Automatic Compartmentalization of Rust Programs to Simplify Software Development with AMD SEV
Automatic Compartmentalization of Rust Programs to Simplify Software Development with AMD SEV
| Supervisor(s): | Oliver Braunsdorf, Christian Epple |
| Status: | finished |
| Topic: | Others |
| Author: | Thomas Nibler |
| Submission: | 2021-09-15 |
| Type of Thesis: | Bachelorthesis |
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching
|
|
DescriptionAs more of the world's computing shifts into the cloud, new security questions arise.
Running sensitive workloads on untrusted hardware and operating systems controlled
by cloud providers or third party attackers can expose data to malicious actors.
Virtual Machine-based Trusted Execution Environments are a proposed solution to this problem,
with implementations and technologies like AMD SEV already being available.
In this thesis, we present Teehouse, an approach to facilitate using VM-based TEEs
by automatically partitioning a Rust application such that sensitive parts run in a secure VM,
while the rest of the application runs in a "regular" VM.
Teehouse allows the application to call sensitive functions or manipulate confidential
data on the server by transparently inserting RPC logic into the code.
We use a client-server model with the sensitive component
acting as a server, accepting requests from the remaining parts of the application
which become the client.
Besides function calls, Teehouse also allows manipulating data in the TEE
from the client without ever exposing it to untrusted environments. |
|