< Back to previous page

Project

Actors you can trust: a high-level language abstraction for remote attestation and how to securely compile it (FWOAL955)

The 2018 Verizon Data Breach Investigations Report shows that in
2018 alone there were over 53,000 incidents and 2,216 confirmed
data breaches. For preventing many of these attacks, it would help if distributed components of the system were able to trust remote components which they communicate with. Ideally, components would be able to reliably verify that a remote component is a trusted program, which was initialized in a valid state and has not been tampered with since. Establishing such trust between distributed components is the purpose of a feature called remote attestation. Essentially, the idea is to include trusted hardware in computers, which can attest the identity and valid initial state of the software running on the computer. Such hardware is becoming widely available and is included in almost all modern laptops and computers under the form of either Intel’s SGX or ARM TrustZone. While hardware support for remote attestation is increasingly widespread, writing software that applies it for secure distributed computing is still very difficult. The goal of this project is to develop novel high-level language abstractions for remote attestation together with secure compiler technology, which will not just improve the state of the art
for implementing applications that use remote attestation, but also contribute a new security model for actor languages and broaden their applicability
Date:1 Jan 2020 →  1 Oct 2021
Keywords:computer system
Disciplines:Computational logic and formal languages, Computer system security, Distributed systems, Language design, constructs and features, Programming languages and technologies