polito.it
Politecnico di Torino (logo)

Extending the Remote Attestation capabilities of the Enarx framework

Jacopo Catalano

Extending the Remote Attestation capabilities of the Enarx framework.

Rel. Antonio Lioy, Silvia Sisinni, Enrico Bravi. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2024

[img]
Preview
PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (3MB) | Preview
Abstract:

Recently, the Cloud Computing paradigm has significantly spread thanks to high-speed Internet connections, the standardization of digital technology and the wide adoption of mobile devices. The increasing usage of third-party cloud infrastructures poses considerable challenges in maintaining sensitive data confidential and processes trustworthy. As a result, several privacy-enhancing technologies have been developed, among which Confidential Computing aims to guarantee data protection in use. Among the various solutions proposed by Confidential Computing, Trusted Execution Environments (TEEs) succeed, offering a secure area where data and code can be securely processed and stored. Various TEE technologies from different vendors and with their specific implementations are now available. This makes trusted application development difficult for developers, requiring them to write and compile the application for each TEE supported. This thesis focuses specifically on the Enarx framework, an open-source and TEE-agnostic solution that adds an abstraction layer on top of the TEE technologies, permitting the development of applications unaware of which TEE will run. Enarx permits the deployment of workloads to various TEE instances in the public cloud, being CPU-architecture independent and guaranteeing the security of applications from cloud providers. Taking advantage of a WebAssembly runtime, Enarx can run workloads compiled from different programming languages (C, C++, Rust, Python, and others). The Enarx logic is loaded inside a TEE instance as a trusted application but needs to be attested before running a workload on it. To do so, Enarx leans on a remote attestation service which assesses the hardware's trustworthiness. Despite the attestation of the platform and the Enarx components, the chosen workload could be forged by a malicious software component running on the cloud provider machine. Therefore, the primary objective of this thesis is to propose an extension where Enarx is capable of signing the workload and verifying the signature before carrying on the deployment of the workload. To do so, a specific attestation service should be set up to corroborate the signature and give a response back to Enarx. Moreover, the next objective is to integrate the extended Enarx framework with the Trust Monitor system. The proposed extension to the Enarx framework is described along with validation and tests to evaluate the performance of the Enarx framework before and after the extension presented.

Relatori: Antonio Lioy, Silvia Sisinni, Enrico Bravi
Anno accademico: 2023/24
Tipo di pubblicazione: Elettronica
Numero di pagine: 79
Soggetti:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA
Aziende collaboratrici: NON SPECIFICATO
URI: http://webthesis.biblio.polito.it/id/eprint/31077
Modifica (riservato agli operatori) Modifica (riservato agli operatori)