Date: Tuesday, June 6, 2023 at 11 a.m.
Location: EV 1.162
Abstract
Outsourcing computing to a remote processor is popular and compelling. Cryptographic techniques like homomorphic encryption allow a client to outsource computation on sensitive data while ensuring that the data cannot be leaked. However, such techniques incur substantial computation and communication costs. Leveraging hardware assistance to efficiently ensure security is thus an attractive proposition. Trusted Execution Environments (TEEs), which saw widespread deployment in the early 2000s by mobile device manufacturers to run sensitive computations on commodity devices, can help to realize secure outsourced computing. But the security guarantees provided by traditional TEEs have been called into question by various recent attacks that exploit the inherent complexity of modern hardware and software. In this talk, I will describe Blinded Memory (BliMe): on-going work by my students to design minimal processor extensions that can help to efficiently realize secure outsourced computing. BliMe consists of a minimal set of Instruction Set Architecture (ISA) extensions that use taint-tracking to ensure confidentiality of sensitive (client) data even in the presence of server malware, run-time attacks, or side-channel attacks. To secure outsourced computation, BliMe extensions can be used together with an attestable, fixed-function hardware security module (HSM) and an encryption engine that provides atomic decrypt-and-taint and encrypt-and-untaint operations. I will describe the overall architecture, the current status of the work, and the challenges we face.
Biography
Dr. N. Asokan is a Professor of Computer Science at the University of Waterloo (since 2019) where he holds a David R. Cheriton Chair and serves as the Executive Director of the Waterloo Cybersecurity and Privacy Institute. He is also an adjunct professor at Aalto University, where he was the founding director of the Helsinki-Aalto Institute for Cybersecurity. He was a Professor of Computer Science at Aalto University from 2013 to 2019 and at the University of Helsinki from 2012 to 2017. Asokan's primary research theme is systems security broadly, including topics like the development and use of novel platform security features, applying cryptographic techniques to design secure protocols for distributed systems, applying machine learning techniques to security/privacy problems, and understanding/addressing the security and privacy of machine learning applications themselves. He is an ACM Fellow and an IEEE Fellow. For more information about Asokan's work, please see his website at https://asokan.org/asokan/ or follow him on twitter @nasokan.