Ofir Shwartz (EE, Technion)
Wednesday, 25.10.2017, 11:30
Remote computing services (e.g., virtualization and cloud services) offer advantages to organizations and individuals, putting at their disposal enormous computing resources while permitting them to pay only for the resources actually used. Unfortunately, such environments are prone to attacks by hackers, adversarial users of the systems, or even the owner of the service. Such attacks may address the operating system, hypervisor, VMM, or even the hardware itself. It would therefore be extremely beneficial if one could ensure the security or their programs in such environments, as this would likely lead to a dramatic expansion of their use for applications ranging from research, through financial, and to medical systems. Specifically, the confidentiality of the code and data must be preserved, and tampering with those or with the sequence of execution must be detected.
Although prior art suggested various ideas and architectures, they are missing key feature for becoming practical, such as supporting existing applications, providing security without harming performance, and being scalable to many compute node.
In this work we present the Secure Machine (SeM), a CPU architecture extension for secure computing that supports vast range of systems, from single core compute nodes to parallel and distributed computing environments. Using static binary instrumentation, SeM supports existing applications (binaries). SeM’s performance overhead for the added security features is negligible. We therefore consider SeM as a major step towards practical secure computing.