Security-critical applications constantly face threats from exploits in lower computing layers such as the OS and Hypervisor, or even attacks from malicious administrators. To protect sensitive data from such privileged adversaries, there is increasing development of secure hardware primitives, such as Intel SGX. Intel SGX instructions enable user mode applications to package trusted code and data into regions that are isolated from all other software on the machine, and also provide cryptographic primitives such as remote attestation. Our research is developing a principled approach to building cloud services with end-to-end security guarantees, including only these trusted hardware primitives in our trusted computing base. In this talk, I will demonstrate how one can use compiler and verification techniques to develop formally verified SGX programs, and demonstrate applications where Map-Reduce programs running on SGX can be certified to not leak secrets.
Rohit Sinha is currently pursuing a Ph.D. in EECS at UC Berkeley, where he works with Prof. Sanjit Seshia. His research interests include programming languages, software verification, and security.