Theoretical and Practical Aspects of Trusted Execution Environments in Information Security and Volunteer Computing

Abstract

Commodity operating systems, both on desktop and mobile devices, offer rich functionality and consequently a significant attack surface. A compromise of the operating system, however, means that an attacker also has access to any critical assets of the user’s applications. These critical assets include code, which either is part of security-critical functionality, or of commercial value and other sensitive information whose disclosure, even in a minimal part, must be avoided. While many platforms offer support for Trusted Execution Environments (TEEs), these are currently restricted for the use of secure services provided by the operating system or the vendor. Developers have to rely on obfuscation to protect their own code from unauthorized tampering or copying, which only provides an obstacle for an attacker but does not prevent compromise. In collaborative networks, moreover, many problems are usually not handled at all, since it is not possible, in many cases, to hide confidential data from inputs of the subtasks solved by the computers of the network. This thesis proposes to take advantage and extend these TEEs to also offer code protection for arbitrary application and secure data in volunteer computing networks