Establishing Trusted Channels for Confidential Workloads

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorSovio, Sampo
dc.contributor.authorGiersfeld, Philipp
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.supervisorFrancillon, Aurélien
dc.date.accessioned2024-09-01T17:06:27Z
dc.date.available2024-09-01T17:06:27Z
dc.date.issued2024
dc.description.abstractConfidential Computing protects data in-use by leveraging hardware-based, attested Trusted Execution Environments (TEEs). It is being rapidly adopted, with design specifications and hardware implementations emerging from all major platform vendors. The market for Confidential Computing is projected to reach $131 billion by 2030. The Confidential Containers (CoCo) project integrates Confidential Computing with existing cloud technologies to enhance adoption. A crucial aspect of Confidential Computing is the establishment of trusted channels, which maintains the confidentiality and integrity of data, similar to a secure channel, while also assuring other machines of the container to which they are connecting and what software it contains. In this thesis, we propose a trusted channel protocol based on WireGuard, integrated with the CoCo project, alongside a method for workload attestation. We implement a proof of concept for the upcoming Arm Confidential Computing Architecture (CCA) platform. Our implementation allows trusted channels between containers and unmodified client applications with an additional latency of just 1.5 s, incurred only during the initial establishment of the trusted channel.en
dc.format.extent56
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/130570
dc.identifier.urnURN:NBN:fi:aalto-202409016132
dc.language.isoenen
dc.programmeMaster’s Programme in Security and Cloud Computing (SECCLO)fi
dc.programme.majorSecurity and Cloud Computingfi
dc.programme.mcodeSCI3113fi
dc.subject.keywordremote attestationen
dc.subject.keywordconfidential computingen
dc.subject.keywordtrusted channelen
dc.subject.keywordconfidential containersen
dc.subject.keywordarm CCAen
dc.subject.keywordVPNen
dc.titleEstablishing Trusted Channels for Confidential Workloadsen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
local.aalto.electroniconlyyes
local.aalto.openaccessyes
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Giersfeld_Philipp_2024.pdf
Size:
1.53 MB
Format:
Adobe Portable Document Format