| Bearbeiter | (nur für Mitarbeiter:innen einsehbar) |
| Betreuer | Manuel Nieke |
| Professor | Prof. Dr. Rüdiger Kapitza |
| IBR Gruppe | DS (Prof. Kapitza) |
| Art | Bachelorarbeit |
| Status | abgeschlossen |
| Abgabestichtag | 2020 |
IntroductionWith the widespread availability of trusted hardware, e.g. Intel's Software Guard Extenseions (SGX) included in most common Intel CPUs, confidential computing has received a lot of attention recently. Such hardware can be used to create Trusted Execution Environments (TEEs) which protect contained code and data against unintended access, even if an attacker has access to priviledged software or directly to the hardware. Among its numerous applications is the possibility to enhance a program's privacy preservation, as is researched in the PRIMaTE project. One focus of this project is to evaluate the feasability of partitioning, i.e. introducing multiple TEEs into the application, as a means of enhancing privacy even in the presence of exploitable software vulnerabilities. Problem statementExperience has shown that manually extending an application with a TEE is time consuming, and even more so if several partitions should be used. In order to make partitioning a viable approach to protect applications, it is, therefore, necessary to automate this process as much as possible. For this process, a data accessibility analysis, which is performed by an existing framework, should be used as the basis for the partitioning.Task descriptionThe goal of this thesis is the design and implementation of a tool for automated partitioning of given applications. This tool should take input from the existing data accessibility framework to make its decision for a good partitioning and generate it. As the data analysis framework is limited to applications written in Rust, the partitioning will be applied to such applications as well.Prerequisites
| |