Title: Hardening and Adapting Trusted Execution Environments for Emerging Platforms

Date: Monday, July 22, 2024

Time: 10:00 AM - 12:00 PM ET

Location: CODA C0915 / Zoom

Fan Sang

Ph.D. Candidate

School of Cybersecurity and Privacy

College of Computing

Georgia Institute of Technology

Committee:

Prof. Taesoo Kim (advisor), School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Brendan D. Saltaformaggio, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Sukarno Mertoguno, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Ashish Kundu, Head of Cybersecurity Research, Cisco Research 

Dr. Xiaokuan Zhang, Department of Computer Science, George Mason University

Abstract

The rise of cloud computing, IoT, and edge computing has led users to often give up data control to third-party providers, raising security concerns. Trusted Execution Environments (TEEs), initially developed for cloud computing, create secure processor areas to protect sensitive data. However, TEEs are not yet integrated into emerging platforms due to their recency and ongoing development. Despite this, increasing security expectations and new privacy regulations necessitate adapting TEEs for these platforms. This thesis focuses on hardening and adapting TEEs for emerging platforms, particularly Virtual Reality (VR). 

To harden existing TEEs, this thesis presents SENSE, an architectural extension that allows TEE programs to subscribe to fine-grained microarchitectural events, thus improving the microarchitectural awareness of TEEs and enabling proactive defenses previously unfeasible. To understand VR security, this thesis introduces MIRAGE, a black-box fuzzing framework for commercial VR applications. MIRAGE features a virtual device driver that replicates VR devices for accurate session replays without hardware. It mutates VR inputs to simulate user interactions and evaluates quality of experience (QoE), detecting abnormalities. To enable TEEs on emerging platforms, this thesis finally presents PORTAL, a secure and efficient device I/O interface for Arm Confidential Compute Architecture (CCA) on modern mobile Arm processors, facilitating practical adoption on VR platforms. PORTAL addresses challenges due to memory encryption in the architectural trend of an increasing number of integrated devices within Arm processors. By leveraging Arm CCA’s memory isolation mechanism, PORTAL enforces hardware-level access control without memory encryption. PORTAL offers robust security guarantees while eliminating the overhead of memory encryption, maintaining the QoE crucial for interactive mobile platforms such as VR.