ENCRYPT at the European Network for Cybersecurity (NeCS) PhD School

ENCRYPT contributed to this year’s edition of the European Network for Cybersecurity (NeCS) PhD School. The school was launched six years ago, in response to the increasing need of highly qualified experts in cyber-security. The school addresses the issues of training and development of talented junior researchers, as indicated in the European Cybersecurity strategy and highlighted in the EC’s Digital Agenda.

Our colleague Luigi Romano from partner TrustUp gave a lecture titled: “Hardware-assisted Trusted Computing: State of The Art and Emerging Use Cases”. In the lecture, he explained that even the most secure algorithm is vulnerable if the computing environment where it is executed is not adequately protected, and he presented the solutions which are being developed in ENCRYPT to provide such protection. In particular, he focused on ENCRYPT protection mechanisms for data “in use” (i.e., when it is loaded in the RAM or in the CPU for executing a computation) based on Trusted Execution Environment (TEE) technology. It is worth emphasizing that – while protection of data in transfer and at rest is relatively easy to achieve – protection of data in use is still, to a large extent, an open issue.

The challenge here is that data must be protected also from attacks by privileged users (e.g., system administrators or cloud providers) and software (e.g., the operating system or the hypervisor). Protection of data in use is a number one priority in security research, since it the enabling factor of a number of business opportunities. Suffice to say that there is a huge business case around Cloud Computing. The Cloud Security Alliance report lists the top threats to cloud security and one of these is the insider threat, which is a major obstacle to the real adoption of the cloud computing paradigm. Some of the big players of the cloud market have already realized that addressing the insider threat is a number one priority, and offer cloud solutions which provide high guarantees of being immune from such a threat (for instance Microsoft Azure Confidential Computing- MS ACC).

MS ACC “safeguards data from malicious and insider threats while in use”. The availability of a “Trusted Cloud” would unleash the potential of a number of application domains. As an example, the option of moving security and/or safety critical applications (such as e-health or finance ENCRYPT pilots) to the cloud – often referred to in the scientific and technical literature as ”cloudifying critical applications” – is receiving more and more attention in the last few years, since the cloud paradigm has a dramatic potential in terms of reduction of costs for maintenance and management of hardware and software platforms, not to mention the advantages with respect to availability which are brought about by the inherent redundancy of the underlying IT infrastructure.

See below photos from the event.