세미나

[세미나] Bringing Trusted Computing Closer to Data - 이호준 교수 (성균관대학교)
작성일2021-05-13

다음주, 저희 정보보호대학원에서는 성균관대학교 이호준 교수님을 모시고 "Bringing Trusted Computing Closer to Data "주제로 아래와 같이 세미나를 개최하고자 합니다.                                                          

※ 코로나19 확산방지를 위하여 원격수업으로(ZOOM) 진행할 예정입니다.

 

 발표 10분전에 소회의실 미팅으로 연사님과의 짧은 간담회 시간이 있습니다.

 참여를 원하시는 분들은 줌의 참가기능을 이용하시면 됩니다.

 

= 아 래 =

 

o 일시

21.5.18(화) 16:00~

※ 시작시간 5분전에 준비하여 주세요.

 

URLhttps://zoom.us/j/2902905410

접속 비밀번호: 이메일 별도 공지

 

==================================                                                                                                                                                                             

Title: Bringing Trusted Computing Closer to Data
                                                                      

Abstract

Modern applications often involve the processing of sensitive information. However, the lack of privilege separation within the user space leaves sensitive application secrets such as cryptographic keys just as unprotected as a ”hello world” string. Cutting-edge hardware-supported security features are being introduced. However, the features are often vendor-specific or lack compatibility with older generations of processors. The situation leaves developers with no portable solution to incorporate protection for the sensitive application component.

We propose LOTRx86, a fundamental and portable approach for user-space privilege separation. Our approach creates a more privileged user execution layer called PrivUser by harnessing the underused intermediate privilege levels on the x86 architecture. The PrivUser memory space, a set of pages within process address space that are inaccessible to user mode, is a safe place for application secrets and routines that access them. We implement the LOTRx86 ABI that exports the privcall interface to users to invoke secret handling routines in PrivUser. This way, sensitive application operations that involve the secrets are performed in a strictly controlled manner. The memory access control in our architecture is privilege-based, accessing the protected application secret only requires a change in the privilege, eliminating the need for costly remote procedure calls or change in address space. We evaluated our platform by developing a proof-of-concept LOTRx86-enabled web server that employs our architecture to securely access its private key during an SSL connection. We conducted a set of experiments including a performance measurement on the PoC on both Intel and AMD PCs, and confirmed that LOTRx86 incurs only a limited performance overhead.


Bio 

Hojoon Lee is currently an assistant professor at Dept. of Computer Science and Engineering at Sungkyunkwan University since September, 2019. Prior to his current position, he spent one year as a postdoctoral researcher at CISPA under supervison of Prof. Michael Backes. He recevied my Ph.D from KAIST in 2018 advised by Prof. Brent Byunghoon Kang and his B.S. from The University of Texas at Austin. His main research interests lie in retrofitting security in computing systems against today’s advanced threats. His research interests include but not limited to Operating System Security, Trusted Execution Environments, Program Analysis, Software Security, and Secure AI Computation in Cloud.