TUM Logo

Porting Control Flow Attestation to AMD SEV

Porting Control Flow Attestation to AMD SEV

Supervisor(s): Mathias Morbitzer
Status: open
Topic: Monitoring (VMI etc.)
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Lehrstuhl für Sicherheit in der Informatik /  Prof. Dr. Claudia Eckert

Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Porting Control Flow Attestation to AMD SEV

Motivation

Trusted Execution Environments (TEEs) such as Intel SGX and AMD SEV aim to protect code running within the environment from a malicious administrator. To ensure the integrity of the TEE at launch-time, they provide methods for static remote attestation. Yet, such static remote attestation only allows to verify the integrity of the TEE at launch-time, but not at run-time.

However, research has shown how Control Flow Attestation can be ported to TEEs in order to also ensure their run-time integrity (https://arxiv.org/abs/2202.07380). The work also provides a prototype based on Intel SGX.

For this bachelor’s thesis, we would like to port this prototype to the latest version of AMD Secure Encrypted Virtualization, SEV-SNP. This raises different challenges, such as how to exchange control flow information between a prover and a verifier, which should be tackled in this thesis.

Task description

You will get in touch with the following topics:

• Trusted Execution Environments, in particular Intel SGX and AMD SEV

• Operating System und Virtualization Basics
• Programming in C(++)

Existing in-depth knowledge in any of the areas is not required. Generation of own ideas is desired and creative work is encouraged.

Contact

Fraunhofer Institute for Applied and Integrated Security (AISEC)

Mathias Morbitzer
Email: mathias.morbitzer@aisec.fraunhofer.de
Phone: +49 89 322-9986-164