Towards security analysis and design of confidential computing systems

Confidential computing establishes an encrypted Trusted Execution Environment to ensure confidentiality and integrity protection. However, it still suffers from two significant problems: (1) Vulnerability to micro-architectural side-channel attacks; (2) Security and efficiency issues when handlin...

Full description

Saved in:
Bibliographic Details
Main Author: Lou, Xiaoxuan
Other Authors: Zhang Tianwei
Format: Thesis-Doctor of Philosophy
Language:English
Published: Nanyang Technological University 2024
Subjects:
Online Access:https://hdl.handle.net/10356/180639
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:Confidential computing establishes an encrypted Trusted Execution Environment to ensure confidentiality and integrity protection. However, it still suffers from two significant problems: (1) Vulnerability to micro-architectural side-channel attacks; (2) Security and efficiency issues when handling emerging applications. For the first problem, I conduct a comprehensive security analysis of existing confidential computing systems. An end-to-end attack method named NASPY is proposed to reveal novel Neural Architecture Search models from the encrypted TEE black box. Then Aegis is proposed as a unified defense framework for mitigating confidential virtual machines from Hardware Performance Counter side channels. For the second problem, I design more novel confidential computing systems integrating with recently emerging workloads. A watermarking scheme is designed for verifying the ownership of deep learning models within the TEE sandbox. Furthermore, I also integrate confidential computing with serverless computing to design a novel fast-launched confidential serverless computing system Neuralyzer