02/07/2022
By Ian Chen

Computer Science Department Virtual Colloquium on Trusted Execution Environments on Feb. 11 from 1:30 to 2:30 p.m.

Abstract: Trusted Execution Environments (TEE) are offered by the CPU to keep code and data loaded inside to be protected, with respect to confidentiality and integrity, from the Rich Execution Environment (REE). TEEs can provide a haven to execute software in security and fault isolation and also serve as a trusted anchor to detect and mitigate code reuse attacks by enforcing Control-Flow Integrity (CFI) and Control-Flow Attestation (CFA) on REE software. The hardware and software of existing embedded and IoT TEEs nevertheless have challenging issues, making the TEE-based solutions for isolation, CFI, and CFA either ineffective or inefficient. It is thus imperative to rethink the design of embedded and IoT TEEs and combine existing TEEs with overlooked hardware features, such as Debug Unit (DU), for effective and efficient software attack prevention, detection and response.

In this talk, I will first discuss our on-going project BYOTee, an infrastructure for building multiple customized and physically isolated TEEs with a configurable and minimal hardware and software TCB on commodity SoC FPGA devices. The customized TEEs can securely execute security-sensitive code inside them. I will also discuss our on-going project TeeCFIA, an efficient forward and backward edge CFI enforcement and attestation infrastructure with the Cortex-M TrustZone. TeeCFIA minimizes the number of context switches by utilizing debug units for tracing. TeeCFIA does not rely on instrumentation and can work on privileged programs, such as bare-metal firmware and RTOS.

Bio: Ziming Zhao is an Assistant Professor at the CSE Department and the director of CactiLab, University at Buffalo. His current research interests include system and software security, trusted execution environment, formal methods for security, and usable security. His research has been supported by the U.S. National Science Foundation, the U.S. Department of Defense, and the U.S. Air Force Office of Scientific Research. He is a recipient of the NSF CRII Award. His research outcomes have appeared in IEEE S&P, USENIX Security, ACM CCS, NDSS, ACM TISSEC, IEEE TDSC, IEEE TIFS, etc. He is also a recipient of best paper awards from USENIX Security 2019 and ACM CODASPY 2014. He received the Ph.D. degree in Computer Science from Arizona State University, Tempe, AZ, in 2014.

The colloquia will also be recorded. Please feel free to ask for access to all our events.