Enclave Host Interface for Security

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorRusanen, Antti
dc.contributor.authorSinha, Anmol
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.supervisorEkberg, Jan-Erik
dc.date.accessioned2022-08-30T14:03:00Z
dc.date.available2022-08-30T14:03:00Z
dc.date.issued2022-08-22
dc.description.abstractSecure enclave technology has during the last decade emerged as an important hardware security primitive in server computer cores, and increasingly also in chips intended for consumer devices like mobile phones and PCs. The Linux Confidential Compute Consortium has taken a leading role in defining the host APIs for enclave access (e.g. OpenEnclave APIs). Earlier solutions for security isolation in mobile phones relied on so called Trusted Execution Environments, which are similar in hardware isolation, but serve primarily OEM device security use-cases, and the environments are access controlled by remote trust roots (code signatures). This thesis examines the security requirements for enclaves, visible through APIs and SDKs. An augmented IDE / SDK interface that accounts for security, including legacy considerations present with TEEs is also proposed. This thesis also attempts to improve developer experience related to development of trusted application by providing a tight integration with IDE and an expressive way to select methods which can be carved out of an existing rust application into a seperate trusted application. Furthermore, this thesis also discusses some common pitfalls while developing code for trusted applications and attempts to mitigate several of the discussed risks. The work plan includes a background study on existing TEE and enclave SDKs, a novel SDK augmentation that accounts for the features listed above, and a prototype implementation that highlights the enclave security needs beyond mere isolated execution. An IDE plugin is also implemented, that exemplifies how software engineers (with potentially limited security knowledge) can implement a trusted application service with enclave support such that the end result (enclave code) will run without information leakage or interface security problems.en
dc.format.extent51
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/116438
dc.identifier.urnURN:NBN:fi:aalto-202208305251
dc.language.isoenen
dc.programmeMaster’s Programme in Security and Cloud Computing (SECCLO)fi
dc.programme.majorSecurity and Cloud Computingfi
dc.programme.mcodeSCI3113fi
dc.subject.keywordtrusted execution environmenten
dc.subject.keywordenclaveen
dc.subject.keywordtrusted applicationen
dc.subject.keywordSDKen
dc.subject.keywordvsual studio codeen
dc.titleEnclave Host Interface for Securityen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
local.aalto.electroniconlyyes
local.aalto.openaccessyes
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Sinha_Anmol_2022.pdf
Size:
762.8 KB
Format:
Adobe Portable Document Format