| dc.contributor.advisor | Yan, Mengjia | |
| dc.contributor.advisor | Devadas, Srini | |
| dc.contributor.author | Gomez-Garcia, Miguel | |
| dc.date.accessioned | 2023-07-31T19:54:17Z | |
| dc.date.available | 2023-07-31T19:54:17Z | |
| dc.date.issued | 2023-06 | |
| dc.date.submitted | 2023-06-06T16:34:42.898Z | |
| dc.identifier.uri | https://hdl.handle.net/1721.1/151629 | |
| dc.description.abstract | With the rise in cloud computing, it has become more critical than ever for remote users to get strong security guarantees to secure sensitive computation they run on untrusted machines. Enclaves or Trusted Execution Environments (TEEs) are a powerful trusted computing primitive that can address this problem; through carefully co-designed hardware and software mechanisms, enclaves enforce strong isolation and integrity properties. While many enclave implementations already exist, most do not consider the threat of microarchitectural side channels and transient execution attacks. And although one academic proposal – MI6 – has addressed this stronger threat model, these security guarantees often come at a cost of a more limited capability, as well as performance overheads. As a result, no industrial hardware vendor has made any announcement to include these attacks in their threat model.
This thesis presents research in improving the capabilities of side-channel-resistant enclaves through the addition of secure shared memory, providing a mechanism for enclave applications to communicate with outside processes while maintaining the same strong isolation security guarantees provided by MI6. This allows for the development of a wider range of enclave applications with a significant performance improvement compared to existing enclave communication mechanisms. We hope that this work will demonstrate that enclaves can maintain strong security properties while being able to run a wide range of expressive programs. | |
| dc.publisher | Massachusetts Institute of Technology | |
| dc.rights | In Copyright - Educational Use Permitted | |
| dc.rights | Copyright retained by author(s) | |
| dc.rights.uri | https://rightsstatements.org/page/InC-EDU/1.0/ | |
| dc.title | Implementing Secure Shared Memory for Side-Channel-Resistant Enclaves | |
| dc.type | Thesis | |
| dc.description.degree | M.Eng. | |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | |
| mit.thesis.degree | Master | |
| thesis.degree.name | Master of Engineering in Electrical Engineering and Computer Science | |
