Enhancing security of networked systems by leveraging commoditized trusted execution environment technology = 상용 신뢰 실행 환경 기술을 활용한 네트워크 시스템의 보안성 강화

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 35
  • Download : 0
A rapid and steady development of cloud computing and network function virtualization (NFV) makes various security services running on the cloud platform to utilize powerful resources in terms of computation and storage. However, this trend introduces new attack surface to security applications running on the cloud platform as an attacker takes full control over the privilege software once the cloud is compromised. Meanwhile, signi cant progress in hardware-based protection and security have also made into the market. The radical development of hardware-based protection gives new opportunities to address the new threats. However, there exists a fundamental problem to leverage recent hardware-based technologies: It takes long time until the complete deployment of the new TEE technology. This dissertation answers the key question: what can we do for each TEE deployment stage to enhance the security of legacy networked systems? In this dissertation, we argue that an appropriate methodology of building software counterparts of hardware-based protection for each deployment stage helps researchers to establish a pioneer design of secure networked systems. To substantiate our claim, we systematically explore the possibility of leveraging a recent hardware-based TEE technology, Intel SGX, and splits it into four di erent phases. First, we propose a proof-of-concept simulation to explore new design space and functionalities of TEE-based networked system. As a showcasing example, we demonstrate practical implications on path computation of SGX-enabled SDN-based inter-domain routing. Second, we build an SGX emulation framework, called OpenSGX, and perform a system emulation to get performance and implementation implications. We show that OpenSGX enables to qualify an engineering e ort and for building non-trivial applications, Tor anonymity network. In addition, we design and implement a SGX-Tor, a Tor running on top of real hardware, to characterize performance overhead and evaluate its practicality. Finally, we leverage a recent optimization technique to improve the performance of SGX-enabled middleboxes. In summary, this dissertation demonstrates that it is possible to proactively adopt hardware-based TEE on networking to address security and privacy issues by developing a proper software counterparts during the deployment cycle.
Advisors
Han, Dongsuresearcher한동수researcher
Description
한국과학기술원 :정보보호대학원,
Publisher
한국과학기술원
Issue Date
2019
Identifier
325007
Language
eng
Description

학위논문(박사) - 한국과학기술원 : 정보보호대학원, 2019.2,[viii, 134 p. :]

Keywords

Network security▼atrusted execution environment▼aintel SGX▼asoftware-defined inter-domain routing▼ator network; 네트워크 보안▼a신뢰 실행 환경▼a인텔 SGX 기술▼a소프트웨어 정의 기반 도메인 간 라우팅▼a토어 네트워크

URI
http://hdl.handle.net/10203/265369
Link
http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=842416&flag=dissertation
Appears in Collection
IS-Theses_Ph.D.(박사논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0