GGrantIndex
← Search

CRII: SaTC: Enforcing Expressive Security Policies using Trusted Execution Environments

$194,999FY2024CSENSF

University Of Massachusetts Lowell, Lowell MA

Investigators

Abstract

Recent advances in secure hardware architectures—such as the Intel SGX and ARM TrustZone—offer a great potential to build security-critical applications operating on sensitive data such as passwords, credit cards, etc. They support enclaves — secure memory regions that enable isolated execution of those parts of the applications that use the sensitive data. Enclaves can enforce a variety of security policies such as always erasing sensitive data after use. However, using enclaves requires greater programming expertise and this limits their wide-spread adoption. This effort advances the state-of-the-art for building secure systems by automatically placing the security-critical parts of an application inside enclaves, reducing the challenges for the programmer. We will implement this system to support modern application platforms that often distribute application processing across multiple platforms, for example, an application that runs on an Automatic Teller Machine (ATM) and also on data center servers in the cloud to which the ATM is connected. This project includes education and mentorship of undergraduate and graduate students.   Language-based security mechanisms—such as the security type systems for information-flow control— can express and enforce security requirements at the application-level. However, the security guarantees enforced by the language-based security mechanisms break down in the presence of powerful low-level attackers that are not bound by the language-level abstractions, for example, attackers that are capable of injecting arbitrary code to extract secrets. Trusted Execution Environments (TEEs)—such as Intel SGX, AMD SEV, ARM TrustZone, and Sanctum — offer strong architectural protection mechanisms for isolated execution and remote code attestation. To this end, they provide isolated regions of memory, referred to as enclaves, that offer confidentiality even in the presence of a privileged kernel-level attacker. Our work aims to enforce expressive security policies using secure TEE enclaves. First, we propose to build a compiler for LLVM intermediate representation that automatically infers enclave regions and enforces application-specific security against powerful attackers. The inferred enclave regions will then be translated to machine-specific TEE instructions. We plan to support multiple backends (e.g., Intel SGX and ARM TrustZone). Second, we propose to build DFLATE, a system with distributed enclaves that offers robust confidentiality and integrity guarantees with respect to an expressive security specification. Notably, DFLATE supports security policies that involves principal groups (e.g., reading a secret requires the permission of both Alice and Bob). We propose a novel approach to use advanced cryptographic techniques such as threshold encryption and ring signatures to implement such group-level policies. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →