Hardware-Assisted Security: From PUF to SGX

摘要

Protecting modem software with hardware-based security is becoming increasingly more important in practice. We are witnessing this trend through recent developments in the processor technology such as Intel's SGX and AMD's SEV. Moreover, veteran hardware-based security technologies such as Physically Unclonable Functions (PUFs), Trusted Platform Modules (TPM) and ARM's TrustZone are still evolving. However, all these solutions suffer from various shortcomings: they are afterthought and ad-hoc, require strong trust in manufacturers or their involvement, not accessible to third party developers, not scalable, or vulnerable to side-channel or runtime attacks. On the other hand, academic research has aimed at addressing some of these problems in the recent past by providing various security architectures such as AEGIS, Bastion, Sanctum, Sancus, TrustLite, TyTAN, to name some. Unfortunately, these solutions have not found their way into practice yet. This talk summarizes some of the recent hardware-assisted security technologies, discusses their strengths and deficiencies and future directions.