Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders

Publikation: Beitrag in Buch/Konferenzbericht/Sammelband/GutachtenBeitrag in KonferenzbandBeigetragenBegutachtung

Beitragende

Abstract

Trust is arguably the most important challenge for
critical services both deployed as well as accessed remotely over
the network. These systems are exposed to a wide diversity of
threats, ranging from bugs to exploits, active attacks, rogue oper-
ators, or simply careless administrators. To protect such applic-
ations, one needs to guarantee that they are properly configured
and securely provisioned with the “secrets” (e.g., encryption
keys) necessary to preserve not only the confidentiality, integrity
and freshness of their data but also their code. Furthermore,
these secrets should not be kept under the control of a single
stakeholder—which might be compromised and would represent
a single point of failure—and they must be protected across
software versions in the sense that attackers cannot get access to
them via malicious updates. Traditional approaches for solving
these challenges often use ad hoc techniques and ultimately rely
on a hardware security module (HSM) as root of trust. We
propose a more powerful and generic approach to trust man-
agement that instead relies on trusted execution environments
(TEEs) and a set of stakeholders as root of trust. Our system,
PALÆMON, can operate as a managed service deployed in an
untrusted environment, i.e., one can delegate its operations to an
untrusted cloud provider with the guarantee that data will remain
confidential despite not trusting any individual human (even
with root access) nor system software. PALÆMON addresses in a
secure, efficient and cost-effective way five main challenges faced
when developing trusted networked applications and services.
Our evaluation on a range of benchmarks and real applications
shows that PALÆMON performs efficiently and can protect secrets
of services without any change to their source code.

Details

OriginalspracheEnglisch
TitelArXiv
Seitenumfang13
PublikationsstatusVeröffentlicht - 2020
Peer-Review-StatusJa

Konferenz

Titel2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
KurztitelIEEE/IFIP
Veranstaltungsnummer
Dauer29 Juni 2020
BekanntheitsgradInternationale Veranstaltung
OrtValencia
StadtValencia
LandSpanien

Externe IDs

Scopus 85090402891

Schlagworte

Forschungsprofillinien der TU Dresden

DFG-Fachsystematik nach Fachkollegium