Spring Semester 2022 – 2023
Semester Project for Master Students
1) Title: Dynamic Root of Trust in RISC-V
1) Title: Dynamic Root of Trust in RISC-V
Background
- Trusted Execution Environments (TEEs) and Remote Attestation
TEEs provide confidentiality and integrity guarantees to security sensitive applications by executing them in an environment isolated from the OS and other applications running on the system. Several components in the TEE framework are crucial to ensure the security guarantees that the TEE provides. These components form the trusted computing base (TCB) of the TEE framework.
Remote attestation [1] proves to the TEE clients that their application is indeed executing inside a TEE whose TCB hasn’t been tampered with. This involves computing a measurement of the TCB, and verifying that it is as expected. A signed remote attestation report is provided by the TEE (prover) to the clients (verifier).
Remote attestation [1] proves to the TEE clients that their application is indeed executing inside a TEE whose TCB hasn’t been tampered with. This involves computing a measurement of the TCB, and verifying that it is as expected. A signed remote attestation report is provided by the TEE (prover) to the clients (verifier).
- Root of Trust (RoT) and Trusted Platform Module (TPM)
When a system is reset, the RoT verifies the integrity of the bootloaders/firmware (secure boot) including the TCB. A TPM provides the required functionality to achieve this, for e.g. cryptographic primitives, key management and storage, secure hashing, measurement and attestation services.
Project Overview The RoT process described above occurs on each system reset, thereby establishing a chain of trust at boot stage. This is termed as static RoT (SRoT). Whereas, dynamic RoT (DRoT) involves trust establishment while the system is in running state (contrary to system reset). In one sentence, our aim is to provide DRoT for the TCB in our TEE framework for the RISC-V platform. We emulate RISC-V using QEMU and plan to integrate a TPM in QEMU for providing RoT.
Project goals
- Identify key features that existing TPM implementations which are compatible with RISC-V (OpenTitan, SWTPM (Software TPM), etc.) provide.
- Integrate the TPM with QEMU (creating an interface to use it if needed).
- Use the TPM to provide DRoT with the following security goals [2] in mind:
– Protect integrity of the measurement module.
– Confidentiality of private key used for signing the attestation report.
– Enable a secure communication channel between prover and verifier.
– Provide remote attestation.
Keywords: TEE (trusted execution environments), remote attestation, RISC-V, QEMU, TPM (trusted platform module), RoT (root of trust).
If you are interested in working on this project, please reach out to us by email.
This project is now no longer available during Spring 2023 due to high demand.
References
[1] Ménétrey et al., An Exploratory Study of Attestation Mechanisms for Trusted Execution Environments, SysTEX, ASPLOS 2022
[2] Shepherd et al. LIRA-V: Lightweight Remote Attestation for Constrained RISC-V Devices, IEEE SPW 2021
References
[1] Ménétrey et al., An Exploratory Study of Attestation Mechanisms for Trusted Execution Environments, SysTEX, ASPLOS 2022
[2] Shepherd et al. LIRA-V: Lightweight Remote Attestation for Constrained RISC-V Devices, IEEE SPW 2021
______________________________________________________________________
Semester Project for Master Students with good system knowledge
2) Title: Flexible Confidential Computing through Virtualization
ContextConfidential computing enables executing programs that manipulate confidential data securely, even on untrusted or uncontrolled platforms. For that purpose, a Trusted Execution Environment (TEE) is created on the host platform, for instance in a public cloud, and its integrity is the attested before granting access to confidential data.
There exists a lot of TEE, both from academic and industry, with different
designs and guarantees. Examples include Intel SGX, Arm TrustZone, AMD SEV-SNP and Intel TDX.## ProjectWe are developing a software-based TEE to demonstrate that only a small set of features are required to build higher-level TEEs such as the one available today. In other words, we are trying to find the minimal requirements for building TEEs.For this purpose, we are building an hypervisor in Rust for the Intel platform.
There exists a lot of TEE, both from academic and industry, with different
designs and guarantees. Examples include Intel SGX, Arm TrustZone, AMD SEV-SNP and Intel TDX.## ProjectWe are developing a software-based TEE to demonstrate that only a small set of features are required to build higher-level TEEs such as the one available today. In other words, we are trying to find the minimal requirements for building TEEs.For this purpose, we are building an hypervisor in Rust for the Intel platform.
We use technologies such as Intel VTX and interact with a TMP (Trusted Platform Module). Our hypervisor is capable of running Linux, and we devolop both user-space and kernel drivers to coordinate interaction between the two, in both C and Rust. Finally, we are also interested in formal verification to prove properties about our hypervisor.
If you are interested to work on one or more of the topics described above, you can reach to us directly and let us know what aspect of the project you would like to work on.
PhD student: Charly Castes ([email protected])
Prof. Bugnion: ([email protected])
This project is now no longer available during Spring 2023 due to high demand.