Improving Security of Edge Devices by Offloading Computations to Remote, Trusted Execution Environments

dc.contributor.authorBilbao Munoz, Carlosen
dc.contributor.committeechairRavindran, Binoyen
dc.contributor.committeememberStavrou, Angelosen
dc.contributor.committeememberNikolaev, Ruslanen
dc.contributor.departmentElectrical and Computer Engineeringen
dc.date.accessioned2022-01-12T04:41:35Zen
dc.date.available2022-01-12T04:41:35Zen
dc.date.issued2022-01-11en
dc.description.abstractIn this thesis we aim to push forward the state-of-the-art security on instruction set architecture (ISA) heterogeneous systems by adopting an edge-computing approach. As the embedded devices market grows, such systems remain affected by a wide range of attacks and are particularly vulnerable to techniques that render the operating system or hypervisor untrusted. The usage of Trusted Execution Environments (TEEs) can help mitigate such threat model(s) immensely, but embedded devices rarely count with the hardware support required. To address this situation and enhance security on embedded devices, we present the RemoteTrust framework, which allows modest devices to offload secure computations on a remote server with hardware-level TEEs. To ease portability, we develop the framework on top of the open-source hardware-agnostic Open Enclave SDK. We evaluate the framework from a security and performance perspectives on a realistic infrastructure. In terms of security, we provide a list of CVEs that could potentially be mitigated by RemoteTrust, and we prevent the Heartbleed attack on a vulnerable server. From a performance perspective, we port C/C++ benchmarks of SPEC CPU 2017, two overhead microbenchmarks and five open-source applications, demonstrating small communication overhead (averaging less than 1 second per 100 remote single-parameter enclave calls).en
dc.description.abstractgeneralWe develop software that can be leveraged to secure an embedded device (reduced-size computer) using features only present in more powerful systems such as a server. This requires developing and extending source code for ISA-heterogeneous (different instruction sets) systems. Our thesis is then evaluated on a realistic setup, using the type of device (a Raspberry Pi v4) that the framework is intended for. We demonstrate our framework can help secure devices without paying a high price in performance.en
dc.description.degreeMaster of Scienceen
dc.format.mediumETDen
dc.identifier.othervt_gsexam:33477en
dc.identifier.urihttp://hdl.handle.net/10919/107554en
dc.language.isoenen
dc.publisherVirginia Techen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjectSecurityen
dc.titleImproving Security of Edge Devices by Offloading Computations to Remote, Trusted Execution Environmentsen
dc.typeThesisen
thesis.degree.disciplineComputer Engineeringen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.levelmastersen
thesis.degree.nameMaster of Scienceen

Files

Original bundle
Now showing 1 - 2 of 2
Loading...
Thumbnail Image
Name:
Bilbao_Munoz_C_T_2022.pdf
Size:
3.01 MB
Format:
Adobe Portable Document Format
Loading...
Thumbnail Image
Name:
Bilbao_Munoz_C_T_2022_support_1.pdf
Size:
34.45 KB
Format:
Adobe Portable Document Format
Description:
Supporting documents

Collections