Trustworthy Data Provenance for Enclaves in Heterogeneous Distributed Systems

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Date
2022-08-22
Department
Major/Subject
Security and Cloud Computing
Mcode
SCI3113
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
Language
en
Pages
72
Series
Abstract
Trusted execution environments (TEEs) have gained significant traction over the last few years. They allow mutually distrusting systems to entrust each other with data and computation by running applications in strongly isolated containers called enclaves. Different TEEs can run different versions of an enclave platform and their realization depends on the underlying hardware. As enclaves migrate across many different TEEs, their integrity can be compromised. By tracking the provenance of enclaves, TEEs can assess their trustworthiness based on their migration history. However, this requires that the provenance data itself also be trustworthy. In this work, we leverage the strong isolation guarantees and attestation capability of TEEs to build QuickProv, a framework for fast, trustworthy data provenance for enclaves in heterogeneous distributed systems. We first show how we achieve trustworthy data provenance without using blockchains and consensus algorithms, and by using TEE capabilities. We then build a TrustZone-assisted enclave platform to support our provenance framework. Finally, we develop a proof-of-concept (PoC) implementation for QuickProv that is minimally intrusive and is tamper-resistant even in the presence of some compromised TEEs.
Description
Supervisor
Gunn, Lachlan
Thesis advisor
Dushku, Edlira
Keywords
remote attestation, provenance, trusted execution environment, migration, enclave
Other note
Citation