University of Cambridge > Talks.cam > Computer Laboratory Systems Research Group Seminar > Enabling System-Wide Isolation for Trusted Execution Environments

Enabling System-Wide Isolation for Trusted Execution Environments

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Srinivasan Keshav.

This talk has been canceled/deleted

Hardware-assisted trusted execution environments (TEEs) are critical building blocks of many modern applications. However, there are a growing number of attacks on TEE -enabled applications that exploit insecure interactions of these security primitives on existing OSs. Complex applications rely on many mechanisms on the host OS and TEE system; their complex interactions open a large attack surface that threatens both the trusted and untrusted worlds. In this talk, I will first describe our solution, Sirius, the first OS and TEE system to achieve system-wide isolation in TEEs. It enables fine-grained compartmentalisation, strong isolation, and secure interactions between enclaves and kernel objects (e.g., threads, address spaces, IPC , files, and sockets). Then I will show how Sirius replaces ad-hoc and inefficient forms of interactions in current TEE systems with a principled approach that adds strong inter- and intra-process isolation and efficiently eliminates a wide range of attacks.

This talk is part of the Computer Laboratory Systems Research Group Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

This talk is not included in any other list

Note that ex-directory lists are not shown.

 

© 2006-2020 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity