event
PhD Proposal by Fan Sang
Primary tabs
Title: Hardening and Adapting Trusted Execution Environments for Emerging Platforms
Date: Monday, December 4, 2023
Time: 11:00 AM - 1:00 PM ET
Location: CODA C0908 / Zoom
Fan Sang
Ph.D. Student
School of Cybersecurity and Privacy
College of Computing
Georgia Institute of Technology
Committee:
Prof. Taesoo Kim (advisor), School of Computer Science & School of Cybersecurity and Privacy, Georgia Institute of Technology
Dr. Daniel Genkin, School of Cybersecurity and Privacy, Georgia Institute of Technology
Dr. Brendan D. Saltaformaggio, School of Electrical and Computer Engineering & School of Cybersecurity and Privacy, Georgia Institute of Technology
Prof. Moinuddin K. Qureshi, School of Computer Science, Georgia Institute of Technology
Dr. Xiaokuan Zhang, Department of Computer Science, George Mason University
Abstract
The advancement of cloud computing, IoT, edge computing, and emerging platforms has resulted in users often relinquishing data control to third-party providers, raising security concerns. Trusted Execution Environments (TEEs), first developed for cloud computing, create secure areas within processors to protect sensitive data. However, the integration of TEEs into emerging platforms is absent, primarily due to their recency and ongoing development. Nevertheless, the growing users’ expectation for security and new privacy regulations make it crucial to adapt TEEs for emerging platforms. My thesis focuses on hardening and adapting TEEs for emerging platforms, particularly Extended Reality (XR).
First, to harden existing TEEs, I developed a program synthesis framework that optimally defends TEE programs against various side-channel attacks (SCAs) without conflict according to the target platform’s configuration. Furthermore, from a fundamental perspective, I proposed an architectural extension that allows TEE programs to subscribe to fine-grained microarchitectural events, enabling proactive defenses previously unfeasible.
Second, to understand the security implications of XR, I designed a black-box fuzzing framework for proprietary XR applications. This framework includes a virtual device driver that simulates physical XR devices, eliminating the need for physical hardware in testing. It dynamically synchronizes recorded user interactions with live sessions, accommodating the non-deterministic nature of XR environments, and employs a Large Language Model (LLM) for mutation and bug checking, aligning recordings with the application’s semantics and detecting inconsistencies between user interactions and application behavior.
Finally, I propose a preliminary design for integrating TEEs into XR platforms, in which I will adapt ARM Confidential Compute Architecture (CCA) for state-of-the-art XR implementations. This integration aims to secure user inputs, controller interactions, and visual/audio data, focusing on maintaining the quality of experience, such as responsiveness and immersiveness, crucial for highly interactive platforms like XR.
Groups
Status
- Workflow Status:Published
- Created By:Tatianna Richardson
- Created:11/30/2023
- Modified By:Tatianna Richardson
- Modified:11/30/2023
Categories
Keywords
Target Audience