skip to content

Department of Computer Science and Technology

Thursday, 16 July, 2020 - 15:00 to 16:00
Zahra Tarkhani, Computer Lab

Hardware-assisted trusted execution environments (TEEs) are
critical building blocks of many modern applications. However, there are
a growing number of attacks on TEE-enabled applications that exploit
insecure interactions of these security primitives on existing OSs.
Complex applications rely on many mechanisms on the host OS and TEE
system; their complex interactions open a large attack surface that
threatens both the trusted and untrusted worlds.
In this talk, I will first describe our solution, Sirius, the first OS
and TEE system to achieve system-wide isolation in TEEs. It enables
fine-grained compartmentalisation, strong isolation, and secure
interactions between enclaves and kernel objects (e.g., threads, address
spaces, IPC, files, and sockets). Then I will show how Sirius replaces
ad-hoc and inefficient forms of interactions in current TEE systems with
a principled approach that adds strong inter- and intra-process
isolation and efficiently eliminates a wide range of attacks.

Seminar series: 
Systems Research Group Seminar