Improving Security of Edge Devices by Offloading Computations to Remote, Trusted Execution Environments
dc.contributor.author | Bilbao Munoz, Carlos | en |
dc.contributor.committeechair | Ravindran, Binoy | en |
dc.contributor.committeemember | Stavrou, Angelos | en |
dc.contributor.committeemember | Nikolaev, Ruslan | en |
dc.contributor.department | Electrical and Computer Engineering | en |
dc.date.accessioned | 2022-01-12T04:41:35Z | en |
dc.date.available | 2022-01-12T04:41:35Z | en |
dc.date.issued | 2022-01-11 | en |
dc.description.abstract | In this thesis we aim to push forward the state-of-the-art security on instruction set architecture (ISA) heterogeneous systems by adopting an edge-computing approach. As the embedded devices market grows, such systems remain affected by a wide range of attacks and are particularly vulnerable to techniques that render the operating system or hypervisor untrusted. The usage of Trusted Execution Environments (TEEs) can help mitigate such threat model(s) immensely, but embedded devices rarely count with the hardware support required. To address this situation and enhance security on embedded devices, we present the RemoteTrust framework, which allows modest devices to offload secure computations on a remote server with hardware-level TEEs. To ease portability, we develop the framework on top of the open-source hardware-agnostic Open Enclave SDK. We evaluate the framework from a security and performance perspectives on a realistic infrastructure. In terms of security, we provide a list of CVEs that could potentially be mitigated by RemoteTrust, and we prevent the Heartbleed attack on a vulnerable server. From a performance perspective, we port C/C++ benchmarks of SPEC CPU 2017, two overhead microbenchmarks and five open-source applications, demonstrating small communication overhead (averaging less than 1 second per 100 remote single-parameter enclave calls). | en |
dc.description.abstractgeneral | We develop software that can be leveraged to secure an embedded device (reduced-size computer) using features only present in more powerful systems such as a server. This requires developing and extending source code for ISA-heterogeneous (different instruction sets) systems. Our thesis is then evaluated on a realistic setup, using the type of device (a Raspberry Pi v4) that the framework is intended for. We demonstrate our framework can help secure devices without paying a high price in performance. | en |
dc.description.degree | Master of Science | en |
dc.format.medium | ETD | en |
dc.identifier.other | vt_gsexam:33477 | en |
dc.identifier.uri | http://hdl.handle.net/10919/107554 | en |
dc.language.iso | en | en |
dc.publisher | Virginia Tech | en |
dc.rights | In Copyright | en |
dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
dc.subject | Security | en |
dc.title | Improving Security of Edge Devices by Offloading Computations to Remote, Trusted Execution Environments | en |
dc.type | Thesis | en |
thesis.degree.discipline | Computer Engineering | en |
thesis.degree.grantor | Virginia Polytechnic Institute and State University | en |
thesis.degree.level | masters | en |
thesis.degree.name | Master of Science | en |