1 / 14

Systemic SW protection for cloud and endpoint SW security enhancement

CELTIC-NEXT Online Proposers Day TWO DIFFERENT PROJECT IDEA CONTRIBUTIONS. Universal Trusted Execution for cloud and endpoint SW total security. Systemic SW protection for cloud and endpoint SW security enhancement. SOLIDSHIELD vincent@solidshield.com.

edill
Download Presentation

Systemic SW protection for cloud and endpoint SW security enhancement

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CELTIC-NEXT Online Proposers Day TWO DIFFERENT PROJECT IDEA CONTRIBUTIONS UniversalTrusted Execution for cloud and endpoint SW total security Systemic SW protection for cloud and endpoint SW security enhancement SOLIDSHIELD vincent@solidshield.com

  2. CELTIC-NEXT Online Proposers Day 29thNovember 2018, via WebEx Project contribution proposal Systemic SW protection for cloud and endpoint SW security enhancement SOLIDSHIELD vincent@solidshield.com

  3. PROBLEM STATEMENT SOFTWARE SECURITY IS first priority for future iot based system security • today 's painpoints for sw protection): • impeding attackS slow down the software • complex workflow (source code change, new compilation, ... iot soTA software are at the best authenticated can be reversed can be decompiled can be tampered to tamper data www.celticplus.eu SYSTEMIC SW ONE CLICK SECURITY, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com

  4. systemic • Systemic SW protections: • attestation • encryption • anti dump • anti tampering • all these four protection set at one click cost on binaries • no performance degradation at runtime • universal solution www.celticplus.eu SYSTEMIC SW ONE CLICK SECURITY, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com

  5. Organisation Profile solidshield works in sw protection for a decade (defense and telecom) systemic (FOR INTEL) IS derived from our contribution in sendate tandem. Workflow is key for success. OUR PLAN IS TO EXPAND SYSTEMIC TO IOT MARKETS (arm, java) AND DESIGN AD HOC SOLUTIONS to meet specific markets constraints. specifications SHALL COME FROM POTENTIAL USERS. (consortium members typically). testS SHALL BE DONE BY THEM TOO. we need use cases AND market INNER VIEWS www.celticplus.eu SYSTEMIC SW ONE CLICK SECURITY, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com

  6. CELTIC-NEXT Online Proposers Day 29thNovember 2018, via WebEx Pitch of a project contribution proposal UniversalTrusted Execution for cloud and endpoint SW total security SOLIDSHIELD vincent@solidshield.com

  7. TeaserOne solution for all tee Universal Trusted Execution delivers highest sw security whatever hardware (tee enabled) at no effort to developers www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com

  8. problem statement tee is a super strong but poorly-used idea pros: it breaks the chain of performance<>efficiency pro: code and data integrity and confidientiality are met CONs: require a security architect... vendor-specific , no compatibility Complete VM Limited TCB www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com

  9. universal tee one setup workflow for both technologies no change on source code required one single protected executable enabled for both technologies No effort from developer. USE CODE INTERPRETATION AND ASYLO APIs FOR HARDWARE INDEPENDANCE + AUTOMATIC BINARY WRAPPING www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com

  10. UNIVERSAL TEE OUTCOME CLOUD COMPUTING MAKES USE OF TEE... NO MORE INTROSPECTION ATTACKS AT SERVER FARMS... A REAL BOOSTER IN TODAY'S CLOUD COMPUTING USE (5G, SDN, ...) WE OFFER A READY-TO-USE DISRUPTIVE SOLUTION ON BOTH WORKFLOW AND DEPLOYMENT ASPECTS (today's blocker) "TEE ARE NESCANT AND WILL EVOLVE ATTACKS ON TEES JUST REFLECT HOW MUCH THEY THREAT CYBER ACTIVISTS..." www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com

  11. FAU 's expertise • FAU takes part of a long track of collaborative research program including SENDATE TANDEM. Its research focus are trusted execution environments, including the following publications: • Isolating Operating System Components with Intel SGX, SysTex ’16 • Hardware-Based Trusted Computing Architectures for Isolation and Attestation, IEEE Transactions on Computers ’17 • Cache Attacks on Intel SGX, EuroSec ‘17 • Secure Remote Computation using Intel SGX, GI Sicherheit ’18 • Universal TEE for Securing SDN/NFV Operations, ARES ‘18 • TEEshift: Protecting Code Confidentiality by Selectively Shifting Functions into TEEs, SysTex ‘18 • Protecting Regular User-Mode Processes with AMD SEV (to be published 2019) www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com

  12. publications reflecting the contribution idea: ARES ‘18 CONFERENCE, HAMBOURG, August 2018:UNIVERSAL tee for securing SDN/NFV OPERATIONS https://dl.acm.org/citation.cfm?doid=3230833.3233256 SysTEX ‘18 WORKSHOP, Co-Located to CCS CONFERENCE, TORONTO, October 2018:teeshift: Protecting code by selectively selecting functions into teeS(Best-Paper Award ) Https://www.researchgate.net/publication/328326614_TEEshift_Protecting_Code_Confidentiality_by_Selectively_Shifting_Functions_into_TEEs www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com

  13. Contact Info SOLIDSHIELD: Name: Vincent Lefebvre E-Mail: vincent@solidshield.com Telephone +33 0663579190 83 Bd Sadi Carnot, 06110 Le Cannet, France www.solidshield.com FAU: Name: Tilo Müller E-Mail: tilo.mueller@cs.fau.de Telephone +49 9131 85 69904 Martensstr. 3, 91058 Erlangen, Germany www1.cs.fau.de • Presentation available via: • www.tiny.cc/projectidea

  14. Join the follow-up Telco 7th December 14-15 CET Join Webex meeting Meeting number (access code): 956 667 108 Meeting password: Z5jiAfeH Join by phone  +49-6925511-4400 Germany toll  Global call-in numbers www.celticplus.eu office@celticplus.eu

More Related