Skip to main content
To KTH's start page

Security Seminar: Blinded Memory with N. Asokan

Outsourcing computing to remote processors is compelling, but cryptographic techniques like homomorphic encryption incur high costs. Trusted Execution Environments (TEEs) provide secure outsourced computing, but recent attacks question their security. I will discuss Blinded Memory (BliMe), which uses minimal processor extensions and taint-tracking to ensure data confidentiality against server malware, run-time, or side-channel attacks. BliMe employs Instruction Set Architecture (ISA) extensions with a hardware security module (HSM) and encryption engine for secure outsourced computing. I'll cover the architecture, current status, and challenges.

Time: Thu 2024-05-16 16.00 - 17.00

Location: Amiga, Kistagången 16

Video link: Zoom

Language: English

Participating: Prof. N. Asokan, University of Waterloo, Canada

Export to calendar

Speaker

Prof. N. Asokan, University of Waterloo, Canada

Title

Blinded Memory

Abstract

Outsourcing computing to a remote processor is popular and compelling. Cryptographic techniques like homomorphic encryption allow a client to outsource computation on sensitive data while ensuring that the data cannot be leaked. However, such techniques incur substantial computation and communication costs. Leveraging hardware assistance to efficiently ensure security is thus an attractive proposition. Trusted Execution Environments (TEEs), which saw widespread deployment in the early 2000s by mobile device manufacturers to run sensitive computations on commodity devices, can help to realize secure outsourced computing. But the security guarantees provided by traditional TEEs have been called into question by various recent attacks that exploit the inherent complexity of modern hardware and software. In this talk, I will describe Blinded Memory (BliMe): on-going work by my students to design minimal processor extensions that can help to efficiently realize secure outsourced computing. BliMe consists of a minimal set of Instruction Set Architecture (ISA) extensions that use taint-tracking to ensure confidentiality of sensitive (client) data even in the presence of server malware, run-time attacks, or side-channel attacks. To secure outsourced computation, BliMe extensions can be used together with an attestable, fixed-function hardware security module (HSM) and an encryption engine that provides atomic decrypt-and-taint and encrypt-and-untaint operations. I will describe the overall architecture, the current status of the work, and the challenges we face.

Bio

N. Asokan is a professor of computer science and a David R. Cheriton Chair at the University of Waterloo where he also serves as the executive director of the Cybersecurity and Privacy Institute. Asokan is a Fellow of the ACM, the IEEE, and the Royal Society of Canada. His research focuses on systems security. More information about his work is on his website at https://asokan.org/asokan/ or via X/Twitter @nasokan

Host