Background
Recent advancements in platform security, standardization and software development enable radical improvements in the security and privacy of cloud data and workloads. This allows to create isolated, verifiable and user-controlled confidential computing environments that radically alter the trust relationship between customer businesses and cloud service providers. Platform vendor technologies such as Intel TDX, and AMD SEV and IBM PEF allow launching virtual machines with encrypted memory that can be remotely attested by users. This enables more businesses to migrate their data, processing, or the entire software stack to cloud premises, while significantly reducing related risks and simplifying compliance. Combined with other Privacy Enhancing Technologies, confidential computing enables new business models for data and workload collaboration. However, existing gaps in the protocol stack and tooling and firmware security slow down the wider adoption of confidential computing in cloud settings.
Objectives
We are working on discovering, preventing and minimizing the harmful impact of microarchitectural side-channel attacks on confidential computing workloads deployed in CanaryBit’s ConfidentialCloud service. The service uses latest hardware support for security features in commodity platforms (AMD SEV/Intel TDX/IBM PEF) to enable confidential data analytics collaboration, while providing exceptionally strong, verifiable security and privacy guarantees about client data and workloads.
- Review the state of the art in microarchitectural side channel attacks affecting confidential computing environments;
- Review the existing software mitigations for the most relevant attacks;
- Implement the relevant mitigations on a selected ML runtime;
- Provide a written report on the findings.
Implementation on x86 platforms, with a potential to also examine POWER9 and POWER10 server platforms. A successful project could lead to a valuable open-source contribution and an academic publication presented at a prestigious conference or workshop.
Terms
- Supervisor: Nicolae Paladi, PhD (nicolae@canarybit.eu)
- Scope: 30 points
- Start: As soon as possible.
- Compensation: 10 000 SEK upon a successful completion of a high-quality thesis.
Candidate profile:
We expect you to have good programming skills in: C, Python and Rust + UNIX skills. Furthermore, you have an interest in operating systems, virtualization, cloud computing, systems security and cryptography. Solid oral and written English skills are required.
Send in your application as soon as possible. Applications will be reviewed on a rolling basis. Applications should include:
- Your CV with your education, professional experience and specific skills
- A written report you authored or co-authored for a university level course.
- Samples of previous programming or other relevant projects.
- Recent grades (academic transcript).