First Call (October-November 2022)

Trusted Execution Environments for Advanced Data Protection

This proposal resulted in the following thesis:

  • Ion Andy Ditu (Bachelor's Thesis, University of Trento, 2023)
    Leveraging Trusted Execution Environment for Efficient Revocation and Security in Cryptographic Access Control
    Supervisors: Silvio Ranise | Co-supervisors: Roberto Carbone, Stefano Berlato

Description:

Cryptographic Access Control (CAC) is often employed to protect the confidentiality of Cloud-hosted sensitive data from curious service providers while enforcing access control policies. Unfortunately, CAC usually incurs significant computational overhead that limits its applicability in real-world scenarios [1]. The main goal of this project is to investigate how Trusted Execution Environments (TEEs) such as Intel SGX [2] can synergize with CAC to relieve these computational overheads and efficiently guarantee advanced data protection.

Level: BSc/MSc

Supervisors: Silvio Ranise

Co-supervisor: Roberto Carbone, Stefano Berlato

Time frame: From February 2023

Prerequisites:

  • Basic knowledge of IT security
  • Basic knowledge of cryptography from cryptography-related courses
  • Basic knowledge of object-oriented programming languages (i.e., Kotlin)

Objectives:

  • Familiarization and study of the state of the art in the use of TEEs for advanced data protection.
  • Evaluation of available techniques and design of a solution joining CAC with TEEs to reduce the cryptographic computational overhead.
  • Implementation of the proposed approach in a tool [3] developed and actively maintained by the Security&Trust unit in FBK [4].

Topics: Access Control, Cryptography, TEE

References:

  1. W. C. Garrison, A. Shull, S. Myers and A. J. Lee, "On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud," 2016 IEEE Symposium on Security and Privacy (SP), 2016, pp. 819-838, doi: 10.1109/SP.2016.54
  2. https://software.intel.com/content/www/us/en/develop/topics/software-guard-extensions.html
  3. stfbk/CryptoAC
  4. Stefano Berlato, Roberto Carbone, Silvio Ranise. Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment In 18th International Conference on Security and Cryptography (SECRYPT 2021)