Дисертації з теми "Trusted Execution Environments (TEEs)"
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-15 дисертацій для дослідження на тему "Trusted Execution Environments (TEEs)".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте дисертації для різних дисциплін та оформлюйте правильно вашу бібліографію.
Cole, Nigel. "Arguing Assurance in Trusted Execution Environments using Goal Structuring Notation." Thesis, Linköpings universitet, Programvara och system, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-177923.
Повний текст джерелаDa, Silva Mathieu. "Securing a trusted hardware environment (Trusted Execution Environment)." Thesis, Montpellier, 2018. http://www.theses.fr/2018MONTS053/document.
Повний текст джерелаThis work is part of the Trusted Environment Execution eVAluation (TEEVA) project (French project FUI n°20 from January 2016 to December 2018) that aims to evaluate two alternative solutions for secure mobile platforms: a purely software one, the Whitebox Crypto, and a TEE solution, which integrates software and hardware components. The TEE relies on the ARM TrustZone technology available on many of the chipsets for the Android smartphones and tablets market. This thesis focuses on the TEE architecture. The goal is to analyze potential threats linked to the test/debug infrastructures classically embedded in hardware systems for functional conformity checking after manufacturing.Testing is a mandatory step in the integrated circuit production because it ensures the required quality and reliability of the devices. Because of the extreme complexity of nowadays integrated circuits, test procedures cannot rely on a simple control of primary inputs with test patterns, then observation of produced test responses on primary outputs. Test facilities must be embedded in the hardware at design time, implementing the so-called Design-for-Testability (DfT) techniques. The most popular DfT technique is the scan design. Thanks to this test-driven synthesis, registers are connected in one or several chain(s), the so-called scan chain(s). A tester can then control and observe the internal states of the circuit through dedicated scan pins and components. Unfortunately, this test infrastructure can also be used to extract sensitive information stored or processed in the chip, data strongly correlated to a secret key for instance. A scan attack consists in retrieving the secret key of a crypto-processor thanks to the observation of partially encrypted results.Experiments have been conducted during the project on the demonstrator board with the target TEE in order to analyze its security against a scan-based attack. In the demonstrator board, a countermeasure is implemented to ensure the security of the assets processed and saved in the TEE. The test accesses are disconnected preventing attacks exploiting test infrastructures but disabling the test interfaces for testing, diagnosis and debug purposes. The experimental results have shown that chips based on TrustZone technology need to implement a countermeasure to protect the data extracted from the scan chains. Besides the simple countermeasure consisting to avoid scan accesses, further countermeasures have been developed in the literature to ensure security while preserving test and debug facilities. State-of-the-art countermeasures against scan-based attacks have been analyzed. From this study, we investigate a new proposal in order to preserve the scan chain access while preventing attacks, and to provide a plug-and-play countermeasure that does not require any redesign of the scanned circuit while maintaining its testability. Our solution is based on the encryption of the test communication, it provides confidentiality of the communication between the circuit and the tester and prevents usage from unauthorized users. Several architectures have been investigated, this document also reports pros and cons of envisaged solutions in terms of security and performance
Mishra, Tanmaya. "Parallelizing Trusted Execution Environments for Multicore Hard Real-Time Systems." Thesis, Virginia Tech, 2019. http://hdl.handle.net/10919/89889.
Повний текст джерелаMaster of Science
Real-Time systems are computing systems that not only maintain the traditional purpose of any computer, i.e, to be logically correct, but also timeliness, i.e, guaranteeing an output in a given amount of time. While, traditionally, real-time systems were isolated to reduce interference which could affect the timeliness, modern real-time systems are being increasingly connected to the internet. Many real-time systems, especially those used for critical applications like industrial control or military equipment, contain sensitive code or data that must not be divulged to a third party or open to modification. In such cases, it is necessary to use methods to safeguard this information, regardless of the extra processing time/resource consumption (overheads) that it may add to the system. Modern hardware support Trusted Execution Environments (TEEs), a cheap, easy and robust mechanism to secure arbitrary pieces of code and data. To effectively use TEEs in a real-time system, the scheduling policy which decides which task to run at a given time instant, must be made aware of TEEs and must be modified to take as much advantage of TEE execution while mitigating the effect of its overheads on the timeliness guarantees of the system. This thesis presents an approach to schedule TEE augmented code and simulation results of two previously proposed approaches.
Fischer, Andreas [Verfasser]. "Computing on encrypted data using trusted execution environments / Andreas Fischer." Paderborn : Universitätsbibliothek, 2021. http://d-nb.info/1234058790/34.
Повний текст джерелаElbashir, Khalid. "Trusted Execution Environments for Open vSwitch : A security enabler for the 5G mobile network." Thesis, KTH, Radio Systems Laboratory (RS Lab), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-218070.
Повний текст джерелаFramkomsten av virtualisering införde behovet av virtuella växlar för att koppla tillsammans virtuella maskiner placerade i molninfrastruktur. Med mjukvarubaserad nätverksteknik (SDN), kan ett centralt styrenhet konfigurera dessa virtuella växlar. Virtuella växlar kör på standardoperativsystem. Open vSwitch är ett open-source projekt som ofta används i molntjänster. Om en motståndare får tillgång med fullständiga privilegier till operativsystemet där Open vSwitch körs, blir Open vSwitch utsatt för olika attacker som kan kompromettera hela nätverket. Syftet med detta examensarbete är att förbättra säkerheten hos Open vSwitch för att garantera att endast autentiserade växlar och styrenheter kan kommunicera med varandra, samtidigt som att upprätthålla kod integritet och konfidentialitet av nycklar och certifikat. Detta examensarbete föreslår en design och visar en implementation som andvändar Intel®s Safe Guard Extensions (SGX) teknologi. Ett nytt bibliotek, TLSonSGX, är implementerat. Detta bibliotek ersätter biblioteket OpenSSL i Open vSwitch. Utöver att det implementerar ett standard “Transport Layer Security” (TLS) anslutning, TLSonSGX begränsar TLS kommunikation i den skyddade minnes enklaven och skyddar därför TLS känsliga komponenter som är nödvändiga för att ge sekretess och integritet, såsom privata nycklar och förhandlade symmetriska nycklar. Dessutom introducerar TLSonSGX nya, säkra och automatiska medel för att generera nycklar och få signerade certifikat från en central certifikatmyndighet som validerar, med hjälp av Linux Integrity Measurements Architecture (IMA), att Open vSwitch-binärerna inte har manipulerats innan de utfärdade ett signerat certifikat. De genererade nycklarna och erhållna certifikat lagras i minnes enklaven och är därför aldrig utsatta utanför enklaven. Denna nya mekanism ersätter de manuella och osäkra procedurerna som beskrivs i Open vSwitch projektet. En säkerhetsanalys av systemet ges såväl som en granskning av prestandaffekten av användningen av en pålitlig exekveringsmiljö. Resultaten visar att använda TLSonSGX för att generera nycklar och certifikat tar mindre än 0,5 sekunder medan det lägger 30% latens overhead för det första paketet i ett flöde jämfört med att använda OpenSSL när båda exekveras på Intel® Core TM processor i7-6600U klockad vid 2,6 GHz. Dessa resultat visar att TLSonSGX kan förbättra Open vSwitch säkerhet och minska TLS konfigurationskostnaden.
Sundblad, Anton, and Gustaf Brunberg. "Secure hypervisor versus trusted execution environment : Security analysis for mobile fingerprint identification applications." Thesis, Linköpings universitet, Databas och informationsteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-139227.
Повний текст джерелаDhar, Siddharth. "Optimizing TEE Protection by Automatically Augmenting Requirements Specifications." Thesis, Virginia Tech, 2020. http://hdl.handle.net/10919/98730.
Повний текст джерелаMaster of Science
An increasing number of software systems must safeguard their confidential data like passwords, payment information, personal details, etc. This confidential information is commonly protected using a Trusted Execution Environment (TEE), an isolated environment provided by either the existing processor or separate hardware that interacts with the operating system to secure sensitive data and code. Unfortunately, TEE protection incurs heavy performance costs, with TEEs being slower than modern processors and frequent communication between the system and the TEE incurring heavy performance overhead. We discovered that developers often put code and data into TEE for convenience rather than protection purposes, thus not only hurting performance but also reducing the effectiveness of TEE protection. By thoroughly examining a project's features in the Requirements Engineering phase, which defines the project's functionalities, developers would be able to understand which features handle confidential data. To that end, we present a novel approach that incorporates TEEs in the Requirements Engineering phase by means of Natural Language Processing (NLP) tools to categorize the project requirements that may warrant TEE protection. Our approach takes as input a project's requirements and outputs a list of categorized requirements defining which requirements are likely to make use of confidential information. Our evaluation results indicate that our approach performs this categorization with a high degree of accuracy to incorporate safeguarding the confidentiality related features in the Requirements Engineering phase.
Fuhry, Benny [Verfasser], and Frederik [Akademischer Betreuer] Armknecht. "Secure and efficient processing of outsourced data structures using trusted execution environments / Benny Fuhry ; Betreuer: Frederik Armknecht." Mannheim : Universitätsbibliothek Mannheim, 2021. http://d-nb.info/1229835911/34.
Повний текст джерелаLim, Steven. "Recommending TEE-based Functions Using a Deep Learning Model." Thesis, Virginia Tech, 2021. http://hdl.handle.net/10919/104999.
Повний текст джерелаMaster of Science
Improving the security of software systems has become critically important. A trusted execution environment (TEE) is an emerging technology that can help secure software that uses or stores confidential information. To make use of this technology, developers need to identify which pieces of code handle confidential information and should thus be placed in a TEE. However, this process is costly and laborious because it requires the developers to understand the code well enough to make the appropriate changes in order to incorporate a TEE. This process can become challenging for large software that contains millions of lines of code. To help reduce the cost incurred in the process of identifying which pieces of code should be placed within a TEE, this thesis presents ML-TEE, a recommendation system that uses a deep learning model to help reduce the number of lines of code a developer needs to inspect. Our results show that the recommendation system achieves high accuracy as well as a good balance between precision and recall. In addition, we conducted a pilot study and found that participants from the intervention group who used the output from the recommendation system managed to achieve a higher average accuracy and perform the assigned task faster than the participants in the control group.
Arfaoui, Ghada. "Conception de protocoles cryptographiques préservant la vie privée pour les services mobiles sans contact." Thesis, Orléans, 2015. http://www.theses.fr/2015ORLE2013/document.
Повний текст джерелаThe increasing number of worldwide mobile platforms and the emergence of new technologies such as the NFC (Near Field Communication) lead to a growing tendency to build a user's life depending on mobile phones. This context brings also new security and privacy challenges. In this thesis, we pay further attention to privacy issues in NFC services as well as the security of the mobile applications private data and credentials namely in Trusted Execution Environments (TEE). We first provide two solutions for public transport use case: an m-pass (transport subscription card) and a m-ticketing validation protocols. Our solutions ensure users' privacy while respecting functional requirements of transport operators. To this end, we propose new variants of group signatures and the first practical set-membership proof that do not require pairing computations at the prover's side. These novelties significantly reduce the execution time of such schemes when implemented in resource constrained environments. We implemented the m-pass and m-ticketing protocols in a standard SIM card: the validation phase occurs in less than 300ms whilst using strong security parameters. Our solutions also work even when the mobile is switched off or the battery is flat. When these applications are implemented in TEE, we introduce a new TEE migration protocol that ensures the privacy and integrity of the TEE credentials and user's private data. We construct our protocol based on a proxy re-encryption scheme and a new TEE model. Finally, we formally prove the security of our protocols using either game-based experiments in the random oracle model or automated model checker of security protocols
Leijonberg, Carl. "The Viability of Using Trusted Execution Environments to Protect Data in Node-RED : A study on using AMD-SEV and Intel SGX to protect sensitive data when Node-RED is deployed on the cloud." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-295763.
Повний текст джерелаInternet of Things (IoT) är en nätverk av fysiska enheter som är sammankopplade via internet för att kunna skicka data till andra fysiska enheter eller system. IoTplattformar, som Node-RED, har utvecklats för att förenkla kommunikationen mellan olika IoT- enheter. Att köra Node-RED på en molntjänst kan leda till att sekretessen av känslig data på Node-RED blir kränkt av en attack mot molntjänsten. Det är på grund av att användarna av Node-RED är tvungna att tillförlita deras känsliga data till molntjänsten, som deras data kan bli kränkt. Detta problem kan förminskas genom att användarna utnyttjar trusted execution environments som AMD-SEV och Intel SGX för att skydda sin känsliga data på molntjänsten. I denna avhandling, undersöks det om AMDSEV och Intel SGX kan användas för att skydda data i Node-RED när den körs på en molntjänst. Användarvänligheten av att köra Node-RED med AMD-SEV och Intel SGX undersöks genom att uppskatta hur komplicerad denna process är. Flera tester genomförs också för att mäta vilken påverkan AMD-SEV har på prestandan av Node-RED. En litteraturöversikt genomförs också för att undersöka potentiella sårbarheter i AMD-SEV och Intel SGX som skulle kunna utnyttjas för att komma åt känslig data i Node-RED. Resultaten från avhandlingen visar att AMD-SEV kan vara användbart för att skydda känslig data i Node-RED när den körs på en molntjänst. AMDSEV är väldigt användarvänlig när Node-RED ska köras. AMD-SEV har en märkbar påverkan på prestandan av processorn och TCP- genomströmning, men för de andra faktorerna som mäts har AMD-SEV ingen större påverkan. Litteraturöversikten finner inga sårbarheter som är tillräckligt farliga för att göra AMD-SEV oanvändbar för att skydda känslig data iNode-RED. Resultaten från avhandlingen visar dock att Intel SGX inte är särskilt användbar för att skydda känslig data i Node-RED när den körs på en molntjänst. Detta är främst för att det är väldigt komplicerat att köra Node-RED i en Intel SGX enklav från en användarvänlighet synpunkt. De flesta av Node-REDs användare skulle finna det för komplicerat att använda Intel SGX för att skydda sin känsliga data. Litteraturöversikten finner inga sårbarheter allvarliga nog för att göra Intel SGX oanvändbar.
Moghimi, Ahmad. "Side-Channel Attacks on Intel SGX: How SGX Amplifies The Power of Cache Attack." Digital WPI, 2017. https://digitalcommons.wpi.edu/etd-theses/399.
Повний текст джерелаSabt, Mohamed. "Outsmarting smartphones : trust based on provable security and hardware primitives in smartphones architectures." Thesis, Compiègne, 2016. http://www.theses.fr/2016COMP2320.
Повний текст джерелаThe landscape of mobile devices has been changed with the introduction of smartphones. Sincetheir advent, smartphones have become almost vital in the modern world. This has spurred many service providers to propose access to their services via mobile applications. Despite such big success, the use of smartphones for sensitive applications has not become widely popular. The reason behind this is that users, being increasingly aware about security, do not trust their smartphones to protect sensitive applications from attackers. The goal of this thesis is to strengthen users trust in their devices. We cover this trust problem with two complementary approaches: provable security and hardware primitives. In the first part, our goal is to demonstrate the limits of the existing technologies in smartphones architectures. To this end, we analyze two widely deployed systems in which careful design was applied in order to enforce their security guarantee: the Android KeyStore, which is the component shielding users cryptographic keys in Android smartphones, and the family of Secure Channel Protocols (SCPs) defined by the GlobalPlatform consortium. Our study relies on the paradigm of provable security. Despite being perceived as rather theoretical and abstract, we show that this tool can be handily used for real-world systems to find security vulnerabilities. This shows the important role that can play provable security for trust by being able to formally prove the absence of security flaws or to identify them if they exist. The second part focuses on complex systems that cannot cost-effectively be formally verified. We begin by investigating the dual-execution-environment approach. Then, we consider the case when this approach is built upon some particular hardware primitives, namely the ARM TrustZone, to construct the so-called Trusted Execution Environment (TEE). Finally, we explore two solutions addressing some of the TEE limitations. First, we propose a new TEE architecture that protects its sensitive data even when the secure kernel gets compromised. This relieves service providers of fully trusting the TEE issuer. Second, we provide a solution in which TEE is used not only for execution protection, but also to guarantee more elaborated security properties (i.e. self-protection and self-healing) to a complex software system like an OS kernel
Reis, João Carlos Cristo. "TREDIS – A Trusted Full-Fledged SGX-Enabled REDIS Solution." Master's thesis, 2020. http://hdl.handle.net/10362/116775.
Повний текст джерелаA transição de suporte de aplicações com armazenamento e processamento em servidores cloud é uma tendência que tem vindo a aumentar, principalmente quando se precisam de gerir grandes conjuntos de dados. Comparativamente a soluções com licenciamento privado, as soluções de computação e armazenamento de dados em nuvens de serviços são capazes de oferecer opções mais baratas, de alta disponibilidade, elásticas e relativa mente confiáveis. Estas soluções fornecidas por terceiros são facilmente acessíveis através da Internet, sendo operadas em regime de outsourcing da sua operação, o que é bom, mas que por isso ficam consideravelmente expostos a ataques e fora do controle dos utiliza dores em relação às reais condições de confiabilidade, segurança e privacidade de dados. Ao explorar subtilmente vulnerabilidades presentes nas aplicações, funções de sistemas operativos (SOs), bibliotecas de virtualização de serviços de SOs ou hipervisores, um ata cante pode comprometer os sistemas e quebrar a privacidade de dados sensíveis. Estes ataques podem ser motivados por fins maliciosos como espionagem, chantagem, roubo de identidade ou assédio e podem ser desencadeados por intrusões (a partir de atacantes externos) ou por ações maliciosas ou incorretas de atacantes internos (podendo estes atuar com privilégios de administradores de sistemas). Uma solução para este problema passa por armazenar e processar a informação sem que existam exposições face a componentes não confiáveis. Nesta dissertação estudamos e avaliamos experimentalmente diversas tecnologias que permitem a execução de aplicações com isolamento em ambientes de execução confiá vel suportados em hardware Intel-SGX, de modo a perceber melhor como funcionam e como adaptá-las à nossa solução. Para isso, realizámos uma avaliação focada na utilização dessas tecnologias com virtualização em contentores isolados executando em hardware confiável, que usámos na concepção da nossa solução. Posto isto, apresentamos a nossa solução TREDIS - um sistema Key-Value Store confiável baseado em tecnologia REDIS, com garantias de integridade da execução e de privacidade de dados, concebida para ser usada como uma "Plataforma como Serviço"para gestão e armazenamento resiliente de dados na nuvem. Isto inclui a possibilidade de suportar uma arquitetura segura com garantias de resiliência semelhantes à arquitetura de replicação em cluster na solução original REDIS, mas em que os motores de execução de nós e a proteção de memória do cluster é baseado em contentores docker isolados e virtualizados em instâncias SGX, sendo os dados mantidos sempre cifrados em memória.
(9113975), Savvas Savvides. "PRACTICAL CONFIDENTIALITY-PRESERVING DATA ANALYTICS IN UNTRUSTED CLOUDS." Thesis, 2020.
Знайти повний текст джерелаCloud computing offers a cost-efficient data analytics platform. This is enabled by constant innovations in tools and technologies for analyzing large volumes of data through distributed batch processing systems and real-time data through distributed stream processing systems. However, due to the sensitive nature of data, many organizations are reluctant to analyze their data in public clouds. To address this stalemate, both software-based and hardware-based solutions have been proposed yet all have substantial limitations in terms of efficiency, expressiveness, and security. In this thesis, we present solutions that enable practical and expressive confidentiality- preserving batch and stream-based analytics. We achieve this by performing computations over encrypted data using Partially Homomorphic Encryption (PHE) and Property-Preserving Encryption (PPE) in novel ways, and by utilizing remote or Trusted Execution Environment (TEE) based trusted services where needed.
We introduce a set of extensions and optimizations to PHE and PPE schemes and propose the novel abstraction of Secure Data Types (SDTs) which enables the application of PHE and PPE schemes in ways that improve performance and security. These abstractions are leveraged to enable a set of compilation techniques making data analytics over encrypted data more practical. When PHE alone is not expressive enough to perform analytics over encrypted data, we use a novel planner engine to decide the most efficient way of utilizing client-side completion, remote re-encryption, or trusted hardware re-encryption based on Intel Software Guard eXtensions (SGX) to overcome the limitations of PHE. We also introduce two novel symmetric PHE schemes that allow arithmetic operations over encrypted data. Being symmetric, our schemes are more efficient than the state-of-the-art asymmetric PHE schemes without compromising the level of security or the range of homomorphic operations they support. We apply the aforementioned techniques in the context of batch data analytics and demonstrate the improvements over previous systems. Finally, we present techniques designed to enable the use of PHE and PPE in resource-constrained Internet of Things (IoT) devices and demonstrate the practicality of stream processing over encrypted data.