Join us on our mission to take cloud security to the next level. We work 100% remotely as an agile & flat organisation
Master ThesisWe are actively seeking applications for Master’s thesis research from students who are interested in working in the field of security and cloud computing.
Confidential Computing in Public Clouds
Advancements in platform hardware and firmware security features, industry standardisation and software developments opened for radical improvements to cloud security. These advancements allow to create isolated, verifiable and user-controlled execution environments that radically reduce the amount of trust required from customer businesses towards cloud service providers. This paves the way for more businesses migrating their data, processing, or the entire software stack to cloud premises, while significantly reducing related risks and simplifying compliance. Techniques such as AMD Secure encrypted Virtualisation allow to launch virtual machines with encrypted memory that can be remotely attested by users. However, existing gaps in the protocol stack and tooling slow down the wider adoption of such trusted execution environments in cloud settings.
CanaryBit AB is working on protecting the security and privacy of data stored and processed in public clouds. We currently aim to leverage the latest hardware support for security features in commodity platforms (AMD SEV, Intel MKTME, IBM PEF) to enable end-users to obtain strong security and privacy guarantees about the data that is being processed on their behalf. An additional goal is to integrate with OpenStack and make an open-source contribution.
The thesis consists of the following items:
1. Review existing protability projects for hardware support for isolated execution (Enarx/Asylo/Raksh).
2. Extend support for Secure Encrypted Virtualisation in OpenStack by implementing support for remote security attestation.
3. Design an attestation protocol enabling end-users to obtain evidence about the security properties of the attested resources.
4. Provide a prototype implementation and a written report on the findings.
Implementation will be carried out on x86 platforms.
The master project will be done remotely and will be supervised by Nicolae Paladi, PhD.
A successful project could lead to:
• a valuable open-source contribution;
• a peer-reviewed publication presented at a prestigious conference or workshop.
1. Programming: C, Python + UNIX skills
2. Interest in virtualisation and cloud computing
3. Interest in security, applied cryptography and confidential computing
4. Good spoken and written English
Applications should include a brief personal letter, your CV with your education, professional experience and specific skills and recent grades. In your application, make sure to provide examples of previous programming or other projects that you consider relevant for the position.Terms
Supervisor: Nicolae Paladi, PhD | firstname.lastname@example.org
Scope: 30 points
Start: March/April 2021