Master Thesis: Provable Destruction of Confidential Computing Environments - Under tillsättning eller tillsatt, ej sökbar

Background
Recent advancements in platform security, standardization and software development enable radical improvements in the security and privacy of cloud data and workloads. This allows to create isolated, verifiable and user-controlled confidential computing environments that radically alter the trust relationship between customer businesses and cloud service providers. Platform vendor technologies such as Intel TDX, and AMD SEV and IBM PEF allow launching virtual machines with encrypted memory that can be remotely attested by users. This enables more businesses to migrate their data, processing, or the entire software stack to cloud premises, while significantly reducing related risks and simplifying compliance. Combined with other Privacy Enhancing Technologies, confidential computing enables new business models for data and workload collaboration. However, existing gaps in the protocol stack and tooling slow down the wider adoption of confidential computing in cloud settings.

Objectives
Project Smart och Säkert (SOS) protects the security and privacy of IoT data stored and processed in public clouds. SOS leverages hardware security support in commodity platforms (AMD SEV/Intel TDX/IBM PEF) to protect IoT automation applications, while providing strong security and privacy guarantees about the data and workloads being deployed. An important outstanding challenge is the provable destruction of the confidential computing environments once the workload has been executed.

The thesis includes the following objectives:

• Review existing approaches to confidential enclave deployment and destruction;
• Identify gaps, vulnerabilities and potential attacks resulting from missing or incomplete enclave destruction mechanisms.
• Where necessary, design a mechanism for provable / verifiable enclave destruction;
• Provide a prototype implementation and a written report on the findings.

Implementation on x86 platforms, with a potential to also examine POWER9 and POWER10 server platforms. A successful project could lead to a valuable open-source contribution and an academic publication presented at a prestigious conference or workshop.

 Terms

• Recruiting manager: Fatemeh Rahimian, PhD
• Industry supervisor: Nicolae Paladi, PhD 
• Division, department: Digital Systems division, Computer Science department
• Location: RISE Computer Science, Kista, Stockholm
• Application deadline: December 15th 2021
• Starting date: As soon as possible, not later than December 15th 2021.
• Credits: 30 points
• Compensation: 30 000 SEK upon a successful completion of a high-quality thesis.

Candidate profile:
We expect you to have good programming skills in: C, Python and Rust + UNIX skills. Furthermore, you have an interest in operating systems, virtualization, cloud computing, systems security and cryptography. Solid oral and written English skills are required.

Welcome with your application!
For questions and more information, please contact recruiting manager Fatemeh Rahimian, PhD, 010-2284375. Send in your application as soon as possible, by December 15th 2021 at the latest. Applications will be reviewed on a rolling basis. Applications should include:

• Your CV with your education, professional experience and specific skills
• A written report you authored or co-authored for a university level course.
• Samples of previous programming or other relevant projects.
• Recent grades (academic transcript).