Jan Tobias Mühlberg
Université libre de Bruxelles (Belgium)
Time and Availability in Dependable Systems Engineering
Modern processors can provide strong security guarantees in distributed systems specifically when protecting software in Trusted Execution Environments (TEEs) such as Intel SGX, AMD SEV, or ARM TrustZone, which can even protect embedded software in the IoT or in critical control systems.
Measuring the passage of time and taking actions based on such measurements is a common safety and security-critical operation in many of these systems. Yet, few TEEs (or processor architectures in general) combine security with real-time processing and availability, and provide hard guarantees on the timeliness of code execution. A key difficulty here is that critical code often executes within an effectively untrusted environment -- and embedded operating system and potentially other applications -- which can influence expectations on time and progress. In this talk, I will present our research on categorising approaches to tracking the passage of time in, highlighting the respective dependability guarantees.
Focusing first on the popular Intel SGX architecture, we analyse to what extend time can be securely measured and utilised to maintain notions of dependability that include system safety in the presence of strong attacker. We then broaden the scope to other popular trusted computing solutions, including solutions for embedded systems, and list common applications for each notion of time and progress, concluding that not every use case requires an accurate access to real-world time.
Following this, I will present a configurable embedded security architecture that provides a notion of guaranteed real-time execution for dynamically loaded enclaves. We implement preemptive multitasking and restricted atomicity on top of strong enclave software isolation and attestation. Our approach allows the hardware to enforce confidentiality and integrity protections, while a decoupled small enclaved scheduler software component can enforce availability and guarantee strict deadlines of a bounded number of protected applications, without necessarily introducing a notion of priorities amongst these applications.
Jan Tobias is specifically interested in societal aspects of security and privacy in dependable systems, in trusted execution environments, and in security architectures for safety-critical embedded systems. Before joining ULB, Jan Tobias worked as a research manager at KU Leuven (BE), a researcher at the University of Bamberg (DE), obtained a Ph.D. from the University of York (UK) and worked as a researcher at the University of Applied Sciences in Brandenburg (DE), where he also acquired his Master’s degree in Computer Science.