Trust Extension as a Mechanism for Secure Code Execution on Commodity Computers

As society rushes to digitize sensitive information and services, it is imperative to adopt adequate security protections. However, such protections fundamentally conflžict with the benefits we expect from commodity computers. In other words, consumers and businesses
value commodity computers because they provide good performance and an abundance of
features at relatively low costs. Meanwhile, attempts to build secure systems from the ground
up typically abandon such goals, and hence are seldom adopted .

In this dissertation, I argue that we can resolve the tension between security and features
by leveraging the trust a user has in one device to enable her to securely use another
commodity device or service, without sacrificing the performance and features expected of
commodity systems. At a high level, we support this premise by developing techniques to allow
a user to employ a small, trusted, portable device to securely learn what code is executing
on her local computer. Rather than entrusting her data to the mountain of buggy code likely
running on her computer, we construct an on-demand secure execution environment which
can perform security-sensitive tasks and handle private data in complete isolation from all
other soŸware (and most hardware) on the system. Meanwhile, non-security-sensitive soŸftware retains the same abundance of features and performance it enjoys today.
Having established an environment for secure code execution on an individual computer,
we then show how to extend trust in this environment to network elements in a secure and
effi›cient manner.this allows us to reexamine the design of network protocols and defenses,
since we can now execute code on endhosts and trust the results within the network. Lastly,
we extend the user’s trust onemore step to encompass computations performed on a remote
host (e.g., in the cloud). We design, analyze, and prove secure a protocol that allows a user
to outsource arbitrary computations to commodity computers run by an untrusted remote
party (or parties) who may subject the computers to both soŸware and hardware attacks.
Our protocol guarantees that the user can both verify that the results returned are indeed
the correct results of the specied computations on the inputs provided, and protect the
secrecy of both the inputs and outputs of the computations. These guarantees are provided
in a non-interactive, asymptotically optimal (with respect to CPU and bandwidth) manner.
Thus, extending a user’s trust, via soŸware, hardware, and cryptographic techniques,
allows us to provide strong security protections for both local and remote computations on
sensitive data, while still preserving the performance and features of commodity computers.