Meni Orenbach (EE, Technion)
Wednesday, 23.6.2021, 11:30
Trusted execution environments such as secure enclaves are now available in several popular CPUs, and supported in public clouds. Enclaves can be used to efficiently shield applications against privileged adversaries, and secure sensitive data processed by them through strong isolation backed by the hardware. Yet, enclaves are not a silver bullet: they are vulnerable to unique side-channel attacks, they exhibit poor performance when system calls are invoked and when page faults occur, they lack a secure variant of software abstractions such as page fault handlers, and finally, the hardware does not protect against Iago attacks.
In our work, we tackle the aforementioned shortcomings of existing enclaves with system abstractions, practical hardware modifications, and tools to support them. In this talk, we provide a high-level overview of our approach followed by presenting TEEProtect, a framework for thwarting Iago attacks.
* Ph.D. student under supervision of Prof. Mark Silberstein.