Dr. Kubilay Ahmet Küçük : Publications
SoK: How Not to Architect Your Next−Generation TEE Malware?
Kubilay Ahmet Küçük‚ Steve Moyle‚ Andrew Martin‚ Alexandru Mereacre and Nicholas Allott
Pages 10. 2022.
Besides Intel's SGX technology‚ there are long−running discussions on how trusted computing technologies can be used to cloak malware. Past research showed example methods of malicious activities utilising Flicker‚ Trusted Platform Module‚ and recently integrating with enclaves. We observe two ambiguous methodologies of malware development being associated with SGX‚ and it is crucial to systematise their details. One methodology is to use the core SGX ecosystem to cloak malware; potentially affecting a large number of systems. The second methodology is to create a custom enclave not adhering to base assumptions of SGX‚ creating a demonstration code of malware behaviour with these incorrect assumptions; remaining local without any impact. We examine what malware aims to do in real−world scenarios and state−of−art techniques in malware evasion. We present multiple limitations of maintaining the SGX−assisted malware and evading it from anti−malware mechanisms. The limitations make SGX enclaves a poor choice for achieving a successful malware campaign. We systematise twelve misconceptions (myths) outlining how an overfit−malware using SGX weakens malware's existing abilities. We find the differences by comparing SGX assistance for malware with non−SGX malware (i.e.‚ malware in the wild in our paper). We conclude that the use of hardware enclaves does not increase the preexisting attack surface‚ enables no new infection vector‚ and does not contribute any new methods to the stealthiness of malware.
Details about SoK: How Not to Architect Your Next−Generation TEE Malware? | BibTeX data for SoK: How Not to Architect Your Next−Generation TEE Malware? | DOI (10.1145/3569562.3569568) | Link to SoK: How Not to Architect Your Next−Generation TEE Malware?
CRC: Fully General Model of Confidential Remote Computing
Kubilay Ahmet Küçük and Andrew Martin
In Open Access. 2021.
Digital services have been offered through remote systems for decades. The questions of how these systems can be built in a trustworthy manner and how their security properties can be understood are given fresh impetus by recent hardware developments‚ allowing a fuller‚ more general‚ exploration of the possibilities than has previously been seen in the literature. Drawing on and consolidating the disparate strains of research‚ technologies and methods employed throughout the adaptation of confidential computing‚ we present a novel‚ dedicated Confidential Remote Computing (CRC) model. CRC proposes a compact solution for next−generation applications to be built on strong hardware−based security primitives‚ control of secure software products' trusted computing base‚ and a way to make correct use of proofs and evidence reports generated by the attestation mechanisms. The CRC model illustrates the trade−offs between decentralisation‚ task size and transparency overhead. We conclude the paper with six lessons learned from our approach‚ and suggest two future research directions.
Details about CRC: Fully General Model of Confidential Remote Computing | BibTeX data for CRC: Fully General Model of Confidential Remote Computing | DOI (10.48550/arXiv.2104.03868) | Link to CRC: Fully General Model of Confidential Remote Computing
Managing confidentiality leaks throughprivate algorithms on Software Guard eXtensions (SGX) enclaves: Minimised TCB on secret−code execution with Early Private Mode (EPM)
K.A. Küçük‚ D. Grawrock and A.P. Martin
In EURASIP Journal on Information Security‚ Recent Advances in Software Security. Produced: 2017−2018. Received: 21 October 2018. Accepted: 03 May 2019. Published: 05 September 2019. Springer Nature.. 2019.
Many applications are built upon private algorithms‚ and executing them in untrusted‚ remote environments poses confidentiality issues. To some extent‚ these problems can be addressed by ensuring the use of secure hardware in the execution environment; however‚ an insecure software−stack can only provide limited algorithm secrecy. This paper aims to address this problem‚ by exploring the components of the Trusted Computing Base (TCB) in hardware−supported enclaves. First‚ we provide a taxonomy and give an extensive understanding of trade−offs during secure enclave development. Next‚ we present a case study on existing secret−code execution frameworks; which have bad TCB design due to processing secrets with commodity software in enclaves. This increased attack surface introduces additional footprints on memory that breaks the confidentiality guarantees; as a result‚ the private algorithms are leaked. Finally‚ we propose an alternative approach for remote secret−code execution of private algorithms. Our solution removes the potentially untrusted commodity software from the TCB and provides a minimal loader for secret−code execution. Based on our new enclave development paradigm‚ we demonstrate three industrial templates for cloud applications: ① computational power as a service‚ ② algorithm querying as a service‚ and ③ data querying as a service. Keywords: Trusted Computing Base (TCB)‚ Software Guard eXtensions (SGX) Enclave‚ Private Algorithms‚ Secret−Code Execution (SCE)‚ Algorithm Owner (AO)‚ Hardware Owner (HO)‚ Data Owner (DO)‚ Enclave Developer’s (ED) Responsibilities‚ Side−Channels‚ Early Private Mode (EPM)‚ Protected Code Creator (PCC)‚ Protected Code Loader (PCL)‚ Internal Enclave Functions (IEF)‚ Public Internal Enclave Functions (PIEF)‚ Serialised Secret Internal Enclave Functions (SSIEF).
Details about Managing confidentiality leaks throughprivate algorithms on Software Guard eXtensions (SGX) enclaves: Minimised TCB on secret−code execution with Early Private Mode (EPM) | BibTeX data for Managing confidentiality leaks throughprivate algorithms on Software Guard eXtensions (SGX) enclaves: Minimised TCB on secret−code execution with Early Private Mode (EPM) | DOI (10.1186/s13635-019-0091-5) | Link to Managing confidentiality leaks throughprivate algorithms on Software Guard eXtensions (SGX) enclaves: Minimised TCB on secret−code execution with Early Private Mode (EPM)
Exploring the use of Intel SGX for Secure Many−Party Applications
K.A. Küçük‚ A. Paverd‚ A. Martin‚ N. Asokan‚ A. Simpson and R. Ankele
In Proceedings of the 1st Workshop on System Software for Trusted Execution (SysTEX '16). New York‚ NY‚ USA. 2016. ACM.
The theoretical construct of a Trusted Third Party (TTP) has the potential to solve many security and privacy challenges. In particular‚ a TTP is an ideal way to achieve secure multiparty computation—a privacy−enhancing technique in which mutually distrusting participants jointly compute a function over their private inputs without revealing these inputs. Although there exist cryptographic protocols to achieve this‚ their performance often limits them to the two−party case‚ or to a small number of participants. However‚ many real−world applications involve thousands or tens of thousands of participants. Examples of this type of many−party application include privacy−preserving energy metering‚ location−based services‚ and mobile network roaming. Challenging the notion that a trustworthy TTP does not exist‚ recent research has shown how trusted hardware and remote attestation can be used to establish a sufficient level of assurance in a real system such that it can serve as a trustworthy remote entity (TRE). We explore the use of Intel SGX‚ the most recent and arguably most promising trusted hardware technology‚ as the basis for a TRE for many−party applications. Using privacy−preserving energy metering as a case study‚ we design and implement a prototype TRE using SGX‚ and compare its performance to a previous system based on the Trusted Platform Module (TPM). Our results show that even without specialized optimizations‚ SGX provides comparable performance to the optimized TPM system‚ and therefore has significant potential for large−scale many−party applications.
Details about Exploring the use of Intel SGX for Secure Many−Party Applications | BibTeX data for Exploring the use of Intel SGX for Secure Many−Party Applications | DOI (10.1145/3007788.3007793) | Link to Exploring the use of Intel SGX for Secure Many−Party Applications
Applying the Trustworthy Remote Entity to Privacy−Preserving Multiparty Computation: Requirements and Criteria for Large−Scale Applications
R. Ankele‚ K.A. Küçük‚ A.P. Martin‚ A.C. Simpson and A. Paverd
In Proceedings of the 13th IEEE International Conference on Advanced and Trusted Computing (ATC 2016). 2016.
The significant improvements in technology that have been seen in recent years have resulted in a shift in the computing paradigm: from isolated computational tasks to distributed tasks executed in multi−party settings. Secure Multi−Party Computation (MPC) allows for multiple parties to jointly compute a function on their private inputs. Unfortunately‚ traditional MPC algorithms are inefficient in the presence of a large number of participants. Moreover‚ in the traditional setting‚ MPC is only concerned with privacy of the input values. However‚ there is often a need to preserve the privacy of individuals on the basis of the output of the computation. Techniques proposed by the Trusted Computing community have shown promise in the context of new secure‚ efficient large−scale applications. In this paper‚ we define‚ analyse several use cases related to large−scale applications of the MPC paradigm. From these use cases‚ we derive requirements‚ criteria to evaluate certain MPC protocols used for large−scale applications. Furthermore‚ we propose the utilisation of a Trustworthy Remote Entity‚ privacy−preserving algorithms to achieve confidentiality‚ privacy in such settings.
Details about Applying the Trustworthy Remote Entity to Privacy−Preserving Multiparty Computation: Requirements and Criteria for Large−Scale Applications | BibTeX data for Applying the Trustworthy Remote Entity to Privacy−Preserving Multiparty Computation: Requirements and Criteria for Large−Scale Applications | DOI (10.1109/UIC-ATC-ScalCom-CBDCom-IoP-SmartWorld.2016.0077) | Link to Applying the Trustworthy Remote Entity to Privacy−Preserving Multiparty Computation: Requirements and Criteria for Large−Scale Applications