Ofir Weisse (University of Michigan)
Sunday, 31.12.2017, 13:30
Secure execution technologies, such as Intel SGX, offer an attractive solution for protecting one's private data in the public cloud environment. In this talk, we will explore how SGX mitigates various attack surfaces and what are the caveats of naively using the technology to protect applications. Specifically, we will discuss the performance implications of SGX on common applications and understand what are the new bottlenecks created by SGX, which may lead to a 5x performance degradation. We then describe an optimization mechanism, HotCalls, that provides a 13-27x speedup compared to the builtin mechanism supplied by SGX SDK. Overcoming the performance bottlenecks is not enough to construct a useful secure distributed system. We will talk about the missing pieces in SGX to manage multiple entities securely, and how can we fill in the gap.
Ofir is a Ph.D. candidate at the University of Michigan. His current research focuses on the feasibility of secure execution in the cloud: Enabling low-cost security in the cloud environment, without compromising performance. His recent publications include HotCalls (ISCA 2017) and WALNUT (EuroS&P 2017). Ofir worked for Intel in Haifa as a security researcher in the SGX group. He received his Master's in Computer Engineering from Tel-Aviv University and B.Sc from the Technion. His previous research focused on differential power analysis of cryptographic devices, which was published in CHES and HASP.