140 likes | 154 Views
Enhance software security for cloud and endpoint systems with SolidShield's Systemic SW protection. Address software vulnerabilities, performance issues, and more. Join us in revolutionizing IoT security. Vincent Lefebvre of SolidShield is leading this groundbreaking project initiative.
E N D
CELTIC-NEXT Online Proposers Day TWO DIFFERENT PROJECT IDEA CONTRIBUTIONS UniversalTrusted Execution for cloud and endpoint SW total security Systemic SW protection for cloud and endpoint SW security enhancement SOLIDSHIELD vincent@solidshield.com
CELTIC-NEXT Online Proposers Day 29thNovember 2018, via WebEx Project contribution proposal Systemic SW protection for cloud and endpoint SW security enhancement SOLIDSHIELD vincent@solidshield.com
PROBLEM STATEMENT SOFTWARE SECURITY IS first priority for future iot based system security • today 's painpoints for sw protection): • impeding attackS slow down the software • complex workflow (source code change, new compilation, ... iot soTA software are at the best authenticated can be reversed can be decompiled can be tampered to tamper data www.celticplus.eu SYSTEMIC SW ONE CLICK SECURITY, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
systemic • Systemic SW protections: • attestation • encryption • anti dump • anti tampering • all these four protection set at one click cost on binaries • no performance degradation at runtime • universal solution www.celticplus.eu SYSTEMIC SW ONE CLICK SECURITY, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
Organisation Profile solidshield works in sw protection for a decade (defense and telecom) systemic (FOR INTEL) IS derived from our contribution in sendate tandem. Workflow is key for success. OUR PLAN IS TO EXPAND SYSTEMIC TO IOT MARKETS (arm, java) AND DESIGN AD HOC SOLUTIONS to meet specific markets constraints. specifications SHALL COME FROM POTENTIAL USERS. (consortium members typically). testS SHALL BE DONE BY THEM TOO. we need use cases AND market INNER VIEWS www.celticplus.eu SYSTEMIC SW ONE CLICK SECURITY, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
CELTIC-NEXT Online Proposers Day 29thNovember 2018, via WebEx Pitch of a project contribution proposal UniversalTrusted Execution for cloud and endpoint SW total security SOLIDSHIELD vincent@solidshield.com
TeaserOne solution for all tee Universal Trusted Execution delivers highest sw security whatever hardware (tee enabled) at no effort to developers www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
problem statement tee is a super strong but poorly-used idea pros: it breaks the chain of performance<>efficiency pro: code and data integrity and confidientiality are met CONs: require a security architect... vendor-specific , no compatibility Complete VM Limited TCB www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
universal tee one setup workflow for both technologies no change on source code required one single protected executable enabled for both technologies No effort from developer. USE CODE INTERPRETATION AND ASYLO APIs FOR HARDWARE INDEPENDANCE + AUTOMATIC BINARY WRAPPING www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
UNIVERSAL TEE OUTCOME CLOUD COMPUTING MAKES USE OF TEE... NO MORE INTROSPECTION ATTACKS AT SERVER FARMS... A REAL BOOSTER IN TODAY'S CLOUD COMPUTING USE (5G, SDN, ...) WE OFFER A READY-TO-USE DISRUPTIVE SOLUTION ON BOTH WORKFLOW AND DEPLOYMENT ASPECTS (today's blocker) "TEE ARE NESCANT AND WILL EVOLVE ATTACKS ON TEES JUST REFLECT HOW MUCH THEY THREAT CYBER ACTIVISTS..." www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
FAU 's expertise • FAU takes part of a long track of collaborative research program including SENDATE TANDEM. Its research focus are trusted execution environments, including the following publications: • Isolating Operating System Components with Intel SGX, SysTex ’16 • Hardware-Based Trusted Computing Architectures for Isolation and Attestation, IEEE Transactions on Computers ’17 • Cache Attacks on Intel SGX, EuroSec ‘17 • Secure Remote Computation using Intel SGX, GI Sicherheit ’18 • Universal TEE for Securing SDN/NFV Operations, ARES ‘18 • TEEshift: Protecting Code Confidentiality by Selectively Shifting Functions into TEEs, SysTex ‘18 • Protecting Regular User-Mode Processes with AMD SEV (to be published 2019) www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
publications reflecting the contribution idea: ARES ‘18 CONFERENCE, HAMBOURG, August 2018:UNIVERSAL tee for securing SDN/NFV OPERATIONS https://dl.acm.org/citation.cfm?doid=3230833.3233256 SysTEX ‘18 WORKSHOP, Co-Located to CCS CONFERENCE, TORONTO, October 2018:teeshift: Protecting code by selectively selecting functions into teeS(Best-Paper Award ) Https://www.researchgate.net/publication/328326614_TEEshift_Protecting_Code_Confidentiality_by_Selectively_Shifting_Functions_into_TEEs www.celticplus.eu Universal Trusted Execution Environment, Vincent Lefebvre, SOLIDSHIELD, vincent@solidshield.com
Contact Info SOLIDSHIELD: Name: Vincent Lefebvre E-Mail: vincent@solidshield.com Telephone +33 0663579190 83 Bd Sadi Carnot, 06110 Le Cannet, France www.solidshield.com FAU: Name: Tilo Müller E-Mail: tilo.mueller@cs.fau.de Telephone +49 9131 85 69904 Martensstr. 3, 91058 Erlangen, Germany www1.cs.fau.de • Presentation available via: • www.tiny.cc/projectidea
Join the follow-up Telco 7th December 14-15 CET Join Webex meeting Meeting number (access code): 956 667 108 Meeting password: Z5jiAfeH Join by phone +49-6925511-4400 Germany toll Global call-in numbers www.celticplus.eu office@celticplus.eu