Establishing Trusted Channels for Confidential Workloads
dc.contributor | Aalto-yliopisto | fi |
dc.contributor | Aalto University | en |
dc.contributor.advisor | Sovio, Sampo | |
dc.contributor.author | Giersfeld, Philipp | |
dc.contributor.school | Perustieteiden korkeakoulu | fi |
dc.contributor.supervisor | Francillon, Aurélien | |
dc.date.accessioned | 2024-09-01T17:06:27Z | |
dc.date.available | 2024-09-01T17:06:27Z | |
dc.date.issued | 2024 | |
dc.description.abstract | Confidential Computing protects data in-use by leveraging hardware-based, attested Trusted Execution Environments (TEEs). It is being rapidly adopted, with design specifications and hardware implementations emerging from all major platform vendors. The market for Confidential Computing is projected to reach $131 billion by 2030. The Confidential Containers (CoCo) project integrates Confidential Computing with existing cloud technologies to enhance adoption. A crucial aspect of Confidential Computing is the establishment of trusted channels, which maintains the confidentiality and integrity of data, similar to a secure channel, while also assuring other machines of the container to which they are connecting and what software it contains. In this thesis, we propose a trusted channel protocol based on WireGuard, integrated with the CoCo project, alongside a method for workload attestation. We implement a proof of concept for the upcoming Arm Confidential Computing Architecture (CCA) platform. Our implementation allows trusted channels between containers and unmodified client applications with an additional latency of just 1.5 s, incurred only during the initial establishment of the trusted channel. | en |
dc.format.extent | 56 | |
dc.format.mimetype | application/pdf | en |
dc.identifier.uri | https://aaltodoc.aalto.fi/handle/123456789/130570 | |
dc.identifier.urn | URN:NBN:fi:aalto-202409016132 | |
dc.language.iso | en | en |
dc.programme | Master’s Programme in Security and Cloud Computing (SECCLO) | fi |
dc.programme.major | Security and Cloud Computing | fi |
dc.programme.mcode | SCI3113 | fi |
dc.subject.keyword | remote attestation | en |
dc.subject.keyword | confidential computing | en |
dc.subject.keyword | trusted channel | en |
dc.subject.keyword | confidential containers | en |
dc.subject.keyword | arm CCA | en |
dc.subject.keyword | VPN | en |
dc.title | Establishing Trusted Channels for Confidential Workloads | en |
dc.type | G2 Pro gradu, diplomityö | fi |
dc.type.ontasot | Master's thesis | en |
dc.type.ontasot | Diplomityö | fi |
local.aalto.electroniconly | yes | |
local.aalto.openaccess | yes |
Files
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- master_Giersfeld_Philipp_2024.pdf
- Size:
- 1.53 MB
- Format:
- Adobe Portable Document Format