Improving Security of Edge Devices by Offloading Computations to Remote, Trusted Execution Environments

In this thesis we aim to push forward the state-of-the-art security on instruction set architecture (ISA) heterogeneous systems by adopting an edge-computing approach. As the embedded devices market grows, such systems remain affected by a wide range of attacks and are particularly vulnerable to techniques that render the operating system or hypervisor untrusted. The usage of Trusted Execution Environments (TEEs) can help mitigate such threat model(s) immensely, but embedded devices rarely count with the hardware support required. To address this situation and enhance security on embedded devices, we present the RemoteTrust framework, which allows modest devices to offload secure computations on a remote server with hardware-level TEEs. To ease portability, we develop the framework on top of the open-source hardware-agnostic Open Enclave SDK. We evaluate the framework from a security and performance perspectives on a realistic infrastructure. In terms of security, we provide a list of CVEs that could potentially be mitigated by RemoteTrust, and we prevent the Heartbleed attack on a vulnerable server. From a performance perspective, we port C/C++ benchmarks of SPEC CPU 2017, two overhead microbenchmarks and five open-source applications, demonstrating small communication overhead (averaging less than 1 second per 100 remote single-parameter enclave calls).