Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders

by   Franz Gregor, et al.

Trust is arguably the most important challenge for critical services both deployed as well as accessed remotely over the network. These systems are exposed to a wide diversity of threats, ranging from bugs to exploits, active attacks, rogue operators, or simply careless administrators. To protect such applications, one needs to guarantee that they are properly configured and securely provisioned with the "secrets" (e.g., encryption keys) necessary to preserve not only the confidentiality, integrity and freshness of their data but also their code. Furthermore, these secrets should not be kept under the control of a single stakeholder - which might be compromised and would represent a single point of failure - and they must be protected across software versions in the sense that attackers cannot get access to them via malicious updates. Traditional approaches for solving these challenges often use ad hoc techniques and ultimately rely on a hardware security module (HSM) as root of trust. We propose a more powerful and generic approach to trust management that instead relies on trusted execution environments (TEEs) and a set of stakeholders as root of trust. Our system, PALAEMON, can operate as a managed service deployed in an untrusted environment, i.e., one can delegate its operations to an untrusted cloud provider with the guarantee that data will remain confidential despite not trusting any individual human (even with root access) nor system software. PALAEMON addresses in a secure, efficient and cost-effective way five main challenges faced when developing trusted networked applications and services. Our evaluation on a range of benchmarks and real applications shows that PALAEMON performs efficiently and can protect secrets of services without any change to their source code.



page 1

page 3

page 4

page 8

page 9


WELES: Policy-driven Runtime Integrity Enforcement of Virtual Machines

Trust is of paramount concern for tenants to deploy their security-sensi...

iperfTZ: Understanding Network Bottlenecks for TrustZone-based Trusted Applications

The growing availability of hardware-based trusted execution environment...

SvTPM: A Secure and Efficient vTPM in the Cloud

Virtual Trusted Platform Modules (vTPMs) have been widely used in commer...

Attestation Mechanisms for Trusted Execution Environments Demystified

Attestation is a fundamental building block to establish trust over soft...

Secure Remote Credential Management with Mutual Attestation for Constrained Sensing Platforms with TEEs

Trusted Execution Environments (TEEs) are rapidly emerging as the go-to ...

Methodically Defeating Nintendo Switch Security

We explain, step by step, how we strategically circumvented the Nintendo...

ReZone: Disarming TrustZone with TEE Privilege Reduction

In TrustZone-assisted TEEs, the trusted OS has unrestricted access to bo...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.