Project
Actors you can trust: a high-level programming language abstraction for remote attestation and secure compilation (ActorsYouCanTrust)
The 2018 Verizon Data Breach Investigations Report found that there were more than 53,000 incidents and 2,216 confirmed data breaches in 2018 alone. To prevent many of these attacks, it would help if distributed components of the system were able to trust the external components with which they communicate. Ideally, components can reliably verify that an external component is a trusted program, initialized to a valid state and not tampered with since. Establishing such trust between distributed components is the goal of a function called “remote attestation”. Essentially, the intent is to include trusted hardware in computers, which can confirm the identity and valid startup status of the software running on the computer. Such hardware is widely available and is included in almost all modern laptops and computers in the form of Intel's SGX or ARM TrustZone. While hardware support for remote attestation is becoming more common, writing software that uses it for secure distributed computing is still very difficult. The aim of this project is to develop new high-level language abstractions for remote attestation in combination with secure compiler technology in combination with a new security model for actor languages, which will broaden its applicability.