CAP-TEE: Capability Architectures for Trusted Execution
Lead Research Organisation:
University of Birmingham
Department Name: School of Computer Science
Abstract
Trusted Execution Environments (TEEs) shield computations using security-sensitive data (e.g. personal data, banking information, or encryption keys) inside a secure "enclave" from the rest of the untrusted operating system. A TEE protects its data and code even if an attacker has gained full root access to the untrusted parts of the system. Today, TEEs like ARM Trustzone and Intel SGX are therefore widely used in general-purposes devices, including most laptops and smartphones. But with increasingly wide-spread use, TEEs have proven vulnerable to a number of hardware and software-based attacks, often leading to the complete compromise of the protected data.
In this project, we will use capability architectures (as e.g. developed by the CHERI project) to protect TEEs against such state-of-the-art attacks. We address a wide range of threats from software vulnerabilities such as buffer overflows to sophisticated hardware attacks like fault injection. CAP-TEE will provide a strong, open-source basis for the future generation of more secure TEEs.
When developing such disruptive technologies, it is key to minimise the efforts for porting existing codebases to the new system to facilitate adoption in practice. In CAP-TEE, we therefore focus on techniques to ease the transition to our capability-enabled TEE. In industrial cases studies for the automotive and rail sector, we will demonstrate how complex code written in a memory-unsafe language like C(++) can be seamlessly moved to our platform to benefit from increased security without a full redesign.
In this project, we will use capability architectures (as e.g. developed by the CHERI project) to protect TEEs against such state-of-the-art attacks. We address a wide range of threats from software vulnerabilities such as buffer overflows to sophisticated hardware attacks like fault injection. CAP-TEE will provide a strong, open-source basis for the future generation of more secure TEEs.
When developing such disruptive technologies, it is key to minimise the efforts for porting existing codebases to the new system to facilitate adoption in practice. In CAP-TEE, we therefore focus on techniques to ease the transition to our capability-enabled TEE. In industrial cases studies for the automotive and rail sector, we will demonstrate how complex code written in a memory-unsafe language like C(++) can be seamlessly moved to our platform to benefit from increased security without a full redesign.
Planned Impact
The research in this project will benefit:
a) Industry
Our four direct industry partners (Samsung, HP Labs, Horiba Mira, and Thales) will be deeply involved in steering the project to maximise industrial applicability of the results. We envision that the CAP-TEE technologies will find their way into future, more secure smartphones, automotive control units, and industrial control systems. We will also engage with the wider business community through presentations and dedicated dissemination events to ensure widespread adoption of the project results. This makes use of our industrial network, among others developed within the ESPRC and NCSC-funded research insitutes RITICS, RISE, and UKRRIN.
b) Government and society
Society as a whole will benefit from more secure devices used by most of us on a day-to-day basis. We will participate at public engagement events and engage with the media to create and improve public awareness of the benefits of "secure by default" systems as promoted by CAP-TEE. We will also work closely with the government, e.g. the NCSC, to help steer public policy around secure and trustworthy industrial control, rail, and automotive systems as well as trusted execution in general.
c) Research Community
Research papers based on the project results will be submitted to the highest ranked venues in the field. This will advance the state-of-the-art in trusted execution and development of secure embedded systems. We will extend our existing academic collaborations and seek new (inter)national ones. By following an open-source dissemination strategy, we aim to maximise the re-usability of the project results to enable follow-up research and reproducibility by other scientists. For this, we will setup a dedicated project website and repository to make all research artifacts publicly available.
We will collaborate interdisciplinary with the Digital Security by Design Social Sciences Hub+ to explore ways for creating incentives to build "secure by default" products from a social sciences perspective and for informing public policy around stronger security for critical infrastructure.
d) Education
We will continue to train the next generation of cyber security experts both through PhD studentships within CAP-TEE, our GCHQ/NCSC-recognised MSc in Cyber Security, and our UG programme in Computer Science. The novel techniques developed in the project around capability architectures and TEEs will directly feed into our cyber security teaching activities.
a) Industry
Our four direct industry partners (Samsung, HP Labs, Horiba Mira, and Thales) will be deeply involved in steering the project to maximise industrial applicability of the results. We envision that the CAP-TEE technologies will find their way into future, more secure smartphones, automotive control units, and industrial control systems. We will also engage with the wider business community through presentations and dedicated dissemination events to ensure widespread adoption of the project results. This makes use of our industrial network, among others developed within the ESPRC and NCSC-funded research insitutes RITICS, RISE, and UKRRIN.
b) Government and society
Society as a whole will benefit from more secure devices used by most of us on a day-to-day basis. We will participate at public engagement events and engage with the media to create and improve public awareness of the benefits of "secure by default" systems as promoted by CAP-TEE. We will also work closely with the government, e.g. the NCSC, to help steer public policy around secure and trustworthy industrial control, rail, and automotive systems as well as trusted execution in general.
c) Research Community
Research papers based on the project results will be submitted to the highest ranked venues in the field. This will advance the state-of-the-art in trusted execution and development of secure embedded systems. We will extend our existing academic collaborations and seek new (inter)national ones. By following an open-source dissemination strategy, we aim to maximise the re-usability of the project results to enable follow-up research and reproducibility by other scientists. For this, we will setup a dedicated project website and repository to make all research artifacts publicly available.
We will collaborate interdisciplinary with the Digital Security by Design Social Sciences Hub+ to explore ways for creating incentives to build "secure by default" products from a social sciences perspective and for informing public policy around stronger security for critical infrastructure.
d) Education
We will continue to train the next generation of cyber security experts both through PhD studentships within CAP-TEE, our GCHQ/NCSC-recognised MSc in Cyber Security, and our UG programme in Computer Science. The novel techniques developed in the project around capability architectures and TEEs will directly feed into our cyber security teaching activities.
Organisations
- University of Birmingham (Lead Research Organisation)
- LOUGHBOROUGH UNIVERSITY (Collaboration)
- Siemens AG (Collaboration)
- University of Surrey (Collaboration)
- Qinetiq (United Kingdom) (Collaboration)
- Toyota Motor Corporation (Collaboration)
- MIRA (United Kingdom) (Project Partner)
- Thales (United Kingdom) (Project Partner)
- HP Labs (Project Partner)
- Samsung (South Korea) (Project Partner)
Publications
Alder F
(2022)
Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments
in Digital Threats: Research and Practice
Chen Z
(2022)
MetaEmu
Chen Z
(2023)
PMFault: Faulting and Bricking Server CPUs through Management Interfaces: Or: A Modern Example of Halt and Catch Fire
in IACR Transactions on Cryptographic Hardware and Embedded Systems
Chen Z
(2023)
PMFault: Faulting and Bricking Server CPUs through Management Interfaces Or: A Modern Example of Halt and Catch Fire
in IACR Transactions on Cryptographic Hardware and Embedded Systems
Chen Z.
(2021)
VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface
in Proceedings of the 30th USENIX Security Symposium
Description | We cooperated with KU Leuven on a novel design, CHERI-TrEE, to protect sensitive data in a trusted execution environment using capability architectures like ARM Morello. We found that hardware connection to the motherboard as well as server management processors can be used to break the security of Intel SGX and even damage the main processor. We helped create the open-source Pandora tool to validate software for trusted execution environments. |
Exploitation Route | The CHERI-TrEE design and the Pandora tool have been made available as open source for other researchers and industry to build upon. The Zephyr and OP-TEE ports will be made open source once stable and fully developed. The PoC code for VoltPillager and PMFault are openly available on Github. |
Sectors | Digital/Communication/Information Technologies (including Software) Electronics Government Democracy and Justice Security and Diplomacy |
URL | https://cap-tee.org/publications/ |
Description | The project has yielded several outputs with impact with impact on industry and the wider society: First, with the VoltPillager and PMFault work, we have shown that current trusted execution environments cannot fully live up to the promise of protecting the workload against a malicious server operator. With VoltPillager, we demonstrated that with physical access, SGX enclaves can be broken into using low-cost equipment connected to a server's motherboard. With PMFault, we then presented a method that turns this approach into a software-only attack for Supermicro servers, making it remotely exploitable. This has resulted in a CVE (CVE-2022-43309) and a security patch issued by Supermicro, contributing to better securing the crucial server ecosystem. Follow-up work on the Pandora tool (with our collaborators at KU Leuven) introduces another angle for better TEE security, using symbolic execution to discover a range of software vulnerabilities in TEEs. This open-source project has attracted interest from Fortanix, a leading company in the TEE sector. Secondly, our open-source work around compartmentalisation and TEEs using CHERI has resulted in attention from industry: both our prototypical CHERI-TrEE capability TEE and our current work on a Zephyr port for CHERI-RISCV will feed into further collaboration, possibly through a KTP, with the IP company Codasip. The Zephyr proof-of-concept was initially developed during our postdoc's secondment at HP Bristol and is currently being developed into a joint academic publication/presentation. |
First Year Of Impact | 2022 |
Sector | Digital/Communication/Information Technologies (including Software),Electronics |
Impact Types | Societal Economic |
Description | Contribution to report for the UN on Rail Cyber Security |
Geographic Reach | Asia |
Policy Influence Type | Contribution to new or improved professional practice |
Description | Cyber UK 2023 DsbD booth |
Geographic Reach | Local/Municipal/Regional |
Policy Influence Type | Contribution to new or improved professional practice |
Description | Teaching series with rail senior leaders |
Geographic Reach | National |
Policy Influence Type | Contribution to new or Improved professional practice |
Description | IOTEE: Securing and analysing trusted execution beyond the CPU |
Amount | £448,286 (GBP) |
Funding ID | EP/X03738X/1 |
Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
Sector | Public |
Country | United Kingdom |
Start | 08/2023 |
End | 08/2026 |
Description | SCAvenger - Attacking Machine Learning with Side Channel Attacks |
Amount | £54,000 (GBP) |
Organisation | Intel Corporation |
Sector | Private |
Country | United States |
Start | 02/2021 |
End | 02/2023 |
Description | Collaborated on the Made-5G+ proposal |
Organisation | Loughborough University |
Country | United Kingdom |
Sector | Academic/University |
PI Contribution | Collaborated with Loughborough University and University of Surrey as well as several other industry partners on a proposal for the Made-5G Centre. Proposal includes a WP to make use of DsbDtech in the 5G context. |
Collaborator Contribution | Led and contributed to the proposal submission. |
Impact | No outputs yet as the proposal is still under review. |
Start Year | 2021 |
Description | Collaborated on the Made-5G+ proposal |
Organisation | Qinetiq |
Country | United Kingdom |
Sector | Private |
PI Contribution | Collaborated with Loughborough University and University of Surrey as well as several other industry partners on a proposal for the Made-5G Centre. Proposal includes a WP to make use of DsbDtech in the 5G context. |
Collaborator Contribution | Led and contributed to the proposal submission. |
Impact | No outputs yet as the proposal is still under review. |
Start Year | 2021 |
Description | Collaborated on the Made-5G+ proposal |
Organisation | Siemens AG |
Department | Siemens plc |
Country | United Kingdom |
Sector | Private |
PI Contribution | Collaborated with Loughborough University and University of Surrey as well as several other industry partners on a proposal for the Made-5G Centre. Proposal includes a WP to make use of DsbDtech in the 5G context. |
Collaborator Contribution | Led and contributed to the proposal submission. |
Impact | No outputs yet as the proposal is still under review. |
Start Year | 2021 |
Description | Collaborated on the Made-5G+ proposal |
Organisation | Toyota Motor Corporation |
Country | Japan |
Sector | Private |
PI Contribution | Collaborated with Loughborough University and University of Surrey as well as several other industry partners on a proposal for the Made-5G Centre. Proposal includes a WP to make use of DsbDtech in the 5G context. |
Collaborator Contribution | Led and contributed to the proposal submission. |
Impact | No outputs yet as the proposal is still under review. |
Start Year | 2021 |
Description | Collaborated on the Made-5G+ proposal |
Organisation | University of Surrey |
Country | United Kingdom |
Sector | Academic/University |
PI Contribution | Collaborated with Loughborough University and University of Surrey as well as several other industry partners on a proposal for the Made-5G Centre. Proposal includes a WP to make use of DsbDtech in the 5G context. |
Collaborator Contribution | Led and contributed to the proposal submission. |
Impact | No outputs yet as the proposal is still under review. |
Start Year | 2021 |
Title | CHERITrEE capability TEE implementations |
Description | Snapshot of the three implementations (in Sail, Proteus and Morello, found in the respective homonymous folders) discussed in our EuroS&P 2023 paper "CHERI-TrEE: Flexible enclaves on capability machines" |
Type Of Technology | Software |
Year Produced | 2023 |
Open Source License? | Yes |
Impact | discussed in our EuroS&P 2023 paper "CHERI-TrEE: Flexible enclaves on capability machines". Received industrial interest e.g. from Codasip |
URL | https://github.com/proteus-core/cheritree |
Title | Morello baremetal examples |
Description | This repository contains example code for bare metal development on the Morello Platform. More information regarding these examples can be found in the CAP-TEE Morello Getting Started Guide. https://github.com/cap-tee/cheri-docs/blob/main/morello-getting-started.md. |
Type Of Technology | Webtool/Application |
Year Produced | 2021 |
Open Source License? | Yes |
Impact | So far, the software was used in internal research projects, leading to a joint paper with KU Leuven currently under submission |
URL | https://github.com/cap-tee/morello-baremetal-examples |
Title | Pandora: Tool for Principled Symbolic Validation of Intel SGX Enclave Runtimes |
Description | Pandora is a symbolic execution tool designed for truthful validation of Intel SGX enclave shielding runtimes. Pandora is based on the fabulous angr and extends it with enclave semantics such as Intel SGX instruction support, a realistic enclave memory view, attacker taint tracking, and report generation for a set of powerful vulnerability plugins. |
Type Of Technology | Software |
Year Produced | 2023 |
Open Source License? | Yes |
Impact | Pandora is the result of our research publicationat the 45th IEEE Symposium on Security and Privacy (IEEE S&P 2024) |
URL | https://github.com/pandora-tee |
Title | PoC for PMFault |
Description | This software checks and demonstrates the vulnerabilities reported in the paper "PMFault: Faulting and Bricking Server CPUs through Management Interfaces", to appear at TCHES 2023. |
Type Of Technology | Software |
Year Produced | 2023 |
Open Source License? | Yes |
Impact | Media coverage in the New Scientist |
URL | https://github.com/zt-chen/PMFault |
Description | ACE-CSR #3 |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Awarded Academic Centre of Excellence in Cyber Security Research (ACE-CSR) status. |
Year(s) Of Engagement Activity | 2024 |
Description | All hands DsbD workshop |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Several members of the project team (Jackson, Henes, Bowden, Oswald) attended the DsbD all-hands event in Wolverhampton in Oct and presented a demo of the OP-TEE port as well as a poster. We also ran a workshop on TEEs and capabilities. |
Year(s) Of Engagement Activity | 2022 |
URL | https://www.dsbd.tech/events/ |
Description | All hands DsbD workshop |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Oswald, Jackson and Jiang attended the DsbD all-hands meeting in Manchester in November, and several team members attended the all-hands event in London in April. |
Year(s) Of Engagement Activity | 2023 |
Description | All hands DsbD workshop |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Jackson and Oswald participated in the DsbD all-hands event on 8 September and presented the project results so far. |
Year(s) Of Engagement Activity | 2021 |
Description | Article published in The Register |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | Article published in The Register titled: Intel's SGX cloud-server security defeated by $30 chip, electrical shenanigans |
Year(s) Of Engagement Activity | 2020 |
URL | https://www.theregister.com/2020/11/14/intel_sgx_physical_security/ |
Description | CARDIS conference including CHERI/capability architecture tutorial |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | A CHERI/capability architecture half-day tutorial was successfully held at the CARDIS conference in Nov 2022 (approx. 60 participants) hosted by Oswald in Birmingham. This allowed the project team to introduce capabilities and CHERI/Morello to a broad academic and industrial audience, serving as the project's mid-term evaluation event. Industry attendees included large employees from large semiconductor vendors and security companies |
Year(s) Of Engagement Activity | 2022 |
URL | https://events.cs.bham.ac.uk/cardis2022/ |
Description | CODASIP discussions/visit |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | The team invited engineers from CODASIP in Nov for a half-day meeting at the University of Birmingham. This included discussions on possible use of the research outputs in industrial applications, in particular CODASIP's CHERI RISCV cores. Possible follow-up activity will be around forming a KTP or similar. Additional, separate discussions with CODASIP revolved around forming and joining a potential CHERI alliance. |
Year(s) Of Engagement Activity | 2023 |
Description | Delivered a Talk at HP Labs |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Co-I Ryan delivered a tutorial talk at HP Labs 22 October 2020, "Intro to Keystone (an enclave system for RISC-V)" |
Year(s) Of Engagement Activity | 2020 |
Description | Delivered a Talk at Huawei Security Advisory Board |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Co-I Ryan delivered a Talk at Huawei Security Advisory Board 27 November 2020, "An overview of hardware security anchors for IoT and embedded applications" |
Year(s) Of Engagement Activity | 2020 |
Description | Engagement with RazorSecure on CAP-TEE |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | Local |
Primary Audience | Industry/Business |
Results and Impact | Thomas engaged several times with RazorSecure on CAP-TEE in a digital safety context. |
Year(s) Of Engagement Activity | 2021 |
Description | GSMA talk about mobile network security |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Ordean gave a talk to GSMA in Feb about the security/privacy of mobile network protocols. |
Year(s) Of Engagement Activity | 2023 |
Description | Help Net Security Article |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | Article published on Help Net Security titled: 'Researchers break Intel SGX by creating $30 device to control CPU voltage' |
Year(s) Of Engagement Activity | 2020 |
URL | https://www.helpnetsecurity.com/2020/11/16/break-intel-sgx/ |
Description | Kick-off Project Workshop |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | We organised a virtual kick-off project workshop where we invited project partners from Thales, HP, Horiba Mira, Innovate UK, EPSRC and University of Cambridge CHERI project members. The workshop included internal talks on project such as Plundervolt as well as external speakers from the CHERI group followed by a two-group discussion session for those interested in different applications of the research. |
Year(s) Of Engagement Activity | 2020 |
Description | Lecture to TUV Rhineland on software security issues in the rail industry |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Thomas gave a lecture to TUV Rhineland on software security issues in the rail industry and spoke about CAP-TEE and Capability Architectures in April 2022. |
Year(s) Of Engagement Activity | 2022 |
Description | Media coverage in New Scientist |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Public/other audiences |
Results and Impact | The New Scientist covered our recent work on CPU under/overvolting through the PMBus. |
Year(s) Of Engagement Activity | 2023 |
URL | https://www.newscientist.com/article/2354844-hackers-can-make-computers-destroy-their-own-chips-with... |
Description | Phoronix Article |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | Article published online in Phoronix titled ' VoltPillager: Researchers Compromise Intel SGX With Hardware-Based Undervolting Attack' |
Year(s) Of Engagement Activity | 2021 |
URL | https://www.phoronix.com/scan.php?page=news_item&px=VoltPillager-HW-Undervolt |
Description | Presentation to the Rail Safety and Standards Board |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Thomas presented the goals of CAP-TEE to the Rail Safety and Standards Board and to Rock Rail. |
Year(s) Of Engagement Activity | 2021 |
Description | Talk at Blackhat Asia 2023 |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | A talk on our work on new undervolting methods, entitled "PMFault: Voltage Fault Injection on Server Platforms Through the PMBus" was presented at BlackHat Asia in May 2023. |
Year(s) Of Engagement Activity | 2023 |
URL | https://www.blackhat.com/asia-23/briefings/schedule/index.html#pmfault-voltage-fault-injection-on-se... |
Description | Talk at CheriTech22 workshop |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Jackson gave a talk on "CHERI and Trusted Execution Environments" at the CheriTech22 workshop hosted by King's College in September 2022. |
Year(s) Of Engagement Activity | 2022 |
URL | https://soft-dev.org/events/cheritech22/ |
Description | UKRRIN CEDS technical cyber security presentation |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Thomas' UKRRIN CEDS technical cyber security presentation to UKRRIN CEDS universities included CAP-TEE as a project. Thomas' presentation at the UKRRIN CEDS Research Open Day included a section on CAP-TEE. |
Year(s) Of Engagement Activity | 2021 |
Description | Visit and seminar talk at KU Leuven |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Oswald presented the work around software-induced faults on servers at a seminar in the Computer Science department in Leuven. Follow-up discussions led to a new joint research project around DRAM security. |
Year(s) Of Engagement Activity | 2023 |
Description | World Congress on Rail Research |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Thomas attended the World Congress on Rail Research, presented CAP-TEE as part of a talk on 'the future'. |
Year(s) Of Engagement Activity | 2022 |
Description | invited talk at STW'2021 |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Ryan had an invited talk at STW'2021 (Huawei Security and Technology Workshop, October 2021). |
Year(s) Of Engagement Activity | 2021 |
Description | invited talk at the Shonan seminar |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Ryan gave an invited talk called "Hardware technologies for making privacy violations transparent and accountable" at the Shonan seminar (Japan) on the theme of "Biggest failures in privacy" on 28 Sept. |
Year(s) Of Engagement Activity | 2021 |
Description | invited talk at workshop on the Security of Software / Hardware Interfaces (SILM 2021) |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Garcia gave an invited talk on the hardware attack aspects of our work: "Plundering and Pillaging with Voltage: Software and Hardware-based Fault-injection Attacks against SGX", 3rd edition of workshop on the Security of Software / Hardware Interfaces (SILM 2021). Co-located with EuroS&P. |
Year(s) Of Engagement Activity | 2021 |
Description | keynote talk at 14th International Conference on Security for Information Technology and Communications |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Ryan gave a keynote talk at 14th International Conference on Security for Information Technology and Communications |
Year(s) Of Engagement Activity | 2021 |
Description | panel member to "Cyber Security, Fraud & Human Error" (part of a civil servants' conference on public sector cyber security) |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | Ryan was invited as panel member to "Cyber Security, Fraud & Human Error" (part of a civil servants' conference on public sector cyber security, 300 delegates), December 2021. |
Year(s) Of Engagement Activity | 2021 |
Description | showcase for National Cyber Strategy 2022 |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Oswald and other project members (virtually) attended the National Cyber Strategy 2022 on Wednesday 15 December. We had prepared a CAP-TEE showcase for the in-person event, but due to the Covid situation the event was made virtually at short notice. |
Year(s) Of Engagement Activity | 2021 |
Description | talk at hardwear.io |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Future CAP-TEE / DsbDtech contributions to TEE security and work around hardware undervolting highlighted in Oswald's talks at hardwear.io |
Year(s) Of Engagement Activity | 2021 |
Description | virtual seminar talk at Infineon |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Oswald gave a virtual seminar talk at Infineon, relating to fault injection and the hardware attack aspects of the project. |
Year(s) Of Engagement Activity | 2021 |