Chair of IT Security / Prof. Dr. Claudia Eckert
Announcement: Master Thesis in Cooperation with Fraunhofer AISEC, Garching
Automatic Compartmentalization of Rust Programs
for Deployment in TEEs
Trusted execution environment (TEE) is a security technology to efficiently perform isolation of software compartments on a single processor or SoC. Automatic Compartmentalization is a technique that can help application developers to easily modify their application, dividing it into sensitive and non-sensitive compartments and isolating the sensitive parts within a TEE while preserving the semantics of the application. This encourages rapid development and adoption of TEE technology.
Task Description
This thesis aims to build a tool that is able to automatically compartmentalize a Rust program, i.e. based on developer annotations in the program’s source code, split it into a sensitive and a non- sensitive binary. The sensitive part shall be able to run in a isolated trusted runtime. The tool for automatic compartmentalization shall be implemented as a compiler pass for code transformation. Therefore the following tasks might be part of the thesis:
-
Implementing the compiler-based transformation based on Rust’s HIR/THIR/MIR or LLVM-IR
-
Implementing an efficient communication mechanism for exchanging data between the sensitive part of the program (within the TEE) and the non-sensitive part
-
Designing a solution/protocol to provision sensitive data confidentially and integrity-protected into the TEE at application startup
Requirements
• First experiences with Rust programming
• Ideally, First experiences working with the Rust compiler (rustc) or LLVM
• Interest in compiler-based transformation and security
• Confident in working with Linux, Git & Docker
• Confident in working with one scripting language, e.g. Python
• Self-driven work ethic and fun experimenting with new techniques
Contact
Oliver Braunsdorf
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching
Mail: oliver.braunsdorf@aisec.fraunhofer.de
Phone: +49-89-3229986-161