A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs
- URL: http://arxiv.org/abs/2312.00702v1
- Date: Fri, 1 Dec 2023 16:37:48 GMT
- Title: A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs
- Authors: Jämes Ménétrey, Aeneas Grüter, Peterson Yuhala, Julius Oeftiger, Pascal Felber, Marcelo Pasin, Valerio Schiavoni,
- Abstract summary: This paper introduces a novel approach using WebAssembly to address these issues.
We present the design of a portable and fully attested publish/subscribe system as a holistic approach.
Our experimental results showcase most overheads, revealing a 1.55x decrease in message throughput when using a trusted broker.
- Score: 2.0198678236144474
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Publish/subscribe systems play a key role in enabling communication between numerous devices in distributed and large-scale architectures. While widely adopted, securing such systems often trades portability for additional integrity and attestation guarantees. Trusted Execution Environments (TEEs) offer a potential solution with enclaves to enhance security and trust. However, application development for TEEs is complex, and many existing solutions are tied to specific TEE architectures, limiting adaptability. Current communication protocols also inadequately manage attestation proofs or expose essential attestation information. This paper introduces a novel approach using WebAssembly to address these issues, a key enabling technology nowadays capturing academia and industry attention. We present the design of a portable and fully attested publish/subscribe middleware system as a holistic approach for trustworthy and distributed communication between various systems. Based on this proposal, we have implemented and evaluated in-depth a fully-fledged publish/subscribe broker running within Intel SGX, compiled in WebAssembly, and built on top of industry-battled frameworks and standards, i.e., MQTT and TLS protocols. Our extended TLS protocol preserves the privacy of attestation information, among other benefits. Our experimental results showcase most overheads, revealing a 1.55x decrease in message throughput when using a trusted broker. We open-source the contributions of this work to the research community to facilitate experimental reproducibility.
Related papers
- Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - Building Trust in Data for IoT Systems [0.0]
This paper proposes a novel solution with the proper protocols to provide Trust in Data.
IOTA Distributed Ledger Technology and the Trusted Platform Module are used.
The paper concludes with a Proof-of-Concept implementation and an experimental evaluation to confirm its feasibility and to assess the achievable performance.
arXiv Detail & Related papers (2024-03-04T17:14:08Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - A Universal System for OpenID Connect Sign-ins with Verifiable
Credentials and Cross-Device Flow [4.006745047019997]
Self-Sovereign Identity (SSI) is a new and promising identity management paradigm.
We propose a comparatively simple system that enables SSI-based sign-ins for services that support the widespread OpenID Connect or OAuth 2.0 protocols.
arXiv Detail & Related papers (2024-01-16T16:44:30Z) - Establishing Dynamic Secure Sessions for ECQV Implicit Certificates in Embedded Systems [0.0]
We present a design that utilizes the Station to Station (STS) protocol with implicit certificates.
We show that with a slight computational increase of 20% compared to a static ECDSA key derivation, we are able to mitigate many session-related security vulnerabilities.
arXiv Detail & Related papers (2023-11-19T22:40:21Z) - A Lightweight and Secure PUF-Based Authentication and Key-exchange Protocol for IoT Devices [0.0]
Device Authentication and Key exchange are major challenges for the Internet of Things.
PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE.
We present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself.
arXiv Detail & Related papers (2023-11-07T15:42:14Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z) - Generative AI-aided Joint Training-free Secure Semantic Communications
via Multi-modal Prompts [89.04751776308656]
This paper proposes a GAI-aided SemCom system with multi-model prompts for accurate content decoding.
In response to security concerns, we introduce the application of covert communications aided by a friendly jammer.
arXiv Detail & Related papers (2023-09-05T23:24:56Z) - Practical quantum secure direct communication with squeezed states [55.41644538483948]
We report the first table-top experimental demonstration of a CV-QSDC system and assess its security.
This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
arXiv Detail & Related papers (2023-06-25T19:23:42Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.