Building Secure Systems from Memory Enclaves
Host
CSAIL Security Seminar
Title: "Building Secure Systems from Memory Enclaves"
Abstract: Cloud computing has revolutionized modern IT
environments, but also created a number of security challenges.
For instance, a malicious infrastructure provider or a tenant
can potentially see other tenants data in a public cloud.
Encrypted memory enclaves (Intel SGX) is an emerging
architecture for building secure systems that can be used to
protect data and programs from malicious co-tenants, operators,
and even hypervisors. However, enclaves have a number of
architectural limitations that make building secure systems
challenging. For example, they have a small physical memory
size, introduce large performance overheads, and remain
vulnerable to side-channel attacks.
In this talk, I will discuss how to build secure systems from
memory enclaves, addressing some of their limitations. I will
present ZeroTrace an oblivious memory controller that can be
used to protect applications against side-channel attacks. I
will also present StealthDB an encrypted database system from
Intel SGX. StealthDB has a very small trusted computing base,
scales to large datasets, and provides strong security
guarantees at steady state and during query execution. StealthDB
is the first database that supports both analytical and
transactional queries and runs on top of an unmodified DBMS
engine.
bio:
Sergey is an Assistant Professor at the University of Waterloo. His interests range from cryptography to design of secure large scale systems, computer networks, protocols and blockchains. In his research he studies how to build secure systems in untrusted, distributed infrastructures. He received PhD from MIT, where he was a Microsoft PhD fellow. His academic advisor was Vinod Vaikuntanathan. His dissertation was on designing cryptographic tools for the cloud using lattice-based cryptography for which he received Sprowls Doctoral Thesis Prize for best PhD thesis in CS at MIT.
Abstract: Cloud computing has revolutionized modern IT
environments, but also created a number of security challenges.
For instance, a malicious infrastructure provider or a tenant
can potentially see other tenants data in a public cloud.
Encrypted memory enclaves (Intel SGX) is an emerging
architecture for building secure systems that can be used to
protect data and programs from malicious co-tenants, operators,
and even hypervisors. However, enclaves have a number of
architectural limitations that make building secure systems
challenging. For example, they have a small physical memory
size, introduce large performance overheads, and remain
vulnerable to side-channel attacks.
In this talk, I will discuss how to build secure systems from
memory enclaves, addressing some of their limitations. I will
present ZeroTrace an oblivious memory controller that can be
used to protect applications against side-channel attacks. I
will also present StealthDB an encrypted database system from
Intel SGX. StealthDB has a very small trusted computing base,
scales to large datasets, and provides strong security
guarantees at steady state and during query execution. StealthDB
is the first database that supports both analytical and
transactional queries and runs on top of an unmodified DBMS
engine.
bio:
Sergey is an Assistant Professor at the University of Waterloo. His interests range from cryptography to design of secure large scale systems, computer networks, protocols and blockchains. In his research he studies how to build secure systems in untrusted, distributed infrastructures. He received PhD from MIT, where he was a Microsoft PhD fellow. His academic advisor was Vinod Vaikuntanathan. His dissertation was on designing cryptographic tools for the cloud using lattice-based cryptography for which he received Sprowls Doctoral Thesis Prize for best PhD thesis in CS at MIT.