Background
Recent advancements in platform security, standardization and software development enable radical improvements in the security and privacy of cloud data and workloads. This allows to create isolated, verifiable and user-controlled confidential computing environments that radically alter the trust relationship between customer businesses and cloud service providers. Platform vendor technologies such as Intel SGX, Intel TDX, and AMD SEV and IBM PEF, etc. allow launching trusted execution environments whose security can be remotely verified by users. This enables more businesses to migrate their data, processing, or the entire software stack to cloud premises, while significantly reducing related risks and simplifying compliance. Combined with other Privacy Enhancing Technologies, confidential computing enables new business models for data and workload collaboration. However, existing gaps in the protocol stack and tooling slow down the wider adoption of confidential computing in cloud settings.

Objectives
Project Smart och Säkert (SOS) protects the security and privacy of IoT data stored and processed in public clouds. SOS leverages hardware security support in commodity platforms (AMD SEV/Intel SGX) to protect IoT automation applications, while providing strong security and privacy guarantees about the data and workloads being deployed. An important outstanding challenge is the provable destruction of the confidential computing environments once the workload has been executed.

The thesis includes the following objectives:

  • Review existing support for deploying IoT automation platforms in confidential computing environments;
  • Deploy a common IoT automation platform in Intel SGX enclaves (Node-RED);
  • Implement memory protection mechanisms to defend against side-channel attacks;
  • Investigate secure enclave destruction;
  • Implement and evaluate a prototype and provide a written report on the findings.

Implementation on x86 platforms. A successful project could lead to a valuable open-source contribution and an academic publication presented at a prestigious conference or workshop.

 Terms

  • Recruiting manager: Fatemeh Rahimian, PhD.
  • Industry supervisor: Nicolae Paladi, PhD.
  • Division, department: Digital Systems division, Computer Science department.
  • Location: RISE Computer Science, Kista, Stockholm.
  • Application deadline: December 15th, 2021.
  • Starting date: As soon as possible, not later than December 1st, 2021.
  • Credits: 30 points.
  • Compensation: 30 000 SEK upon a successful completion of a high-quality thesis.

Candidate profile:
We expect you to have good programming skills in: C, Python and Rust + UNIX skills. Furthermore, you have an interest in operating systems, virtualization, cloud computing, systems security and cryptography. Solid oral and written English skills are required.

Welcome with your application!
For questions and more information, please contact recruiting manager Fatemeh Rahimian, PhD, 010-2284375. Send in your application as soon as possible, by December 15th, 2021 at the latest. Applications will be reviewed on a rolling basis. Applications should include:

  • Your CV with your education, professional experience and specific skills
  • A written report you authored or co-authored for a university level course.
  • Samples of previous programming or other relevant projects.
  • Recent grades (academic transcript).
Tillträde December 1st, 2021
Ort Kista
Län Stockholms län
Land Sverige
Referensnummer 2021/461
Kontakt
  • Fatemeh Rahimian, +46 10 228 43 75
Sista ansökningsdag 2021-12-15

Tillbaka till lediga jobb