First Call (October-November 2022)
Trusted Execution Environments for Advanced Data Protection
This proposal resulted in the following thesis:
-
Ion Andy Ditu (Bachelor's Thesis, University of Trento, 2023)
Leveraging Trusted Execution Environment for Efficient Revocation and Security in Cryptographic Access Control
Supervisors: Silvio Ranise | Co-supervisors: Roberto Carbone, Stefano Berlato
Description:
Cryptographic Access Control (CAC) is often employed to protect the confidentiality of Cloud-hosted sensitive data from curious service providers while enforcing access control policies. Unfortunately, CAC usually incurs significant computational overhead that limits its applicability in real-world scenarios [1]. The main goal of this project is to investigate how Trusted Execution Environments (TEEs) such as Intel SGX [2] can synergize with CAC to relieve these computational overheads and efficiently guarantee advanced data protection.
Level: BSc/MSc
Supervisors: Silvio Ranise
Co-supervisor: Roberto Carbone, Stefano Berlato
Time frame: From February 2023
Prerequisites:
- Basic knowledge of IT security
- Basic knowledge of cryptography from cryptography-related courses
- Basic knowledge of object-oriented programming languages (i.e., Kotlin)
Objectives:
- Familiarization and study of the state of the art in the use of TEEs for advanced data protection.
- Evaluation of available techniques and design of a solution joining CAC with TEEs to reduce the cryptographic computational overhead.
- Implementation of the proposed approach in a tool [3] developed and actively maintained by the Security&Trust unit in FBK [4].
Topics: Access Control, Cryptography, TEE
References:
- W. C. Garrison, A. Shull, S. Myers and A. J. Lee, "On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud," 2016 IEEE Symposium on Security and Privacy (SP), 2016, pp. 819-838, doi: 10.1109/SP.2016.54
- https://software.intel.com/content/www/us/en/develop/topics/software-guard-extensions.html
- stfbk/CryptoAC
- Stefano Berlato, Roberto Carbone, Silvio Ranise. Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment In 18th International Conference on Security and Cryptography (SECRYPT 2021)