Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders

by   Franz Gregor, et al.

Trust is arguably the most important challenge for critical services both deployed as well as accessed remotely over the network. These systems are exposed to a wide diversity of threats, ranging from bugs to exploits, active attacks, rogue operators, or simply careless administrators. To protect such applications, one needs to guarantee that they are properly configured and securely provisioned with the "secrets" (e.g., encryption keys) necessary to preserve not only the confidentiality, integrity and freshness of their data but also their code. Furthermore, these secrets should not be kept under the control of a single stakeholder - which might be compromised and would represent a single point of failure - and they must be protected across software versions in the sense that attackers cannot get access to them via malicious updates. Traditional approaches for solving these challenges often use ad hoc techniques and ultimately rely on a hardware security module (HSM) as root of trust. We propose a more powerful and generic approach to trust management that instead relies on trusted execution environments (TEEs) and a set of stakeholders as root of trust. Our system, PALAEMON, can operate as a managed service deployed in an untrusted environment, i.e., one can delegate its operations to an untrusted cloud provider with the guarantee that data will remain confidential despite not trusting any individual human (even with root access) nor system software. PALAEMON addresses in a secure, efficient and cost-effective way five main challenges faced when developing trusted networked applications and services. Our evaluation on a range of benchmarks and real applications shows that PALAEMON performs efficiently and can protect secrets of services without any change to their source code.


page 1

page 3

page 4

page 8

page 9


TrustToken, a Trusted SoC solution for Non-Trusted Intellectual Property (IP)s

Secure and trustworthy execution in heterogeneous SoCs is a major priori...

WELES: Policy-driven Runtime Integrity Enforcement of Virtual Machines

Trust is of paramount concern for tenants to deploy their security-sensi...

iperfTZ: Understanding Network Bottlenecks for TrustZone-based Trusted Applications

The growing availability of hardware-based trusted execution environment...

Securing Access to Untrusted Services From TEEs with GateKeeper

Applications running in Trusted Execution Environments (TEEs) commonly u...

Secure Remote Credential Management with Mutual Attestation for Constrained Sensing Platforms with TEEs

Trusted Execution Environments (TEEs) are rapidly emerging as the go-to ...

ReZone: Disarming TrustZone with TEE Privilege Reduction

In TrustZone-assisted TEEs, the trusted OS has unrestricted access to bo...

A Review of Theoretical and Practical Challenges of Trusted Autonomy in Big Data

Despite the advances made in artificial intelligence, software agents, a...

Please sign up or login with your details

Forgot password? Click here to reset