Towards security analysis and design of confidential computing systems
Confidential computing establishes an encrypted Trusted Execution Environment to ensure confidentiality and integrity protection. However, it still suffers from two significant problems: (1) Vulnerability to micro-architectural side-channel attacks; (2) Security and efficiency issues when handlin...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis-Doctor of Philosophy |
| Language: | English |
| Published: |
Nanyang Technological University
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/180639 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-180639 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1806392024-11-01T08:23:04Z Towards security analysis and design of confidential computing systems Lou, Xiaoxuan Zhang Tianwei College of Computing and Data Science tianwei.zhang@ntu.edu.sg Computer and Information Science Confidential computing establishes an encrypted Trusted Execution Environment to ensure confidentiality and integrity protection. However, it still suffers from two significant problems: (1) Vulnerability to micro-architectural side-channel attacks; (2) Security and efficiency issues when handling emerging applications. For the first problem, I conduct a comprehensive security analysis of existing confidential computing systems. An end-to-end attack method named NASPY is proposed to reveal novel Neural Architecture Search models from the encrypted TEE black box. Then Aegis is proposed as a unified defense framework for mitigating confidential virtual machines from Hardware Performance Counter side channels. For the second problem, I design more novel confidential computing systems integrating with recently emerging workloads. A watermarking scheme is designed for verifying the ownership of deep learning models within the TEE sandbox. Furthermore, I also integrate confidential computing with serverless computing to design a novel fast-launched confidential serverless computing system Neuralyzer Doctor of Philosophy 2024-10-16T01:42:17Z 2024-10-16T01:42:17Z 2024 Thesis-Doctor of Philosophy Lou, X. (2024). Towards security analysis and design of confidential computing systems. Doctoral thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/180639 https://hdl.handle.net/10356/180639 10.32657/10356/180639 en This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0). application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Computer and Information Science |
| spellingShingle |
Computer and Information Science Lou, Xiaoxuan Towards security analysis and design of confidential computing systems |
| description |
Confidential computing establishes an encrypted Trusted Execution Environment to ensure
confidentiality and integrity protection. However, it still suffers from two significant problems:
(1) Vulnerability to micro-architectural side-channel attacks; (2) Security and efficiency
issues when handling emerging applications.
For the first problem, I conduct a comprehensive security analysis of existing confidential
computing systems. An end-to-end attack method named NASPY is proposed to reveal
novel Neural Architecture Search models from the encrypted TEE black box. Then Aegis is
proposed as a unified defense framework for mitigating confidential virtual machines from
Hardware Performance Counter side channels.
For the second problem, I design more novel confidential computing systems integrating with
recently emerging workloads. A watermarking scheme is designed for verifying the
ownership of deep learning models within the TEE sandbox. Furthermore, I also integrate
confidential computing with serverless computing to design a novel fast-launched
confidential serverless computing system Neuralyzer |
| author2 |
Zhang Tianwei |
| author_facet |
Zhang Tianwei Lou, Xiaoxuan |
| format |
Thesis-Doctor of Philosophy |
| author |
Lou, Xiaoxuan |
| author_sort |
Lou, Xiaoxuan |
| title |
Towards security analysis and design of confidential computing systems |
| title_short |
Towards security analysis and design of confidential computing systems |
| title_full |
Towards security analysis and design of confidential computing systems |
| title_fullStr |
Towards security analysis and design of confidential computing systems |
| title_full_unstemmed |
Towards security analysis and design of confidential computing systems |
| title_sort |
towards security analysis and design of confidential computing systems |
| publisher |
Nanyang Technological University |
| publishDate |
2024 |
| url |
https://hdl.handle.net/10356/180639 |
| _version_ |
1814777781553201152 |