CELTIC-NEXT Online Proposers Day TWO DIFFERENT PROJECT IDEA CONTRIBUTIONS SYSTEMIC SW Universal Trusted PROTECTION Execution for cloud and endpoint SW for cloud and endpoint SW security enhancement total security SOLIDSHIELD vincent@solidshield.com
CELTIC-NEXT Online Proposers Day 29 th November 2018, via WebEx Project CONTRIBUTION proposal SYSTEMIC SW PROTECTION for cloud and endpoint SW security enhancement SOLIDSHIELD vincent@solidshield.com
PROBLEM STATEMENT SOFTWARE SECURITY IS FIRST PRIORITY FOR FUTURE IOT BASED SYSTEM SECURITY TODAY 'S PAINPOINTS FOR SW PROTECTION): IMPEDING ATTACKS SLOW DOWN THE SOFTWARE COMPLEX WORKFLOW (SOURCE CODE CHANGE, NEW COMPILATION, ... IOT SoTA SOFTWARE ARE AT THE BEST AUTHENTICATED CAN BE REVERSED CAN BE DECOMPILED CAN BE TAMPERED TO TAMPER DATA www.celticplus.eu SYSTEMIC SW ONE CLICK SECURITY, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
SYSTEMIC SYSTEMIC SW PROTECTIONS: ATTESTATION ENCRYPTION ANTI DUMP ANTI TAMPERING ALL THESE FOUR PROTECTION SET AT ONE CLICK COST ON BINARIES NO PERFORMANCE DEGRADATION AT RUNTIME UNIVERSAL SOLUTION www.celticplus.eu SYSTEMIC SW ONE CLICK SECURITY, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
ORGANISATION PROFILE SOLIDSHIELD WORKS IN SW PROTECTION FOR A DECADE (DEFENSE AND TELECOM) SYSTEMIC (FOR INTEL) IS DERIVED FROM OUR CONTRIBUTION IN SENDATE TANDEM. WORKFLOW IS KEY FOR SUCCESS. OUR PLAN IS TO EXPAND SYSTEMIC TO IOT MARKETS (ARM, JAVA) AND DESIGN AD HOC SOLUTIONS TO MEET SPECIFIC MARKETS CONSTRAINTS. SPECIFICATIONS SHALL COME FROM POTENTIAL USERS. (CONSORTIUM MEMBERS TYPICALLY). TESTS SHALL BE DONE BY THEM TOO. WE NEED USE CASES AND MARKET INNER VIEWS 5 www.celticplus.eu SYSTEMIC SW ONE CLICK SECURITY, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
CELTIC-NEXT Online Proposers Day 29 th November 2018, via WebEx Pitch of a project contribution proposal Universal Trusted Execution for cloud and endpoint SW total security SOLIDSHIELD vincent@solidshield.com
TEASER ONE SOLUTION FOR ALL TEE UNIVERSAL TRUSTED EXECUTION DELIVERS HIGHEST SW SECURITY WHATEVER HARDWARE (TEE ENABLED) AT NO EFFORT TO DEVELOPERS 7 www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
PROBLEM STATEMENT TEE IS A SUPER STRONG BUT POORLY-USED IDEA PROS: IT BREAKS THE CHAIN OF PERFORMANCE<>EFFICIENCY PRO: CODE AND DATA INTEGRITY AND CONFIDIENTIALITY ARE MET CONS: REQUIRE A SECURITY ARCHITECT... VENDOR-SPECIFIC , NO COMPATIBILITY Complete Limited VM TCB 8 www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
UNIV IVERSAL TEE ONE SETUP WORKFLOW FOR BOTH TECHNOLOGIES NO CHANGE ON SOURCE CODE REQUIRED ONE SINGLE PROTECTED EXECUTABLE ENABLED FOR BOTH TECHNOLOGIES NO EFFORT FROM DEVELOPER. USE CODE INTERPRETATION AND ASYLO APIS FOR HARDWARE INDEPENDANCE + AUTOMATIC BINARY WRAPPING 9 www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
UNIV IVERSAL TEE OUTCOME CLOUD COMPUTING MAKES USE OF TEE... NO MORE INTROSPECTION ATTACKS AT SERVER FARMS... A REAL BOOSTER IN TODAY'S CLOUD COMPUTING USE (5G, SDN, ...) WE OFFER A READY-TO-USE DISRUPTIVE SOLUTION ON BOTH WORKFLOW AND DEPLOYMENT ASPECTS (TODAY'S BLOCKER) "TEE ARE NESCANT AND WILL EVOLVE ATTACKS ON TEES JUST REFLECT HOW MUCH THEY THREAT CYBER ACTIVISTS..." 10 www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
FAU 'S 'S EXPERTISE FAU takes part of a long track of collaborative research program including SENDATE TANDEM. Its research focus are trusted execution environments, including the following publications: • Isolating Operating System Components with Intel SGX, SysTex ’16 • Hardware-Based Trusted Computing Architectures for Isolation and Attestation, IEEE Transactions on Computers ’17 • Cache Attacks on Intel SGX, EuroSec ‘17 • Secure Remote Computation using Intel SGX, GI Sicherheit ’18 • Universal TEE for Securing SDN/NFV Operations, ARES ‘18 • TEEshift: Protecting Code Confidentiality by Selectively Shifting Functions into TEEs, SysTex ‘18 • Protecting Regular User-Mode Processes with AMD SEV (to be published 2019) 11 www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
PUBLICATIONS REFLECTING THE CONTRIBUTION IDEA: ARES ‘18 CONFERENCE, HAMBOURG, AUGUST 2018: UNIVERSAL TEE FOR SECURING SDN/NFV OPERATIONS HTTPS://DL.ACM.ORG/CITATION.CFM?DOID=3230833.3233256 SYSTEX ‘18 WORKSHOP, CO -LOCATED TO CCS CONFERENCE, TORONTO, OCTOBER 2018: TEESHIFT: PROTECTING CODE BY SELECTIVELY SELECTING FUNCTIONS INTO TEES (BEST-PAPER AWARD ) HTTPS://WWW.RESEARCHGATE.NET/PUBLICATION/328326614_TEESHIFT_PROTE CTING_CODE_CONFIDENTIALITY_BY_SELECTIVELY_SHIFTING_FUNCTIONS_INT O_TEES 12 www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
CONTACT IN INFO SOLIDSHIELD: FAU: Name: Vincent Lefebvre Name: Tilo Müller E-Mail: vincent@solidshield.com E-Mail: tilo.mueller@cs.fau.de Telephone +33 0663579190 Telephone +49 9131 85 69904 83 Bd Sadi Carnot, 06110 Le Cannet, France Martensstr. 3, 91058 Erlangen, Germany www.solidshield.com www1.cs.fau.de Presentation available via: www.tiny.cc/projectidea 13
Join the follow-up Telco 7th December 14-15 CET Join Webex meeting Meeting number (access code): 956 667 108 Meeting password: Z5jiAfeH Join by phone +49-6925511-4400 Germany toll Global call-in numbers www.celticplus.eu office@celticplus.eu 14
Recommend
More recommend
