Anmerkungen:
Diese Datenquelle enthält auch Bestandsnachweise, die nicht zu einem Volltext führen.
Beschreibung:
Our lives today rely on the secure operation of computers in a diverse set of sectors, from energy to medicine. However, today's computers execute software bloated with complexity. Their large codebases provide a rich and versatile system, but most functionalities are often not needed in their target applications. This increases the trusted computing base (TCB) – the software and hardware that needs to be trusted for the system to work correctly. A large TCB is undesirable, as it gives attackers a higher likelihood to find and exploit vulnerabilities. Most of this complexity comes from the system software, that is, the operating system (OS) and the hypervisor. Despite this, the system software's codebase cannot generally be removed from the TCB, as it executes with the highest privileges. Thanks to additional hardware primitives, Trusted Execution Environments (TEEs) break this paradigm, allowing even system software to be removed from the TCB. Most CPU manufacturers and architectures support some form of TEE: they can be found on Intel and AMD CPUs, as well as on ARM and RISC-V architectures. Their advent is promising, as they aim to let applications operate securely both when the (more privileged) system software is malicious and when a physical attacker can tamper with the system. Arguably, however, the guarantees that can be provided against such a strong and privileged attacker are not fully understood and often lead to TEE designs that make compromises invalidating the protections that they aim to provide. For example, previous work shows that the OS can abuse the CPU memory management interface to get notified when the TEE accesses attacker-specified memory regions, breaking data confidentiality. Understanding the capabilities of privileged attackers thus leads to more accurate designs and a more secure computing environment for everyone. In this thesis, we contribute to the efforts of understanding the capabilities of privileged attackers in the context of TEEs in four main directions. First, we develop ...