SHinE: Secure Hardware in Effect

Abstract

Short work statementThe proposed research will develop a new set of high-level abstractions be presented to programmers of platforms that have trusted hardware. These new abstractions instantiates functionality from the UC (Universal Composibility) model that theoretical cryptographers have been using to describe clean, abstract, general-purpose building blocks forcryptographic protocols. One underlying theme of UC is a trusted third party. Assuming that a trusted third party exists simplifies the design of protocols considerably. So the challenge, and the central question this proposal addresses, is understanding (i) how to use trusted hardware in order to simulate a trusted third party, (ii) how to do this correctly and in a way that is transparent to programmers, and (iii) what is the set of abstract functions to package and make available to programmers of secure systems, along with (iv) the reasoning framework for evaluating the security of theoverall composition.ObjectiveThe proposed project aims to ease the programming and usage of trusted hardware available in modernmicroprocessor platforms by introducing a new set of high-level abstractions to programmers. These new abstractions would instantiate functionality from the UC (Universal Composibility) model that theoretical cryptographers have been using to describe clean, abstract, general-purpose building blocks for cryptographic protocols.ApproachThe proposed research takes a new look at employing special-purpose, trusted hardware in systems. It is a practical and important research area, because increasingly this kind of hardware is found in standard microprocessors. The socalled TPM (Trusted Platform Module) is one example; recently, Intel announced the SGX extensions for its standard x86 processor family; ARM also has announced their packaging, called TrustZone. Until now, however, programmersthat use trusted hardware have been forced into mastering low-level and architecture dependent interfaces. Moreover, the functionality provided by today~s trusted hardware tends to be esoteric, and it is easy for programmers to make mistakes when using it. Another notable pitfall of the existing approach is the lack of formal rigor in the usage of trustedhardware. Current ad-hoc approaches are simply untenable in the design of large, complex secure systems, and leads to overlooked assumptions and unintended behaviors and vulnerabilities.Prof. Shi is proposing that a new set of high-level abstractions be presented to programmers of platforms that have trusted hardware. These new abstractions would instantiate functionality from the UC (Universal Composibility) model that theoretical cryptographers have been using to describe clean, abstract, general-purpose building blocks for cryptographic protocols. One underlying theme of UC is a trusted third party. Assuming that a trusted third party existssimplifies the design of protocols considerably. So the challenge, and the central question this YIP proposaladdresses, is understanding (i) how to use trusted hardware in order to simulate a trusted third party, (ii) how to do this correctly and in a way that is transparent to programmers, and (iii) what is the set of abstract functions to package and make available to programmers of secure systems, along with (iv) the reasoning framework for evaluating the securityof the overall composition.Overall merits & ONR mission relevanceThe proposed research takes a new look at employing special-purpose, trusted hardware in systems. It is a practically important research area, because increasingly this kind of hardware is found in standard microprocessors. If successful, this research will provide library of functions and security reasoning environment for formally constructing trustworthy applications/software by utilizing trusted hardware. Such trustworthy application will be essential for criticalnaval cyber infrastructure and applications.

Document Details

Document Type

DoD Grant Award

Publication Date

Sep 23, 2016

Source ID

N000141612726

Entities

Tags