polito.it
Politecnico di Torino (logo)

Analysis of TEE technologies as trust anchors

Simone Vuillermoz

Analysis of TEE technologies as trust anchors.

Rel. Antonio Lioy, Ignazio Pedone. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022

[img]
Preview
PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (8MB) | Preview
Abstract:

In recent years, Cloud Computing has become an increasingly widespread paradigm within ICT infrastructures, introducing lots of benefits such as cost savings and higher performances. On the other hand, however, this new paradigm introduced new threats and vulnerabilities menacing the reliability of the nodes over the Cloud. To mitigate these kinds of risks, such as possible attacks on the software integrity of a node, different techniques were proposed in literature over the years. The concept of Remote Attestation (RA), in particular, allows the hardware and software of a host (called Attester or Prover) to be authenticated through another remote host (called Verifier), allowing the definition of the state of integrity of the node. In the literature, there are several studies and proposals for RA techniques based on secure hardware, such as Trusted Platform Module or Trusted Execution Environments (TEEs) or software. However, the TEE’s world is still at an early stage, and still has several problems, such as the difficulty of customization. The thesis work, therefore, started with an analysis of the principals TEEs on the market, highlighting their strengths, and weaknesses. The analysis included the study of Keystone Enclave, the first framework for creating customizable TEEs. This technology heavily relies on hardware with support to RISC-V, an Instruction Set Architecture (ISA) becoming very popular in the commercial world. Therefore, the final purpose of this thesis work is to present a first design and implementation of an RA Framework for RISC-V-based nodes over the Cloud. The solution proposed allows the registration and the attestation of nodes whose only constraint is to support Keystone Enclave, a still young technology, but which has already revolutionized the world of TEEs.

Relators: Antonio Lioy, Ignazio Pedone
Academic year: 2022/23
Publication type: Electronic
Number of Pages: 96
Subjects:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: UNSPECIFIED
URI: http://webthesis.biblio.polito.it/id/eprint/25615
Modify record (reserved for operators) Modify record (reserved for operators)