Background
Recent advancements in platform security, standardization and software development enable radical improvements in the security and privacy of cloud data and workloads. This allows to create isolated, verifiable and user-controlled confidential computing environments that radically alter the trust relationship between customer businesses and cloud service providers. Platform vendor technologies such as Intel TDX, and AMD SEV and IBM PEF allow launching virtual machines with encrypted memory that can be remotely attested by users. This enables more businesses to migrate their data, processing, or the entire software stack to cloud premises, while significantly reducing related risks and simplifying compliance. Combined with other Privacy Enhancing Technologies, confidential computing enables new business models for data and workload collaboration. However, existing gaps in the protocol stack and tooling slow down the wider adoption of confidential computing in cloud settings.
Objectives
We are working on enabling confidential with strong security and maximum performance and throughput. We make use of the latest hardware support for security features in commodity platforms (AMD SEV/Intel TDX/IBM PEF) to enable end-users to run and thoroughly monitor confidential cloud workloads to fine-tune resource usage, while obtaining exceptionally strong, verifiable security and privacy guarantees about their data and workloads.
- Review the state of the art in confidential computing enclave / workload monitoring;
- Design a tool for fine-grained system monitoring of confidential computing enclaves;
- Implement the tool and validate its performance using accepted benchmarks;
- Provide a written report on the findings.
Implementation on x86 platforms, with a potential to also examine POWER9 and POWER10 server platforms. A successful project could lead to a valuable open-source contribution and an academic publication presented at a prestigious conference or workshop.
Terms
- Supervisor: Nicolae Paladi, PhD (nicolae@canarybit.eu)
- Scope: 30 points
- Start: As soon as possible.
- Compensation: 10 000 SEK upon a successful completion of a high-quality thesis.
Candidate profile
We expect you to have good programming skills in: C, Python and Rust + UNIX skills. Furthermore, you have an interest in operating systems, virtualization, cloud computing, systems security and cryptography. Solid oral and written English skills are required.
Send in your application as soon as possible. Applications will be reviewed on a rolling basis. Applications should include:
- Your CV with your education, professional experience and specific skills
- A written report you authored or co-authored for a university level course.
- Samples of previous programming or other relevant projects.
- Recent grades (academic transcript).