Use this URL to cite or link to this record in EThOS:
Title: Partitioning the trusted computing base of applications on commodity systems
Author: Atamli, Ahmad
ISNI:       0000 0004 7430 5210
Awarding Body: University of Oxford
Current Institution: University of Oxford
Date of Award: 2017
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
Secure containers implemented in both software and hardware are being used to isolate and reduce attack vectors on executing software. The isolation of software partitions protects the data and the execution from external software (e.g. the OS, other applications, other software partitions within the same application). Despite the existence of many hardware isolation technologies such as ARM TrustZone, Intel Software Guard Extension (SGX), and others, it is still not clear how to efficiently use isolation to secure applications data. This is particularly the case when considering vulnerabilities within the application, strong adversaries who have control over the OS, and performance requirements of the application. Previous work demonstrated the efficiency of SGX in protecting against memory leakage vulnerabilities. However, since SGX allows separation of privileges through partitioning monolithic applications into compartments, using it in mitigating faulty API vulnerabilities or Buffer over-writes is far from being straightforward. To illustrate, we found that many systems with ”secure containers” capabilities do not deliver the security expected from containers, which indicates an absence of a methodology for using Trusted Execution Environment (TEE) systems. For example, our analysis of Samsung KNOX architecture revealed that such systems cannot protect against memory leakage, buffer over-reads, buffer over-writes, and others. In this thesis two research hypotheses are investigated. First, privilege separation through application partitioning enhanced TEE can be used to mitigate software vulnerabilities, protect containers from privileged kernel, while maintaining the reasonable performance of an application . Second, partitioning patterns can be used to mitigate different threats. We demonstrate how vulnerabilities can be mitigated with secure containers and how the specific design of the secure containers determines the success of the desired protection from such a paradigm. This research uncovers the potential of TEE in separating privileges in applications using hardware based technologies instead of access control enforced in several layers by software. The realisation of the potential of secure containers will help corporations and enterprises design better secure systems and devices that protect end-users data from application and system vulnerabilities and attacks performed by software.
Supervisor: Martin, Andrew P. Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available