2018-00903 - Doctorant / Sécurisation de traitement orientés données à base d’environnement d’exécution de confiance

Niveau de diplôme exigé : Bac + 5 ou équivalent

Fonction : Doctorant

A propos du centre ou de la direction fonctionnelle

Le centre de recherche Inria Saclay – Île-de-France, créé en 2008, accueille 450 scientifiques et 100 membres des services d’appui à la recherche. Les scientifiques sont organisés en 35 équipes de recherche dont 26 sont communes avec des partenaires du plateau de Saclay.

 

Le centre Inria Saclay - Île-de-France est un acteur essentiel de la recherche en sciences du numérique sur le plateau de Saclay. Il porte les valeurs et les projets qui font l’originalité d’Inria dans le paysage de la recherche : l’excellence scientifique, le transfert technologique, les partenariats pluridisciplinaires avec des établissements aux compétences complémentaires aux nôtres, afin de maximiser l’impact scientifique, économique et sociétal d’Inria.

Contexte et atouts du poste

The Personal Cloud paradigm holds the promise of a Privacy-by-Design storage and computing platform, where each individual can gather her complete digital environment in one place and perform advanced data oriented computations on her data with string privacy and security guarantees. However, this paradigm leaves the privacy and security issues in user’s hands, which leads to a paradox if we consider the weaknesses of individuals’ environment in terms of computer security. The challenge is however paramount in a society where emerging economic models are all based - directly or indirectly - on exploiting personal data.
On the other hand, trusted execution environments (TEE), like Intel SGX, are now embedded in end-users’ personal computers and in cloud servers. From a security point of view, it offers the capabilities to run code in isolation and provide remote attestations, which allows to prove required properties of the code running to third parties. Additionally, TEEs provide mechanisms for managing the information flow
from code running in the TEE to the outside world, secure external storage thanks to encryption, and manage the communications between different processes running in a TEE. Typically, Intel SGX integrates cryptographic primitives in hardware, with an impact on the performance of data oriented tasks which remains to analyze.
While many research works tackle the organization of the user’s workspace, the semantic unification of personal information, the personal data analytics problems, the objective of the PETRUS team is to tackle the privacy and security challenges from an architectural point of view. This PhD will investigate the design of database structures and algorithms in trusted execution environments for the personal cloud context.

Mission confiée

The goal of the PhD are (i) to identify the specific constraints of trusted execution environments (e.g., intel SGX) with respect to personal database management tasks and understand how side channel attacks on trusted execution environments (timing, memory access patterns) affect classical data processing; and (ii) to propose appropriate design rules for data structures, algorithms and counter measures, for efficient, scalable and secure personal data management using secure enclaves.

Principales activités

The Intel SGX technology is embedded in all recent Intel CPUs present in personal computers and cloud servers. From a security point of view, it provides a ‘trusted execution environment’ (TEE), called enclave in the SGX context. More precisely, it offers the capabilities to run code in isolation and provide remote attestations, which allows to prove required properties of the code running to third parties.
Additionally, TEEs provide mechanisms for managing the information flow from code running in the TEE to the outside world, secure external storage thanks to encryption, and manage the communications between different processes running in a TEE. Intel SGX therefore integrates cryptographic primitives in hardware, with an impact on the performance of data oriented tasks which remains to analyze.
In the PETRUS team, we use Intel SGX to secure data computations preformed in a personal cloud context. More precisely, our goal is to process data under the control of the user either on the user’s SGX enabled machine or in an untrusted cloud context using the SGX attestation mechanism. In this context, SGX provides an invaluable building block as it allows to isolate tasks from the – potentially compromised – user OS, or the untrusted cloud owner infrastructure, thus allowing for strong security guarantees against a realistic adversary that might compromise the user machine through malware, and compromise security of a cloud provider (either through an
insider attack or a large scale compromission as seen recently). The aim of this internship is to identify tradeoffs between efficiency and security that have to be made when securing data processing tasks using SGX. This is an essential issue as the security and computation model of SGX are rather far from the well studied case of on dedicated processing server.
Two different issues have to be considered here. The first one is how the specific memory architecture of SGX affects the data management tasks. Indeed, SGX has two important limitations: first, the amount of protected memory is rather limited (roughly 100 Mo) compared to modern unprotected systems; second, while access to CPU cache from an enclave is similar to an unprotected context, because of data protection mechanisms, access to RAM is much more expensive. This leads to the first objective of this internship, namely benchmarking data processing tasks in the context of SGX in order to understand which algorithms are well suited for data processing in this context. The second issue is understanding how side channel attacks on SGX (timing, memory access patterns) affects classical data processing algorithms. The second objective of this internship is to evaluate the impact of these attacks on data processing tasks protected in enclaves and devising counter measures to protect against these attacks.

Compétences

Le candidat devra avoir un M2 (ou diplôme équivalent) en informatique. De fortes compétences en sécurité et en bases de données sont attendues. Un connaissance de la cryptographie et/ou des méthodes formelles serait un plus.

Avantages sociaux

  • Restauration subventionnée
  • Transports publics remboursés partiellement
  • Sécurité sociale
  • Congés payés
  • Aménagement du temps de travail
  • Installations sportives

Rémunération

Salaire mensuel brut 1ère et 2ème année : 1.982 euros

Salaire mensuel brut 3ème année: 2.085 euros