Tushar Jois (Johns Hopkins University), Hyun Bin Lee, Christopher Fletcher, Carl A. Gunter (University of Illinois at Urbana-Champaign)

In this talk, we present the experimental approaches used in the design and validation of DOVE, the Data-Oblivious Virtual Environment. DOVE instruments a complex programming environment (such as R) to produce a Data-Oblivious Transcript (DOT) that is explicitly designed to support computation free of any microarchitectural side channels. This transcript is then evaluated on a Trusted Execution Environment (TEE) containing sensitive data using a small, trusted computing base.

We first discuss subtle side-channel vulnerabilities that can arise in high-level languages, and how these difficult-to-find vulnerabilities lead to a break in the trust model of TEEs like Intel SGX. We then share our experimental techniques to identify these vulnerabilities in the R language. We use the lessons learned from these experiments in the design of DOVE, creating the first side-channel-resistant R programming stack. We then use the same experimental analyses to validate the security of the two-phase architecture provided by DOT generation and evaluation in the face of the same vulnerabilities.

Speaker's biographies

Tushar Jois is a third-year PhD candidate at Johns Hopkins University, studying computer security under his advisor Dr. Avi Rubin. He received his BS and MSE degrees in computer science from Johns Hopkins. His primary research interests are in systems, software, and network security, with emphasis on security and privacy for personal devices: protecting users and their everyday data from prying eyes.

Hyun Bin Lee is a fourth-year PhD student at the University of Illinois at Urbana-Champaign, studying computer security under Dr. Carl A. Gunter. He also received both MS and BS degrees in computer science from the University of Illinois. His research interests include systems security, genomic security & privacy, and IoT security.

Chris Fletcher is an Assistant Professor in Computer Science at the University of Illinois at Urbana-Champaign. He has broad interests ranging from Computer Architecture to Security to High-Performance Computing (ranging from theory to practice). These and related works have been awarded with election to the DARPA ISAT study group, the Intel CRC Outstanding Researcher Award, the NSF CAREER award, a Google Faculty Award, the George M. Sprowls Award for Outstanding Ph.D. Thesis in Computer Science at MIT, 14 paper awards, and were listed as one of ten "World Changing Ideas" designations by Scientific American.

Carl A. Gunter is George and Ann Fisher Distinguished Professor in Engineering at the University of Illinois at Urbana-Champaign. He has made research contributions to the semantics of programming languages, formal methods, security, and privacy. His recent work has concerned security and privacy issues for power grids, healthcare systems, and IoT. He serves as the director of Illinois Security Lab, the founding chair of the security and privacy area in the Computer Science Department, and lead for the Genomic Security and Privacy Theme at the Institute for Genomic Biology.

View More Papers

PFirewall: Semantics-Aware Customizable Data Flow Control for Smart Home...

Haotian Chi (Temple University), Qiang Zeng (University of South Carolina), Xiaojiang Du (Temple University), Lannan Luo (University of South Carolina)

Read More

Detecting Tor Bridge from Sampled Traffic in Backbone Networks

Hua Wu (School of Cyber Science & Engineering and Key Laboratory of Computer Network and Information Integration Southeast University, Ministry of Education, Jiangsu Nanjing, Purple Mountain Laboratories for Network and Communication Security (Nanjing, Jiangsu)), Shuyi Guo, Guang Cheng, Xiaoyan Hu (School of Cyber Science & Engineering and Key Laboratory of Computer Network and Information Integration…

Read More

CROW: Code Diversification for WebAssembly

Javier Cabrera Arteaga, Orestis Floros, Benoit Baudry, Martin Monperrus (KTH Royal Institute of Technology), Oscar Vera Perez (Univ Rennes, Inria, CNRS, IRISA)

Read More

Debunking Exposure Notification

Serge Vaudenay, EPFL, Switzerland

Read More