Background
Advancements in platform hardware and firmware security features, industry standardisation and software developments opened for radical improvements to software service security. These advancements allow to create isolated, verifiable and user-controlled execution environments that radically reduce the amount of trust required from customer businesses towards service providers. This paves the way for new use cases: more businesses migrating their data, processing, or the entire software stack to cloud premises, or software vendors running proprietary services in confidential environments on customer premises. Confidential computing implementations such as Intel Software Guard eXtensions or AMD Secure Encrypted Virtualisation allow launching isolated confidential execution environments that can be remotely attested by users. However, existing gaps in the protocol stack and tooling slow down the wider adoption of such trusted execution environments in distributed settings.

Objectives
We are working on protecting the security and privacy of data stored and processed by IoT automation platforms in remote settings. We currently aim to leverage the latest hardware support for security features in commodity platforms (Intel SGX/TDX/MKTME, AMD SEV, IBM PEF) to enable end-users to obtain strong security and privacy guarantees about the IoT automation data that is being collected from their devices and processed on remote premises. An additional goal is to create a robust and scalable prototype.

The thesis consists of the following items:

  • Review existing protability projects for hardware support for isolated execution (Enarx/Asylo/Raksh/ libraryOS variants).
  • Introduce support for one or more IoT automation platforms in a trusted execution environment
  • Design an attestation protocol enabling end-users to obtain evidence about the security properties of the attested resources.
  • Explore protection of IoT automation data from side-channel attacks
  • Provide a prototype service implementation and a written report on the findings.

A successful project could lead to a valuable open-source contribution and a peer-reviewed publication presented at a prestigious conference or workshop. 

Terms

  • Supervisor: The master project will conducted with RISE and will be co-supervised by Nicolae Paladi, PhD and Assist. Prof. Musard Balliu (KTH).
  • Placement: Remote
  • Scope: 30 points
  • Start: Flexible, however as soon as possible
  • Compensation: 10 000 SEK upon a successful completion of the thesis.

Who are you?
We expect you to have good programming skills in: C, Rust, Node.js and JavaScript + UNIX skills and that you have an interest in virtualisation and cloud computing, security, applied cryptography and confidential computing. Good English speaking and writing are required.

Welcome with your application!
Candidates are encouraged to send in their application as soon as possible but at the latest  on May 31th, 2021. If this sounds interesting and you would like to know more, please contact Nicolae Paladi at https://www.ri.se/en/nicolae-paladi

Suitable applicants will be interviewed as applications are received. Applications should include a brief personal letter, your CV with your education, professional experience and specific skills and recent grades. In your application, make sure to provide examples of previous programming or other projects that you consider relevant for the position.

City Remote
County Ospecificerad arbetsort
Country Sweden
Reference number 2021/64
Last application date 31.May.2021 11:59 PM CEST

Return to job vacancies