New Software Abstractions For Hardware Security Technology

About The Workshop

This workshop will focus on the open challenges in software systems research related to new hardware security technologies. We will explore new ideas and strategies for how to create abstractions, methodologies, platforms and building blocks that will enable a new generation of trustworthy and secure software systems based on hardware security technologies. Thereby devising new secure applications and system software from scratch as well as extending and securing existing legacy applications will be addressed.

Where

Monte Verità
Ascona (Switzerland)

When

1-4 October, 2023

Organisers

Prof. Pascal Felber
Dr Marcelo Pasin
Dr Valerio Schiavoni
Université de Neuchâtel, CH

Prof. Peter Pietzuch
Imperial College London, UK

Prof. Christof Fetzer
TU Dresden, DE

Prof. Rüdiger Kapitza
FAU Erlangen-Nürnberg, DE

Dr Raoul Strackx
Fortanix Eindhoven, NL

Focus of the Workshop

Our society relies on software in mobile phones, cloud computing systems, personal computers and critical distributed infrastructure. While the dependency on software has exploded, our ability to make software trustworthy, secure, and dependable has not kept pace. Security vulnerabilities, ransomware, malware, software faults, privacy compromises are regular occurrences.

Over the last decades, important security features such as different privilege levels have been widely deployed. Programming languages have been developed that avoid common low-level security issues. Yet despite these security measures, the world still loses billions of euros per year due to cyber-attacks. As the pandemic has struck, employees were forced to work from home, and an even bigger part of our daily lives takes place in cyberspace. Unfortunately, criminals have adapted as well. Interpol has issued a warning that “cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19”. Many of these problems originate from placing trust in untrustworthy code bases. Even when applications are developed carefully, they still rely on an operating system (OS) kernel with millions of lines of code that is implemented in a memory unsafe language. A single vulnerability in the OS kernel puts the security of all application code running on top at risk. Given the sheer sizes of modern software stacks, it is unlikely that these code bases can ever be trusted completely.

To rise to this challenge, hardware is evolving, and modern processors include new hardware security features. For example, secure boot support ensures that software is guaranteed a trustworthy environment; trusted execution environments (TEEs) allow the hardware to protect computation from malicious actors; and hardware capability support prevents unauthorized memory accesses by software. These new hardware features pose unprecedented challenges for the software stack, from low-level firmware to hypervisors and OS kernels, middleware, and all the way to applications.

For example, instead of trying to defend the entire system, hardware support for TEEs focuses on protecting sensitive data during computation. TEEs enable the creation of enclaves that contain trustworthy code and data. The OS kernel creates and schedules enclaves, but itself is not trusted. The processor hardware verifies and maintains the integrity of enclaves and ensures that execution can only transition to them via proper entry points. The isolation properties of TEEs allow programmers to reason about the security of their applications without loss of generality. Security vulnerabilities due to programming mistakes will still exist, but attacks can be mitigated using the isolation guarantees of TEEs. These strong security properties make hardware security mechanisms a key measure for trustworthy software.

Various hardware security mechanisms have been proposed in academia and industry, ranging from hardware implementations such as Flicker, Sancus and TyTAN, hardware support for memory capabilities, such as CHERI, to platforms that adopt trustworthy hypervisors such as TrustVisor and Fides. All mainstream hardware manufactures, including Intel, AMD, ARM and IBM, have either already launched hardware security mechanisms or have plans in the pipeline. This workshop will focus on the open challenges in software systems research related to new hardware security technologies. We will explore new ideas and strategies for how to create abstractions, methodologies, platforms and building blocks that will enable a new generation of trustworthy and secure software systems based on hardware security technologies. Thereby devising new secure applications and system software from scratch as well as extending and securing existing legacy applications will be addressed. Our goal is to develop a roadmap that will inspire the systems security research community and industry to build new secure software systems.

The Manifesto

This workshop results in a manifesto which discusses the current state and future of confidential computing. It highlights the growing reliance on software in various domains and the corresponding increase in cyber threats. We notably emphasis the role of hardware security technologies, such as Trusted Execution Environments (TEEs) in protecting sensitive data and applications. It also covers recent advances in hardware security mechanisms by major manufacturers and presents a roadmap for future research and development in this area.

A draft version of the manifesto is available to download here.

Workshop Speakers

Aritra Dhar (Huawei Research Zurich, Switzerland)
Benny Fuhry (Intel Labs, Germany)
Christof Fetzer (TU Dresden, Germany)
Dominique Devriese (KU Leuven, Belgium)
Edouard Bugnion (EPF Lausanne, Switzerland)
Giovanni Mazzeo (Credora, USA & U Naples "Parthenope", Italy)
Herbert Bos (VU Amsterdam, Netherlands)
Hugo Vincent (Arm Research Cambridge, UK)
Mona Vij (Intel Labs, USA)
Nuno Santos (IST/INESC-ID Lisbon, Portugal)
Onur Mutlu (ETH Zurich, Switzerland)
Osman Unsal (Barcelona Supercomputing Center, Spain)
Patrick Eugster (USI Lugano, Switzerland)
Peter Pietzuch (Imperial College London, UK)
Quoc Do Le (Huawei Research Munich, Germany)
Raoul Strackx (Fortanix Eindhoven, Netherlands)
Rüdiger Kapitza (FAU Erlangen-Nuremberg, Germany)
Stuart Biles (AMD Research Cambridge, UK)
Thanikesavan Sivanthi (ABB Research Baden-Dättwil, Switzerland)
Wojciech Ozga (IBM Research Zurich, Switzerland)

Program

04:00 PM

Arrival of the participants

06:30 PM

Welcome reception

07:30 PM

Dinner

07:30 AM

Breakfast

08:30 AM

Introduction by organisers and presentation of participants

10:00 AM

Coffee break

10:30 AM

Attacks & mitigations

Herbert Bos (VU Amsterdam, Netherlands)
Leaky abstractions and separation of concerns
Onur Mutlu (ETH Zurich, Switzerland)
Securing the memory system: The story of RowHammer
Dominique Devriese (KU Leuven, Belgium)
Formalizing, verifying and applying ISA security guarantees as universal contracts
Wojciech Ozga (IBM Research Zurich, Switzerland)
Formally proven TEE implementation on RISC-V

12:30 PM

Lunch

02:00 PM

Hardware technologies

Peter Pietzuch (Imperial College London, UK)
Trustworthy cloud stacks with hardware memory capabilities using CHERI
Osman Unsal (Barcelona Supercomputing Center, Spain)
Interplay between security and fault tolerance
Quoc Do Le (Huawei Research Munich, Germany)
Towards running legacy applications inside Huawei Qingtian enclaves
Stuart Biles (AMD Research Cambridge, UK)
Perspectives and focus on security from AMD Research and Advanced Development

04:00 PM

Coffee break

04:30 PM

Hardware technologies (cont'd) — hybrid session

Mona Vij (Intel Labs, USA)
Pervasive confidential computing — online presentation
Benny Fuhry (Intel Labs, Germany)
TDX deep dive
Hugo Vincent (Arm Research Cambridge, UK)
Arm CCA (and why you can trust it)

07:30 PM

Dinner

09:00 PM

Mentoring moments for young researchers

(elective)

07:30 AM

Breakfast

08:30 AM

OS/runtime support

Edouard Bugnion & Charly Castes (EPF Lausanne, Switzerland)
Creating trust by abolishing privileges
Patrick Eugster (USI Lugano, Switzerland)
Security policies for mediating between security mechanisms and guarantees
Raoul Strackx (Fortanix Eindhoven, Netherlands)
Fortanix EDP: Developing enclaves for the confidential computing era

10:00 AM

Coffee break

10:30 AM

Tools and applications

Nuno Santos (IST/INESC-ID Lisbon, Portugal)
ReZone: Restructuring TEEs for enhanced security on Arm platforms
Christof Fetzer (TU Dresden, Germany)
Using confidential computing for protecting data, code and secrets of applications
Aritra Dhar (Huawei Research Zurich, Switzerland)
Confidential computing for the next-generation data centers
Rüdiger Kapitza (FAU Erlangen-Nuremberg, Germany)
Securing the Internet Computer blockchain with confidential computing

12:30 PM

Lunch

02:00 PM

Industry perspective

Giovanni Mazzeo (Credora, USA & U Naples "Parthenope", Italy)
The road to verifiable TEE-as-a-service models, where we are and where we are headed
Thanikesavan Sivanthi (ABB Research Baden-Dättwil, Switzerland)
Cyber security challenges of industrial automation systems

03:00 PM

Breakout sessions

"The next big thing in confidential computing ...in the next 2 years? ...in the next 10 years?"
Toward a common manifesto

04:00 PM

Leisure time

May organise a hike, visit of Ascona, etc.

19:00 PM

Social dinner

Location: Grotto Broggini
Sponsored by Fortanix

07:30 AM

Breakfast

08:30 AM

Short presentations by participants

(elective)

10:00 AM

Coffee break

10:30 AM

Short presentations (cont'd)

(elective)

11:30 AM

Closing session

Wrap-up and perspectives
Next steps toward a common manifesto

12:00 PM

Lunch

01:00 PM

Departure of the participants

Event Venue

Congressi Stefano Franscini Center
Strada Collina 84
6612 Ascona (Switzerland)

View Larger Map

Fondazione Monte Verità, Switzerland

The workshop will take place at the Congressi Stefano Franscini Center located at Monte Verità, Ascona, Switzerland, on a very green hill with amazing views of both mountains and Lake Maggiore, from Sunday October 1^st and end on Wednesday October 4^th (after lunch). Having a long history as a place for meetings, discussions and socialising, Monte Verità boasts years of experience in running seminars and medium-sized rconferences. Since 1989, it has housed the center Congressi Stefano Franscini, which in turn draws thousands of top researchers from all over the world to Monte Verità every year.

Getting to the venue

You can fly to the following cities or reach them by train:

Zürich

Take a train from Zürich Airport (Zürich Flughafen) train station to Locarno.

Geneva

Take a train from Geneva Airport train station to Locarno.

Basel

Take a train from Basel Airport (Basel EuroAirport) train station to Locarno.

Milan

Additional information to reach Locarno from Milan is provided on the ETHZ CSF website.

You can find train connections to Locarno on the SBB website.

On arrival in Locarno train station you can reach the conference venue as follows:

Free shuttle bus

There will be a free shuttle bus between Locarno and Monte Verita on the arrival and departure days. The shuttle bus stops next to the end of platform 4 (close to where public transport is leaving). Look for the white bus with the Monte Verità logo.

On arrival day (Sunday), the shuttle bus will run every 40 minutes from 14:40 to 18:00 according to the following schedule: 14:40 (first run), 15:20, 16:00, 16:40, 17:20, 18:00 (last run). Note that rooms will be available from 15:00.

On departure day (Wednesday), the shuttle bus will run every 40 minutes from 12:55 to 16:15 according to the following schedule: 12:55 (first run), 13:35, 14:15, 14:55, 15:35, 16:15 (last run).

Public bus

Take bus no. 1 from Locarno railway station to the bus stop "Ascona Centro" (duration: 15 - 20 minutes). Then take the bus no. 5 "Buxi" at the bus stop Autosilo Ascona line 1 to Monte Verità ((duration: 8 minutes)). The bus stop is at the other side of the Coop supermarket.

Please refer to the corresponding timetables of the lines no. 1 and no. 5

Please note that the timetables of bus line no. 1 are different for Monday - Saturday (Lunedì - Sabato e feriali) and for Sundays and holidays (Domenica e festivi).

The bus line no. 5 runs irregularly and cash payment is mandatory. From the bus stop "Ascona Autosilo" you can also reach Monte Verità in 25 - 30 minutes on foot (follow the "Strada Collina") or by taxi located next to the Autosilo Ascona.

Taxi

Various taxis are available at Locarno railway station. The company "EcoTaxsi" usually has a slightly lower price, reservation required: +41 91 792 21 01 or 0800 321 321 (free call from Swiss numbers) or via Skype. The ride takes about 15 minutes and costs about CHF 40.00.