University of Cambridge > Talks.cam > Computer Laboratory Systems Research Group Seminar > Enclave-Aware Compartmentalization and Secure Sharing with Sirius

Enclave-Aware Compartmentalization and Secure Sharing with Sirius

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Srinivasan Keshav.

Hardware-assisted trusted execution environments (TEEs) are critical building blocks of many modern applications. However, they have a one-way isolation model that introduces a semantic gap between a TEE and its outside world. This lack of information causes an ever-increasing set of attacks on TEE -enabled applications that exploit various insecure interactions with the host OSs, applications, or other enclaves. In this talk, I will introduce Sirius, the first compartmentalization framework that achieves strong isolation and secure sharing in TEE -assisted applications by controlling the dataflows within primary kernel objects (e.g. threads, processes, address spaces, files, sockets, pipes) in both the secure and normal worlds. Sirius replaces ad-hoc interactions in current TEE systems with a principled approach that adds strong intra-address space isolation and effectively eliminates a wide range of attacks.

Bio: Zahra is PhD student in the Systems Research Group at the Cambridge University Computer Laboratory. Her research interest is operating systems, security, virtualization, and trustworthy computing. In particular, her work is centered around building systems to provide applications with strong isolation and fine-grained compartmentalization mechanisms. She did several research internships at Microsoft Research Redmond and Cambridge and received her MS degree from Indiana University Bloomington.

This talk is part of the Computer Laboratory Systems Research Group Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

© 2006-2021 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity