방지를 위하여 원격수업으로 진행할 예정이오니, 아래 관련 링크주소로 접속하여 주시길 바랍니다. = 아 래 = o 일시 - 20.6.2(화) 16:00~ ※ 시작시간 5분전에 준비하여 주세요. - zoom url : https://kaist.zoom.us/j/3674821514 ============================== Title: Securing applications from untrusted services Abstract: Although trusted execution environments (TEEs) have evolved to provide strong isolation with efficient hardware supports, their current monolithic model poses challenges in representing common software structures with multiple modules produced by potentially untrusted parties. For better mapping of such modular software designs to TEEs, it is necessary to extend the current monolithic model to hierarchical nested TEEs, which provide multiple inner TEEs within a TEE. For such hardware-supported privilege separation within a TEE, this paper proposes a novel multi-level TEE model called nested enclave, which extends the enclave model from Intel SGX. Inspired by the multilevel security model, the nested enclave provides multiple inner enclaves sharing the same outer enclave. Inner enclaves can access the context of the outer enclave, but they are protected from the outer enclave and non-enclave execution. Peer inner enclaves are isolated from each other, while accessing the execution environments of the shared outer enclaves. Both of the inner and outer enclaves guarantee to be protected from vulnerable privileged software and physical attacks. Such a fine-grained nested enclave allows secure multi-tiered environments using software modules from untrusted 3rd parties. The security-sensitive modules run on the inner enclave with the higher security level, while the 3rd party modules on the outer enclave. It can be further extended to provide a separate inner module for each user to process privacy-sensitive data, while sharing the same library with efficient hardware-protected communication channels. To prove the feasibility of the nested enclave model, this study investigates four different application scenarios implemented with an emulated nested enclave support. Bio Youngjin Kwon is an Assistant Professor at KAIST. His research interests lie in operating systems, including file systems, emerging storage and memory technologies, system support for security, and virtualization. His research has been recognized by VMware, and he contributed to building an initial version of his research work to the VMware commercial hypervisor. =============================

[세미나] Securing applications from untrusted services - 권영진 교수 (KAIST)

작성일2020-06-23

저희 정보보호대학원에서는 KAIST전산학부 권영진 교수님을 모시고

"Securing applications from untrusted services" 주제로 아래와 같이 세미나를 개최하고자 합니다.

코로나19 확산방지를 위하여 원격수업으로 진행할 예정이오니,

아래 관련 링크주소로 접속하여 주시길 바랍니다.

= 아 래 =

o 일시

- 20.6.2(화) 16:00~

※ 시작시간 5분전에 준비하여 주세요.

- zoom url : https://kaist.zoom.us/j/3674821514

==============================

Title: Securing applications from untrusted services

Abstract:

Although trusted execution environments (TEEs) have evolved to provide strong isolation with efficient hardware supports, their current monolithic model poses challenges in representing common software structures with multiple modules produced by potentially untrusted parties. For better mapping of such modular software designs to TEEs, it is necessary to extend the current monolithic model to hierarchical nested TEEs, which provide multiple inner TEEs within a TEE. For such hardware-supported privilege separation within a TEE, this paper proposes a novel multi-level TEE model called nested enclave, which extends the enclave model from Intel SGX. Inspired by the multilevel security model, the nested enclave provides multiple inner enclaves sharing the same outer enclave. Inner enclaves can access the context of the outer enclave, but they are protected from the outer enclave and non-enclave execution. Peer inner enclaves are isolated from each other, while accessing the execution environments of the shared outer enclaves. Both of the inner and outer enclaves guarantee to be protected from vulnerable privileged software and physical attacks. Such a fine-grained nested enclave allows secure multi-tiered environments using software modules from untrusted 3rd parties. The security-sensitive modules run on the inner enclave with the higher security level, while the 3rd party modules on the outer enclave. It can be further extended to provide a separate inner module for each user to process privacy-sensitive data, while sharing the same library with efficient hardware-protected communication channels. To prove the feasibility of the nested enclave model, this study investigates four different application scenarios implemented with an emulated nested enclave support.

Bio

Youngjin Kwon is an Assistant Professor at KAIST. His research interests lie in operating systems,

including file systems, emerging storage and memory technologies, system support for security, and virtualization.

His research has been recognized by VMware, and he contributed to building an initial version of

his research work to the VMware commercial hypervisor.

=============================

목록으로