SecAppDev 2022 Lecture Details

Trusted Execution and how far you can trust it

Jan Tobias Muehlberg
Tuesday June 14, 09:00 - 10:30
Short description

Modern processors provide Trusted Execution Environments that allow you to protect software components even from an untrusted operating system. Learn when and how to use them!

Abstract

You have developed the perfectly secure software. You did your best engineering effort, you used safe programming languages, you tested it thoroughly. Now you want to deploy it and you realise that you don't really trust the client's PC and their software stack to not tamper with your code. How could you possibly protect your software from malicious low-level interactions?

In this session you will learn how to leverage component isolation and software attestation from Trusted Execution Environments (e.g., Intel SGX, ARM TrustZone, Sancus) to build secure distributed applications.

Key takeaway

Learn how and when to rely on technologies such as Intel SGX, and understand what security guarantees these technologies can provide.

Content level

Advanced

Target audience

Architects, developers, testers, software security and verification engineers

Prerequisites

Programming skills, software security basics

Download handouts


Jan Tobias Muehlberg

Jan Tobias Muehlberg

Research Manager, DistriNet, KU Leuven

Jan Tobias Muehlberg works as a research manager at imec-DistriNet, KU Leuven (BE). He is active in the fields of software security, trusted computing, and formal verification and validation of software systems, specifically for embedded systems and low-level operating system components. Tobias is particularly interested in security architectures for safety-critical embedded systems and for the Internet of Things, and in the concept of sustainability in the information and communications technology, specifically in the context of security and privacy.

Full speaker profile


Related iot and low-level security sessions

Security of embedded devices - an introduction

Lecture by Lennert Wouters

This session provides an introduction to the field of hardware security, and will be guided by real-world case studies and vulnerabilities. We discuss the embedded attacker, their tools and techniques and their influence on threat models.

IoT and low-level security Monday June 13, 11:00 - 12:30