Towards security analysis and design of confidential computing systems
Confidential computing establishes an encrypted Trusted Execution Environment to ensure confidentiality and integrity protection. However, it still suffers from two significant problems: (1) Vulnerability to micro-architectural side-channel attacks; (2) Security and efficiency issues when handlin...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis-Doctor of Philosophy |
| Language: | English |
| Published: |
Nanyang Technological University
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/180639 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Confidential computing establishes an encrypted Trusted Execution Environment to ensure
confidentiality and integrity protection. However, it still suffers from two significant problems:
(1) Vulnerability to micro-architectural side-channel attacks; (2) Security and efficiency
issues when handling emerging applications.
For the first problem, I conduct a comprehensive security analysis of existing confidential
computing systems. An end-to-end attack method named NASPY is proposed to reveal
novel Neural Architecture Search models from the encrypted TEE black box. Then Aegis is
proposed as a unified defense framework for mitigating confidential virtual machines from
Hardware Performance Counter side channels.
For the second problem, I design more novel confidential computing systems integrating with
recently emerging workloads. A watermarking scheme is designed for verifying the
ownership of deep learning models within the TEE sandbox. Furthermore, I also integrate
confidential computing with serverless computing to design a novel fast-launched
confidential serverless computing system Neuralyzer |
|---|