SecAppDev 2022 Lecture Details
Trusted Execution and how far you can trust it
Jan Tobias Muehlberg
Tuesday June 14, 09:00 - 10:30
Short description
Modern processors provide Trusted Execution Environments that allow you to protect software components even from an untrusted operating system. Learn when and how to use them!
Abstract
You have developed the perfectly secure software. You did your best engineering effort, you used safe programming languages, you tested it thoroughly. Now you want to deploy it and you realise that you don't really trust the client's PC and their software stack to not tamper with your code. How could you possibly protect your software from malicious low-level interactions?
In this session you will learn how to leverage component isolation and software attestation from Trusted Execution Environments (e.g., Intel SGX, ARM TrustZone, Sancus) to build secure distributed applications.
Key takeaway
Learn how and when to rely on technologies such as Intel SGX, and understand what security guarantees these technologies can provide.
Content level
Advanced
Target audience
Architects, developers, testers, software security and verification engineers
Prerequisites
Programming skills, software security basics
Jan Tobias Muehlberg
Research Manager, DistriNet, KU Leuven
Jan Tobias Muehlberg works as a research manager at imec-DistriNet, KU Leuven (BE). He is active in the fields of software security, trusted computing, and formal verification and validation of software systems, specifically for embedded systems and low-level operating system components. Tobias is particularly interested in security architectures for safety-critical embedded systems and for the Internet of Things, and in the concept of sustainability in the information and communications technology, specifically in the context of security and privacy.
Related iot and low-level security sessions
Security of embedded devices - an introduction
Lecture by Lennert Wouters
This session provides an introduction to the field of hardware security, and will be guided by real-world case studies and vulnerabilities. We discuss the embedded attacker, their tools and techniques and their influence on threat models.
IoT and low-level security Monday June 13, 11:00 - 12:30