Course Overview
This course focuses on studying security techniques for trusted computing systems. The course starts with discussing software/system security fundamentals and principals for designing and building trusted computing systems. Then we study comprehensive security oriented hardenning techniques for trusted computing platforms as well as promising new services and applications. Lastly we will cover possible attacks and defenses against trusted computing systems.
The course will be mostly based on research papers. Each lecture will cover one research paper, and each student is expected to present a few research papers (one or two) throughout the semester. In order to facilitate discussion, all students are strongly encouraged to read the paper before the class and actively participate the in-class discussion. Students are also required to pick the research topic related to the class, and perform their own research project.
- Instructor : Byoungyoung Lee (email: byoungyoung@purdue.edu)
- Lecture: 4:30 pm - 5:45 pm (Tue & Thr) at Lawson B134
- Office hour: 3:30 pm - 4:30 pm (Tue & Thr) at LWSN 1187
Schedule (Tentative)
| Date | Topic | Paper | |
|---|---|---|---|
| 01/10 | Introduction (online meetup) | ||
| 01/12 | - | No class (travel) | |
| 01/17 | Introduction | Intro. on trusted computing (1) | |
| 01/19 | Introduction | Intro. on trusted computing (2) | |
| 01/24 | Toward trusted computing | AEGIS [ICS 03] | |
| 01/26 | Toward trusted computing | SecVisor [SOSP 07] | |
| 01/31 | Toward trusted computing | OverShadow [ASPLOS 08] | |
| 02/02 | Toward trusted computing | Flicker [EuroSys 08] | |
| 02/07 | Toward trusted computing | TrustVisor [SP 10] | |
| 02/09 | Toward trusted computing | TrustZone-TLR [ASPLOS 14] | |
| 02/14 | SandBox for trusted computing | Haven [OSDI 14] | |
| 02/16 | SandBox for trusted computing | No class | |
| 02/21 | SandBox for trusted computing | A2C [NDSS 17] | practice talk |
| 02/21 | SandBox for trusted computing | Graphene [EuroSys 14] | makeup |
| 02/23 | SandBox for trusted computing | VC3 [SP 15] | |
| 02/23 | SandBox for trusted computing | Ryoan [OSDI 16] | makeup |
| 02/28 | - | No class (NDSS travel) | |
| 03/02 | - | No class (NDSS travel) | |
| 03/07 | SandBox for trusted computing | MiniBox [ATC 14] | |
| 03/07 | Trusted services | CryptDB [SOSP 11] | makeup |
| 03/09 | SandBox for trusted computing | Scone [OSDI 16] | |
| 03/09 | SandBox for trusted computing | T-SGX [NDSS 17] | makeup |
| 03/14 | - | No class (Spring break) | |
| 03/16 | - | No class (Spring break) | |
| 03/21 | Trusted services | BlindBox [SIGCOMM 15] | |
| 03/23 | Trusted services | Embark [NSDI 16] | |
| 03/28 | - | JForce [WWW 17] | practice talk |
| 03/30 | Trusted services | Mylar [NSDI 14] | |
| 04/04 | Securing access patterns | Path ORAM [CCS 13] | |
| 04/06 | Securing access patterns | Raccoon [SEC 15] | |
| 04/06 | Securing access patterns | HOP [NDSS 17] | |
| 04/11 | Attacks/Defenses | Iago Attacks [ASPLOS 13] | |
| 04/11 | Attacks/Defenses | Controlled-channel attacks [SP 15] | |
| 04/13 | Attacks/Defenses | Drammer | |
| 04/18 | Attacks/Defenses | SGX Cache timing attacks | |
| 04/20 | Attacks/Defenses | Memoir [SP 11] | |
| 04/25 | Attacks/Defenses | StealthMem [SEC 12] | |
| 04/27 | Attacks/Defenses | BOOMERANG [NDSS 17] |
- This schedule is subject to change, and changes will be announced in class or emailed if necessary.
Related Papers
-
Toward trusted computing
- (XOM) Architectural Support for Copy and Tamper Resistant Software [ASPLOS 00] [pdf]
- AEGIS: architecture for tamper-evident and tamper-resistant processing [ICS 03] [pdf]
- SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes [SOSP 07] [pdf]
- Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems [ASPLOS 08] [pdf]
- InkTag: secure applications on an untrusted operating system [ASPLOS 13] [pdf]
- Flicker: An execution infrastructure for TCB minimization [EuroSys 08] [pdf]
- TrustVisor: Efficient TCB reduction and attestation [SP 10] [pdf]
- (TrustZone-TLR) Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications [ASPLOS 14] [pdf]
-
SandBox/Containers for trusted computing
- MiniBox: A two-way sandbox for x86 native code [ATC 14] [pdf]
- VC3: trustworthy data analytics in the cloud using SGX [SP 15] [pdf]
- Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data [OSDI 16] [pdf]
- (Graphene) Cooperation and Security Isolation of Library OSes for Multi-Process Applications [EuroSys 14] [pdf]
- SCONE: Secure Linux Containers with Intel SGX [OSDI 16] [pdf]
- Shielding Applications from an Untrusted Cloud with Haven [OSDI 14] [pdf]
- Panoply: Low-TCB Linux Applications With SGX Enclaves [NDSS 17] [pdf]
-
Trusted Services
- Secure Untrusted Data Repository (SUNDR) [OSDI 04] [pdf]
- CryptDB: protecting confidentiality with encrypted query processing [SOSP 11] [pdf]
- BlindBox: Deep packet inspection over encrypted traffic [SIGCOMM 15] [pdf]
- Embark: Securely Outsourcing Middleboxes to the Cloud [NSDI 16] [pdf]
- Building web applications on top of encrypted data using Mylar [NSDI 14] [pdf]
-
Securing access patterns
- Path ORAM: An Extremely Simple Oblivious RAM Protocol [CCS 13] [pdf]
- Raccoon: Closing Digital Side-Channels through Obfuscated Execution [SEC 15] [pdf]
- Oblivious multi-party machine learning on trusted processors [SEC 16] [pdf]
- HOP: Hardware makes Obfuscation Practical [NDSS 17] [pdf]
- T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs [NDSS 17] [pdf]
- ObliviSync: Practical Oblivious File Backup and Synchronization [NDSS 17] [pdf]
-
Attacks and defenses
- Iago attacks: why the system call API is a bad untrusted RPC interface [ASPLOS 13] [pdf]
- Controlled-channel attacks: Deterministic side channels for untrusted operating systems [SP 15] [pdf]
- Memoir: Practical state continuity for protected modules [SP 11] [pdf]
- STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud [SEC 12] [pdf]
- Drammer: Deterministic Rowhammer Attacks on Mobile Platforms [CCS 16] [pdf]
- SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs [NDSS 17] [pdf]
- BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments [NDSS 17] [pdf]
-
Other related papers
- Enhancing Security and Privacy of Tor's Ecosystem by using Trusted Execution Environments [NSDI 17]
- Software Grand Exposure: SGX Cache Attacks Are Practical [pdf]
- Malware Guard Extension: Using SGX to Conceal Cache Attacks [pdf]
- Sanctum: Minimal Hardware Extensions for Strong Software Isolation [SEC 16] [pdf]
- Opaque: An Oblivious and Encrypted Distributed Analytics Platform [NSDI 17] [[pdf]]opaque
Grading
- Paper Presentations: 30%
- Paper Reviews: 20%
- Participation: 20%
- Research projects: 30%
For academic honesty refer to the Purdue integrity/code of conduct; Except as by prior arrangement or notification by the professor of an extension before the deadline, missing or late work will be counted as a zero/fail.