SecAppDev 2020 Lecture Details

Trusted Execution and how far you can trust it

Jan Tobias Muehlberg
Wednesday March 11, 09:00 - 10:30
Short description

Modern processors provide Trusted Execution Environments that allow you to protect software components even from an untrusted operating system. Learn when and how to use them!

Abstract

You have developed the perfect piece of secure software. You made your best engineering effort; you used safe programming languages; you tested it thoroughly. Now you want to deploy it, and you realize that you don't trust the client's PC and their software stack to not tamper with your code. How could you possibly protect your software from malicious low-level interactions? In this session, you will learn how to leverage component isolation and software attestation from Trusted Execution Environments (e.g., Intel SGX, ARM TrustZone, Sancus) to build secure distributed applications.

Key takeaway

Learn how and when to rely on technologies such as Intel SGX, and understand what security guarantees these technologies can provide.

Content level

Deep-dive

Target audience

Architects, developers, testers, software security and verification engineers

Prerequisites

Development and testing experience


Jan Tobias Muehlberg

Jan Tobias Muehlberg

Research Manager, imec-DistriNet, KU Leuven

Jan Tobias Muehlberg works as a research manager at imec-DistriNet, KU Leuven (BE). He is active in the fields of software security, formal verification and validation of software systems, specifically for embedded systems and low-level operating system components. Tobias is particularly interested in security architectures for safety-critical embedded systems and for the Internet of Things.

Full speaker profile


Related low-level security sessions

Hands-on introduction to Rust

One-day workshop by Jake Goulding and Carol Nichols

Haven't done any Rust? Want to know what makes Rust so special? Want the ability to ask two highly experienced Rust developers nuanced questions? Join us as we go hands-on with Rust, starting from an empty file and learning about the Rust ecosystem, pervasive and unique-to-Rust concepts, and areas where Rust truly shines.

Low-level security Thursday March 12, 09:00 - 17:30

How Rust helps us make safer and more secure code

Lecture by Jake Goulding

Rust promises to help us write better, safer code, but how exactly does it do so? Marketing can only convince us of so much. Join us to learn about the details for yourself.

Low-level security Tuesday March 10, 14:00 - 15:30

Rust - A Language for the Next 40 Years

Lecture by Carol Nichols

This session provides a high-level overview of the safety and stability of the Rust programming language in its historical context.

Low-level security Friday March 13, 11:00 - 12:30

Security of embedded devices - an introduction

Lecture by Lennert Wouters

This session introduces the main components of the embedded device ecosystem and some of the common security pitfalls. We do this by looking at real world examples and by demonstrating easy to use techniques.

Low-level security Friday March 13, 09:00 - 10:30

Introduction to low-level software security

Lecture by Frank Piessens

Learn about memory management vulnerabilities, the attack techniques to exploit them, and the countermeasures that can be taken to defend against them.

Low-level security Tuesday March 10, 11:00 - 12:30