-
CS Colloquium: Mengyuan Li - Confidential Computing and Trusted Execution Environment: Challenges, Opportunities, and the Future
Wed, Mar 20, 2024 @ 10:00 AM - 11:00 AM
Thomas Lord Department of Computer Science
Conferences, Lectures, & Seminars
Speaker: Mengyuan Li, MIT
Talk Title: Confidential Computing and Trusted Execution Environment: Challenges, Opportunities, and the Future
Abstract: Confidential Computing, or Trusted Execution Environment (TEE), represents a cutting-edge design in server-grade CPUs. This technology acts as a protective shield for cloud tasks, safeguarding the confidentiality and integrity of cloud workloads against a range of threats, including attacks from privileged software, physical attackers, and untrustworthy hypervisors. As the demand for secure private data handling continues to rise, the adoption of Confidential Computing has become widespread across various industries. Evidence of this includes the adoption of TEE in server-grade CPUs from major vendors like Intel, AMD, and ARM. Furthermore, leading cloud service providers, such as AWS, Google Cloud, Microsoft Azure, and IBM Cloud, now offer commercial Confidential Computing services. In this talk, I will outline my contributions to the study of complex, heterogeneous Confidential Computing systems. I will share my insights into two real-world vulnerabilities we uncovered within commercial Confidential Computing systems, along with our joint efforts with CPU manufacturers to address these issues in the latest server-grade CPUs. At the hardware design level, I will discuss a novel ciphertext side-channel attack targeting hardware-accelerated memory encryption, which is a crucial hardware feature to protect the memory of cloud workloads. Moving to the software system design level, I will illustrate how inadequately designed TEE operating systems can pose a threat to the security of Confidential VMs. Finally, I will outline my ongoing efforts and future directions in enhancing the security and effectiveness of Confidential Computing and my research vision towards building secure and performant hardware systems. This lecture satisfies requirements for CSCI 591: Research Colloquium
Biography: Mengyuan Li is a postdoctoral researcher at CSAIL, MIT, under the guidance of Prof. Mengjia Yan. His research focuses on bringing security and trust to hardware systems, with a recent concentration in Confidential Cloud Computing and Trusted Execution Environments. To this end, he has identified real-world hardware vulnerabilities in commodity CPUs, which have been acknowledged by manufacturers through hardware CVEs and several security bulletins. Additionally, he has collaborated closely with industry teams such as AMD, Intel, WolfSSL, and Alibaba Cloud to develop mitigations and design commercial trustworthy hardware systems. His research findings have been published in top security and privacy venues, including S&P, Usenix Security, and CCS, and have been recognized by the CCS 2021 Best Paper Runner-up Award. Before MIT, Mengyuan earned his Ph.D. in Computer Science and Engineering from The Ohio State University (OSU) in 2022.
Host: Seo Jin Park
Location: Olin Hall of Engineering (OHE) - 132
Audiences: Everyone Is Invited
Contact: CS Faculty Affairs