Published on 22/05/2023
INCISIVE was presented at this year’s edition of the European Network for Cybersecurity (NeCS) PhD School, that took place in Vason, Trento, from the 6th to the 10th of February 2023. Luigi Romano from CeRICT gave a lecture titled: “Hardware-assisted Trusted Computing: State of The Art and Emerging Use Cases”. In the lecture, he explained that even the most secure algorithm is vulnerable, if the computing environment where it is executed is not adequately protected and he presented the solutions which are being developed in INCISIVE to provide such protection.
In particular, he focused on INCISIVE protection mechanisms for data “in use” (i.e. when it is loaded in the RAM or in the CPU for executing a computation) based on Trusted Execution Environment (TEE) technology. It is worth emphasizing that – while protection of data in transfer and at rest is relatively easy to achieve – protection of data in use is still, to a large extent, an open issue. The challenge here is that data must be also protected from attacks by privileged users (e.g. system administrators or cloud providers) and software (e.g. the operating system or the hypervisor).
Protection of data in use is a number one priority in security research, since it is the enabling factor of a number of business opportunities. Suffice to say that there is a huge business case around Cloud Computing. The Cloud Security Alliance report lists the top threats to cloud security and one of these is the insider threat, which is a major obstacle to the real adoption of the cloud computing paradigm. Some of the big players of the cloud market have already realized that addressing the insider threat is a number one priority, and offer cloud solutions which provide high guarantees of being immune from such a threat (for instance Microsoft Azure Confidential Computing). MS ACC “safeguards data from malicious and insider threats while in use”.
The availability of a “Trusted Cloud” would unleash the potential of a number of application domains. As an example, the option of moving security and/or safety critical applications (e.g. AI-based applications like those being developed in INCISIVE) to the cloud – often referred to in scientific and technical literature as ”cloudifying critical applications” – is receiving more and more attention in the last few years, since the cloud paradigm has a dramatic potential in terms of reduction of costs for maintenance and management of hardware and software platforms, not to mention the advantages with respect to the availability of a virtually infinite amount of computing power.
The talk introduced the basic concepts of hardware-assisted security and gave an overview of the current State of The Art of CPU support for Trusted Execution Environment technology. Then, INCISIVE use cases were presented, where TEE technology is used to effectively improve security in real world setups.
The European Network for Cybersecurity PhD School was launched six years ago, in response to the increasing need of highly qualified experts in cyber-security. The School addresses the issues of training and development of talented junior researchers as indicated in the European Cybersecurity strategy and highlighted in the EC’s Digital Agenda.