UNITesi

Nowadays, aiming to design complex and safer systems has become a necessity. For this reason, TEEs (Trusted Execution Environments) have been introduced. TEEs have become increasingly popular in modern CPUs as they provide a way to implement hardware-assisted security services. TEEs are in fact used to improve data security. However, due to security vulnerabilities, they have become a target of various attacks. Intel SGX is the most implemented and tested hardware-based encryption TEE. This study provides a general overview of the features, benefits, limitations, and vulnerabilities of TEEs based on Intel SGX hardware and other architectures, analyzing some attack mitigations. Some generic Intel SGX server-side features and applications have been described such as data sealing, attestation, data privacy, data protection, and encryption. The results of this study show that with the help of some Intel SGX techniques we can prevent some attacks, but side-channel attacks cannot be completely prevented.

An Area of Trust - Trusted Execution Environment

Regonda, Brahmashwini
2022/2023

Abstract

Nowadays, aiming to design complex and safer systems has become a necessity. For this reason, TEEs (Trusted Execution Environments) have been introduced. TEEs have become increasingly popular in modern CPUs as they provide a way to implement hardware-assisted security services. TEEs are in fact used to improve data security. However, due to security vulnerabilities, they have become a target of various attacks. Intel SGX is the most implemented and tested hardware-based encryption TEE. This study provides a general overview of the features, benefits, limitations, and vulnerabilities of TEEs based on Intel SGX hardware and other architectures, analyzing some attack mitigations. Some generic Intel SGX server-side features and applications have been described such as data sealing, attestation, data privacy, data protection, and encryption. The results of this study show that with the help of some Intel SGX techniques we can prevent some attacks, but side-channel attacks cannot be completely prevented.
Informatica
2022-10-20
Laurea magistrale
File in questo prodotto:
File Dimensione Formato  
887689-1272220.pdf

accesso aperto

Tipologia: Altro materiale allegato
Dimensione 1.39 MB
Formato Adobe PDF
Visualizza/Apri
1.39 MB Adobe PDF Visualizza/Apri

I documenti in UNITESI sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14247/7840