Practical Applications of Client-Side Trusted Computing David Goltzsche, 2018-04-23 3rd year PhD student at distributed systems group, TU Braunschweig, Germany Research area: trusted execution, distributed systems Advisor: Rüdiger Kapitza
Overview Server Client Client Client 2018-04-23 David Goltzsche Practical Applications of Client-Side Trusted Computing Page 1
Overview Server Client Client Client 2018-04-23 David Goltzsche Practical Applications of Client-Side Trusted Computing Page 1
Overview Problem: offloading computations to untrusted clients is limited Server Client Client Client 2018-04-23 David Goltzsche Practical Applications of Client-Side Trusted Computing Page 1
Overview Problem: offloading computations to untrusted clients is limited Server Current best practice: avoidance of offloading or expensive recomputations x x Client Client x Client 2018-04-23 David Goltzsche Practical Applications of Client-Side Trusted Computing Page 1
Overview Problem: offloading computations to untrusted clients is limited Server Current best practice: avoidance of offloading or expensive recomputations Client Client Client 2018-04-23 David Goltzsche Practical Applications of Client-Side Trusted Computing Page 1
Overview Problem: offloading computations to untrusted clients is limited Server Current best practice: avoidance of offloading or expensive recomputations Goal: enable secure offloading using client-side trusted computing Client Client Client 2018-04-23 David Goltzsche Practical Applications of Client-Side Trusted Computing Page 1
Overview Problem: offloading computations to untrusted clients is limited Server Current best practice: avoidance of offloading or expensive recomputations Goal: enable secure offloading using client-side trusted computing Client Client Consequence: New paradigm for system design, because changed assumptions Client How can existing systems be redesigned ? Which entirely new use cases are possible? 2018-04-23 David Goltzsche Practical Applications of Client-Side Trusted Computing Page 1
Trusted Execution Environments How to make clients trusted ? TEE TEE Trusted Execution Environments (TEEs) Client Data and execution protection Memory encryption Remote attestation Application Enclave ecalls Implementations ocalls Intel SGX : available on commodity hardware Untrusted OS Other vendors expected to follow Trusted Untrusted Research: Komodo [Ferraiuolo et al., SOSP’17] CPU hardware 2018-04-23 David Goltzsche Practical Applications of Client-Side Trusted Computing Page 2
Use Cases of Client-Side TEEs JavaScript in Web Browsers @EuroSec’17 Browser TEE Problem: Recomputation in back-end of web application TEE Solution T rustJS : trusted client-side execution of JS JS 2018-04-23 David Goltzsche Practical Applications of Client-Side Trusted Computing Page 3
Use Cases of Client-Side TEEs JavaScript in Web Browsers @EuroSec’17 Browser TEE Problem: Recomputation in back-end of web application TEE Solution T rustJS : trusted client-side execution of JS JS Network Middleboxes @DSN’18 Problem: Client-side offloading not considered so far Server Solution EndBox : client-side middlebox functions TEE TEE Middlebox Client 2018-04-23 David Goltzsche Practical Applications of Client-Side Trusted Computing Page 3
Use Cases of Client-Side TEEs JavaScript in Web Browsers @EuroSec’17 Browser TEE Problem: Recomputation in back-end of web application TEE Solution T rustJS : trusted client-side execution of JS JS Network Middleboxes @DSN’18 Problem: Client-side offloading not considered so far Server Solution EndBox : client-side middlebox functions TEE TEE Volunteer Computing Systems Middlebox Client Problem: Jobs replicated to other clients to stop cheaters Solution TruVC : trusted volunteer computing 2018-04-23 David Goltzsche Practical Applications of Client-Side Trusted Computing Page 3
Recommend
More recommend