Enabling the Use of Strongly-Private Algorithms Kubilay Ahmet Kk - - PowerPoint PPT Presentation

enabling the use of strongly private algorithms
SMART_READER_LITE
LIVE PREVIEW

Enabling the Use of Strongly-Private Algorithms Kubilay Ahmet Kk - - PowerPoint PPT Presentation

Mar 06, 2023 214 likes •314 views

DEPARTMENT OF COMPUTER SCIENCE SOFTWARE AND SYSTEMS SECURITY RESEARCH GROUP Enabling the Use of Strongly-Private Algorithms Kubilay Ahmet Kk (PhD candidate, 4 th year) kucuk@cs.ox.ac.uk Supervisor: Prof. Andrew MARTIN Content from

slide-1
SLIDE 1

DEPARTMENT OF COMPUTER SCIENCE SOFTWARE AND SYSTEMS SECURITY RESEARCH GROUP

Enabling the Use of Strongly-Private Algorithms

Kubilay Ahmet Küçük

(PhD candidate, 4th year)

kucuk@cs.ox.ac.uk Supervisor: Prof. Andrew MARTIN

Content from Journal Article, accepted on 03th May 2019. To be appear online in Jul/Aug 2019. KA Kucuk, David Grawrock, Andrew Martin. Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves: Minimised TCB on secret-code execution with Early-Private Mode (EPM). SpringerOpen EURASIP Journal on Information Security (Special Issue on Recent Advances in Software Security).

slide-2
SLIDE 2

Questions or Contact :kucuk@cs.ox.ac.uk

Enclave binary is inspectable by its’ nature

Programming the Enclave functions Containing Application Logic Compiled binary disassembled

  • bjdump -d enclave.signed.so

Encrypted Enclave Memory 4KB Page Granularity Controlled by Operating System Binary Loaded to Enclave Memory Time before Enclave loaded into memory After Loading Binary Algorithm Owner's Environment Hardware Owner's Environment Sending Enclave Binary Untrusted Application Part Trusted Interface Auto Generated

U n t r u s t e d

T r u s t e d ECALL OCALL Functions

Fill Key: Asset Type Source Code Compiled Binary Encrypted Memory

2

slide-3
SLIDE 3

Questions or Contact :kucuk@cs.ox.ac.uk

Enclave-Aware or Enclave-Independent development

3

Approach 2: HO and ED together Protect the Secret-Code After Release Approach 1: AO and ED on the same side Protect the Secret-Code Before Release Algorithm Owner (AO) Has Secret Algorithm

  • r Business Logic

Maintaining the code secrecy after its release Hardware Owner (HO) has Cloud Infrastructure for Remote Execution Enclave Developer (ED) Responsible for Secure Implementation Ensuring the code secrecy before its release

AO ED HO AO ED HO

Sending an Enclave-aware Algorithm Sending an Enclave-independent Algorithm

slide-4
SLIDE 4

Questions or Contact :kucuk@cs.ox.ac.uk

Enclave-Independent Private Algorithms

4

slide-5
SLIDE 5

Questions or Contact :kucuk@cs.ox.ac.uk

Enclave-Aware Private Algorithms

5

slide-6
SLIDE 6

Questions or Contact :kucuk@cs.ox.ac.uk

New Possibilities with 3 Stake Holders

6

§ Computational Power as a Service

(CPaaS)

§ Algorithm Querying as a Service

(AQaaS)

§ Data Querying as a Service

(DQaaS)

slide-7
SLIDE 7

Questions or Contact :kucuk@cs.ox.ac.uk

New Problems / Future Work

§ Integrate Key sharing and separation (KSS) § Modular Attestation § Secure Erase § Ownership Transfer § …

Contact: kucuk@cs.ox.ac.uk 7 Read more à

slide-8
SLIDE 8