Trust less : shrinking the trusted parts of trusted systems
Author(s)Lebedev, Ilia Andreevich.
Shrinking the trusted parts of trusted systems
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
MetadataShow full item record
Modern computers, industrial control systems, and other automation are broadly vulnerable as a result of decades of systemic forces that have prioritized cost and performance over security. Computers across the board face a crisis in the form of motivated software adversaries with access to our imperfect and enormously complex software. Considering these weaknesses, trust in modern computing systems is often not well-placed. Looking ahead to a shift in our collective priorities, this thesis is centered around a rigorous discussion of hardware-assisted isolation and enclaves -- authenticated software modules -- as a means to drastically reduce the complexity of trusted systems. By allowing trustworthy enclaved software to co-exist with, but remain strongly isolated from, existing software, we enable a gentle transition toward trustworthy systems. Specifically, this thesis refines formal definitions of enclaved execution and threat model via a series of hardware and software co-designs. These case studies explore enclave processors with small trusted computing bases spanning a gradient from an embedded SoC to a modern high-performance processor. This work is complementary to, and enables more effective application of, many powerful ideas such as information flow control, formal verification, multi-party computation, and other tools for trustworthy computing.
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2020Cataloged from PDF of thesis.Includes bibliographical references (pages 213-227).
DepartmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Massachusetts Institute of Technology
Electrical Engineering and Computer Science.