EURECOM SECURITY SYSTEM Talk "Isolation based protection for modern Trusted Execution Environments"

Thomas Eisenbarth -
Digital Security

Date: -
Location: Eurecom

Abstract: From IoT devices to Cloud computing, services of different criticality and various mutually distrustful parties share a common computing platform. One pillar of security is provided by hardware-based isolation mechanisms. Trusted Execution Environments (TEEs) combine isolation and attestation to provide protection and assurance of executed code and data. Isolation is often based on cryptographic mechanisms, which has the advantage to protect against physical attackers with access to DRAM. While cryptographic isolation also provides security against software attackers, the required cryptographic properties like integrity and freshness are often deemed too costly. Instead, a combination of access-right based protection and cryptography is used to mitigate both physical and software level attacks without using overly costly cryptographic constructions. In this talk we revisit how isolation mechanisms evolved over different generations of AMD SEV and discuss remaining weaknesses, how they can be exploited and how they can be mitigated. The presented work is based on joint work with Mengyuan Li, Mathias Morbitzer, Radu Teodorescu, Jan Wichelmann, Luca Wilke, Yinqian Zhang. Bio: Thomas Eisenbarth is a Professor at the Institute for IT Security at University of Lübeck. Thomas received his Ph.D. in Electrical and Computer Engineering from Ruhr University Bochum, Germany, where he worked as a member of the Horst Goertz Institute for IT Security. He spent two years at the Center for Cryptology and Information Security (CCIS) at Florida Atlantic University. In 2012 he joined the ECE Department and Vernam lab at WPI. Since 2017 he serves as Director Institute for IT Security at University of Lübeck. His research interests include system security, applied cryptography, side channel attacks and countermeasures.