First Call (October-November 2022)

Trusted Execution Environments for Advanced Data Protection

This proposal resulted in the following thesis:

  • Ion Andy Ditu (Bachelor's Thesis, University of Trento, 2023)
    Leveraging Trusted Execution Environment for Efficient Revocation and Security in Cryptographic Access Control
    Supervisors: Silvio Ranise | Co-supervisors: Roberto Carbone, Stefano Berlato


Cryptographic Access Control (CAC) is often employed to protect the confidentiality of Cloud-hosted sensitive data from curious service providers while enforcing access control policies. Unfortunately, CAC usually incurs significant computational overhead that limits its applicability in real-world scenarios [1]. The main goal of this project is to investigate how Trusted Execution Environments (TEEs) such as Intel SGX [2] can synergize with CAC to relieve these computational overheads and efficiently guarantee advanced data protection.

Level: BSc/MSc

Supervisors: Silvio Ranise

Co-supervisor: Roberto Carbone, Stefano Berlato

Time frame: From February 2023


  • Basic knowledge of IT security
  • Basic knowledge of cryptography from cryptography-related courses
  • Basic knowledge of object-oriented programming languages (i.e., Kotlin)


  • Familiarization and study of the state of the art in the use of TEEs for advanced data protection.
  • Evaluation of available techniques and design of a solution joining CAC with TEEs to reduce the cryptographic computational overhead.
  • Implementation of the proposed approach in a tool [3] developed and actively maintained by the Security&Trust unit in FBK [4].

Topics: Access Control, Cryptography, TEE


  1. W. C. Garrison, A. Shull, S. Myers and A. J. Lee, "On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud," 2016 IEEE Symposium on Security and Privacy (SP), 2016, pp. 819-838, doi: 10.1109/SP.2016.54
  3. stfbk/CryptoAC
  4. Stefano Berlato, Roberto Carbone, Silvio Ranise. Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment In 18th International Conference on Security and Cryptography (SECRYPT 2021)