Abstract

Hardware-assisted trusted execution environments (TEEs) are critical building blocks of many modern applications. However, they have a one-way isolation model that introduces a semantic gap between a TEE and its outside world. This lack of information causes an ever-increasing set of attacks on TEE -enabled applications that exploit various insecure interactions with the host OSs, applications, or other enclaves. In this talk, I will introduce Sirius, the first compartmentalization framework that achieves strong isolation and secure sharing in TEE -assisted applications by controlling the dataflows within primary kernel objects (e.g. threads, processes, address spaces, files, sockets, pipes) in both the secure and normal worlds. Sirius replaces ad-hoc interactions in current TEE systems with a principled approach that adds strong intra-address space isolation and effectively eliminates a wide range of attacks.

Bio: Zahra is PhD student in the Systems Research Group at the Cambridge University Computer Laboratory. Her research interest is operating systems, security, virtualization, and trustworthy computing. In particular, her work is centered around building systems to provide applications with strong isolation and fine-grained compartmentalization mechanisms. She did several research internships at Microsoft Research Redmond and Cambridge and received her MS degree from Indiana University Bloomington.