(Go: >> BACK << -|- >> HOME <<)
SlideShare a Scribd company logo

HiPEAC 2022_Marcelo Pasin presentation

Download as PPTX, PDF
VEDLIoT Project
VEDLIoT Project

Security for VEDLIoT Components, from Cloud through Edge to IoT. Marcelo Pasin. Workshop on Deep Learning for IoT (DL4IoT), co-located with HiPEAC 2022, Budapest, Hungary, June 2022

1 of 14
Marcelo Pasin University of Neuchâtel HiPEAC 2022 Budapest, 20 June 2022 Security for VEDLIoT Components, from Cloud through Edge to IoT
2 Applications (WP7) Requirements (WP2) Security & Safety (WP5) Trusted Exec. Hardware (WP4) Accelerator (WP3) Middleware (WP6) Embedded / Far Edge (u.RECS) Near Edge (t.RECS) Cloud (RECS|Box) FPGA Reconfigurable Infrastructure Communication Run-Time reconfiguration Management ASIC AI Accelerators Ultra Low Power Mid Range High Performance AI Toolchain (EmbeDL) Optimization Model Zoo Robustness Deployment Industrial IoT Motor Condition Classification Arc Detection Automotive AI Automatic Emergency Breaking Safety and Robustness Monitoring RISC-V extensions Trusted Web Assembly VM Root of Trust Distributed Attestation RISC-V evaluation (Embench Tester) Benchmark Framework (Kenning) Smart Home Smart Mirror Require- ments Engineering Ethics Safety and Robustness Modelling and Verification IoT/Edge Emulation Framework (Renode) Processing Platforms Peripherals Communication Infrastructures ARM, x86, RISC-V, GPU, FPGA, ASIC Open Calls … … … Trusted Com. Secure IoT Gateway LORA/5G
3 Processing IoT data in 2022 • Cloud applications are everywhere • High availability and performance, flexible management • Very common usage: cloud-backed handheld apps • Edge processing capacity is expanding • Proximity, lower latency • Legal compliance • Internet of things is being deployed • Small devices, simple tasks, user-centred • VEDLIoT project • Develop hardware and software solutions • Use deep learning to process IoT data GPS
4 Security must be part of the continuum • Providers, developers and users must be able to trust in the whole continuum • Security has always been essential in the cloud • Users need guarantees that their data's confidentiality and integrity are respected • Hard to provide in a multi-tenant system: co-tenants may use vulnerabilities to uncover (or infer) data • Even harder when the providers are curious, they have the power to inspect all content • Infrastructure providers wish to be protected from malicious tenants • Tenants may try to exploit vulnerabilities for their own profit • Edge-based infrastructure offers far fewer guarantees than the cloud • Edge computers are much more distributed when compared to the cloud • Installed in user buildings, shared infrastructures, next to roads • Impossible to maintain physical control over the resources • Edge administrators have physical control of the edge devices (similar to cloud) • Users are in the proximity of the edge devices and may physically abuse them • IoT security: either same as edge, or the end-user responsibility
5 Trusted execution environments can help • Most recent computer architectures include a practical solution for establishing trust • Trusted execution environments (TEEs) • TEEs allow software execution in a segregated (secure) space • Access to the space is architecturally impossible from other software • Not even machine administrators can access TEE software • Hardware implementations include an extra execution mode in the processor • May even include memory (RAM) encryption for TEE data • Very popular implementation of TEE: Intel's Secure Guard Extensions (SGX) • Commercial cloud services already exist (ex. Azure Confidential Computing) • Similar solution is necessary for the edge deployments as well • Very popular edge architecture: Arm, offers TrustZone as a TEE • Underlying hardware is built using proprietary and incompatible solutions • Harder to reuse trusted software from cloud to edge and vice versa
6 Cloud-edge-IoT continuum is not so continuous
7 WebAssembly as the common denominator • In VEDLIoT, we proposed using WebAssembly as the technology • We advocate that it is adequate for implementing applications in the continuum • Seamless technology across most hardware devices and software environments • Modern hardware is already able to run WebAssembly efficiently • Technology developed for running distributed applications in web browsers • Good performance and decent levels of security • One can increase security using trusted execution environments • So many bits are still missing for the true continuum • Some of the missing bits are being developed in VEDLIoT • Several security artifacts around TEEs • In this presentation: TEEs in WebAssembly
8 TWINE, a solution with Intel SGX • TWINE: an execution environment suited for WebAssembly applications inside TEEs • Implemented using Intel SGX • Built with two main blocks • WebAssembly runtime • Adapted WAMR • Entirely inside the TEE • WASI interface • Bridge between trusted and untrusted environments • Abstracts the machinery of the underlying OS
9 TWINE performance SQLite Speedtest1 Polybench/C
10 WATZ, a solution with Arm TrustZone • WATZ: WebAssembly for TrustZone • Similar to TWINE, using Arm processors • Added missing functionality: remote attestation • Extended WASI interface
11 WATZ performance SQLite Speedtest1 Polybench/C
12 There’s much more in VEDLIoT Other components for implementing security (this list keeps growing) • Physical Memory Protection Unit for RISC-V • ISA extension for facilitating trusted execution on embedded devices • Free and open-source implementation and docs • Secure communication in TrustZone-M (IoT devices) • Mechanism for communication between the TEE and the untrusted environment • Lightweight message protection scheme using the Memory Protection Unit • Replicated remote attestation system • Byzantine fault-tolerant implementation • Auditable integrity-protected storage • Membership and coordination primitives
13 Conclusion Security for VEDLIoT Components, from cloud through edge to the IoT • WebAssembly to build composable applications over the continuum • WebAssembly runtimes for Intel SGX and Arm TrustZone, with attestation • Byzantine fault-tolerant attestation service • TEE for RISC-V • Communication for Arm TEE for embedded systems • Work ahead • Support applications, for example: (yet to define) • Running machine learning in TEEs • Implement distributed attestation in a use case • Maybe edge-cloud migration (offloading)
Questions?

More Related Content

Similar to HiPEAC 2022_Marcelo Pasin presentation

Global Azure boot camp 2015 - Microsoft IoT Solutions with Azure
Global Azure boot camp 2015 - Microsoft IoT Solutions with AzureGlobal Azure boot camp 2015 - Microsoft IoT Solutions with Azure
Global Azure boot camp 2015 - Microsoft IoT Solutions with Azure
Vinoth Rajagopalan
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
 
VMworld 2015: vCloud Air 2015 – Getting Started with Hybrid Cloud
VMworld 2015: vCloud Air 2015 – Getting Started with Hybrid CloudVMworld 2015: vCloud Air 2015 – Getting Started with Hybrid Cloud
VMworld 2015: vCloud Air 2015 – Getting Started with Hybrid Cloud
VMworld
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Eurotech
 
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
mCloud
 
Attestation Mechanisms for Trusted Execution Environments Demystified - Prese...
Attestation Mechanisms for Trusted Execution Environments Demystified - Prese...Attestation Mechanisms for Trusted Execution Environments Demystified - Prese...
Attestation Mechanisms for Trusted Execution Environments Demystified - Prese...
Jämes Ménétrey
 
Accelerating Innovation from Edge to Cloud
Accelerating Innovation from Edge to CloudAccelerating Innovation from Edge to Cloud
Accelerating Innovation from Edge to Cloud
Rebekah Rodriguez
 
Audi - TCU Project - H Schumacher
Audi - TCU Project - H SchumacherAudi - TCU Project - H Schumacher
Audi - TCU Project - H Schumacher
mfrancis
 
Edge Zones In CloudStack
Edge Zones In CloudStackEdge Zones In CloudStack
Edge Zones In CloudStack
ShapeBlue
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiu
Arm
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
LF Events
 
Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overview
Mark Argent
 
Walking through the fog (computing) - Keynote talk at Italian Networking Work...
Walking through the fog (computing) - Keynote talk at Italian Networking Work...Walking through the fog (computing) - Keynote talk at Italian Networking Work...
Walking through the fog (computing) - Keynote talk at Italian Networking Work...
FBK CREATE-NET
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation
Eurotech
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET Journal
 
Affordable trustworthy-systems
Affordable trustworthy-systemsAffordable trustworthy-systems
Affordable trustworthy-systems
microkerneldude
 
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded DayC:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
Arik Weinstein
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
Hendri Karisma
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
CloudPassage
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
xKinAnx
 

Similar to HiPEAC 2022_Marcelo Pasin presentation (20)

Global Azure boot camp 2015 - Microsoft IoT Solutions with Azure
Global Azure boot camp 2015 - Microsoft IoT Solutions with AzureGlobal Azure boot camp 2015 - Microsoft IoT Solutions with Azure
Global Azure boot camp 2015 - Microsoft IoT Solutions with Azure
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
 
VMworld 2015: vCloud Air 2015 – Getting Started with Hybrid Cloud
VMworld 2015: vCloud Air 2015 – Getting Started with Hybrid CloudVMworld 2015: vCloud Air 2015 – Getting Started with Hybrid Cloud
VMworld 2015: vCloud Air 2015 – Getting Started with Hybrid Cloud
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
 
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
 
Attestation Mechanisms for Trusted Execution Environments Demystified - Prese...
Attestation Mechanisms for Trusted Execution Environments Demystified - Prese...Attestation Mechanisms for Trusted Execution Environments Demystified - Prese...
Attestation Mechanisms for Trusted Execution Environments Demystified - Prese...
 
Accelerating Innovation from Edge to Cloud
Accelerating Innovation from Edge to CloudAccelerating Innovation from Edge to Cloud
Accelerating Innovation from Edge to Cloud
 
Audi - TCU Project - H Schumacher
Audi - TCU Project - H SchumacherAudi - TCU Project - H Schumacher
Audi - TCU Project - H Schumacher
 
Edge Zones In CloudStack
Edge Zones In CloudStackEdge Zones In CloudStack
Edge Zones In CloudStack
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiu
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
 
Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overview
 
Walking through the fog (computing) - Keynote talk at Italian Networking Work...
Walking through the fog (computing) - Keynote talk at Italian Networking Work...Walking through the fog (computing) - Keynote talk at Italian Networking Work...
Walking through the fog (computing) - Keynote talk at Italian Networking Work...
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
 
Affordable trustworthy-systems
Affordable trustworthy-systemsAffordable trustworthy-systems
Affordable trustworthy-systems
 
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded DayC:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
 

More from VEDLIoT Project

IoT Tech Expo 2023_Micha vor dem Berge presentation
IoT Tech Expo 2023_Micha vor dem Berge presentationIoT Tech Expo 2023_Micha vor dem Berge presentation
IoT Tech Expo 2023_Micha vor dem Berge presentation
VEDLIoT Project
 
Computing Frontiers 2023_Pedro Trancoso presentation
Computing Frontiers 2023_Pedro Trancoso presentationComputing Frontiers 2023_Pedro Trancoso presentation
Computing Frontiers 2023_Pedro Trancoso presentation
VEDLIoT Project
 
HiPEAC-CSW 2022_Pedro Trancoso presentation
HiPEAC-CSW 2022_Pedro Trancoso presentationHiPEAC-CSW 2022_Pedro Trancoso presentation
HiPEAC-CSW 2022_Pedro Trancoso presentation
VEDLIoT Project
 
IoT Week 2022-NGIoT session_Micha vor dem Berge presentation
IoT Week 2022-NGIoT session_Micha vor dem Berge presentationIoT Week 2022-NGIoT session_Micha vor dem Berge presentation
IoT Week 2022-NGIoT session_Micha vor dem Berge presentation
VEDLIoT Project
 
Next Generation IoT Architectures_Hans Salomonsson
Next Generation IoT Architectures_Hans SalomonssonNext Generation IoT Architectures_Hans Salomonsson
Next Generation IoT Architectures_Hans Salomonsson
VEDLIoT Project
 
CONASENSE 2022_Jens Hagemeyer presentation
CONASENSE 2022_Jens Hagemeyer presentationCONASENSE 2022_Jens Hagemeyer presentation
CONASENSE 2022_Jens Hagemeyer presentation
VEDLIoT Project
 
NGIoT standardisation workshops_Jens Hagemeyer presentation
NGIoT standardisation workshops_Jens Hagemeyer presentationNGIoT standardisation workshops_Jens Hagemeyer presentation
NGIoT standardisation workshops_Jens Hagemeyer presentation
VEDLIoT Project
 
IoT Tech Expo 2023_Pedro Trancoso presentation
IoT Tech Expo 2023_Pedro Trancoso presentationIoT Tech Expo 2023_Pedro Trancoso presentation
IoT Tech Expo 2023_Pedro Trancoso presentation
VEDLIoT Project
 
HiPEAC-CSW 2022_Kevin Mika presentation
HiPEAC-CSW 2022_Kevin Mika presentationHiPEAC-CSW 2022_Kevin Mika presentation
HiPEAC-CSW 2022_Kevin Mika presentation
VEDLIoT Project
 
HiPEAC 2022-DL4IoT workshop_René Griessl presentation
HiPEAC 2022-DL4IoT workshop_René Griessl presentationHiPEAC 2022-DL4IoT workshop_René Griessl presentation
HiPEAC 2022-DL4IoT workshop_René Griessl presentation
VEDLIoT Project
 
SS-CPSIoT 2023_Kevin Mika and Piotr Zierhoffer presentation
SS-CPSIoT 2023_Kevin Mika and Piotr Zierhoffer presentationSS-CPSIoT 2023_Kevin Mika and Piotr Zierhoffer presentation
SS-CPSIoT 2023_Kevin Mika and Piotr Zierhoffer presentation
VEDLIoT Project
 
HiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentation
HiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentationHiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentation
HiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentation
VEDLIoT Project
 
IoT Week 2021_Jens Hagemeyer presentation
IoT Week 2021_Jens Hagemeyer presentationIoT Week 2021_Jens Hagemeyer presentation
IoT Week 2021_Jens Hagemeyer presentation
VEDLIoT Project
 
IoT Tech Expo 2023_Hans-Martin Heyn presentation
IoT Tech Expo 2023_Hans-Martin Heyn presentationIoT Tech Expo 2023_Hans-Martin Heyn presentation
IoT Tech Expo 2023_Hans-Martin Heyn presentation
VEDLIoT Project
 
HiPEAC 2022_Marco Tassemeier presentation
HiPEAC 2022_Marco Tassemeier presentationHiPEAC 2022_Marco Tassemeier presentation
HiPEAC 2022_Marco Tassemeier presentation
VEDLIoT Project
 
HiPEAC Computing Systems Week 2022_Mario Porrmann presentation
HiPEAC Computing Systems Week 2022_Mario Porrmann presentationHiPEAC Computing Systems Week 2022_Mario Porrmann presentation
HiPEAC Computing Systems Week 2022_Mario Porrmann presentation
VEDLIoT Project
 
HiPEAC2022_António Casimiro presentation
HiPEAC2022_António Casimiro presentationHiPEAC2022_António Casimiro presentation
HiPEAC2022_António Casimiro presentation
VEDLIoT Project
 
NGIoT Sustainability Workshop 2023_ Hans-Martin Heyn presentation
NGIoT Sustainability Workshop 2023_ Hans-Martin Heyn presentationNGIoT Sustainability Workshop 2023_ Hans-Martin Heyn presentation
NGIoT Sustainability Workshop 2023_ Hans-Martin Heyn presentation
VEDLIoT Project
 
EU-IoT Training Workshops Series: AIoT and Edge Machine Learning 2021_Jens Ha...
EU-IoT Training Workshops Series: AIoT and Edge Machine Learning 2021_Jens Ha...EU-IoT Training Workshops Series: AIoT and Edge Machine Learning 2021_Jens Ha...
EU-IoT Training Workshops Series: AIoT and Edge Machine Learning 2021_Jens Ha...
VEDLIoT Project
 
NGIoT Sustainability Workshop 2023_Rene Griessl presentation
NGIoT Sustainability Workshop 2023_Rene Griessl presentationNGIoT Sustainability Workshop 2023_Rene Griessl presentation
NGIoT Sustainability Workshop 2023_Rene Griessl presentation
VEDLIoT Project
 

More from VEDLIoT Project (20)

IoT Tech Expo 2023_Micha vor dem Berge presentation
IoT Tech Expo 2023_Micha vor dem Berge presentationIoT Tech Expo 2023_Micha vor dem Berge presentation
IoT Tech Expo 2023_Micha vor dem Berge presentation
 
Computing Frontiers 2023_Pedro Trancoso presentation
Computing Frontiers 2023_Pedro Trancoso presentationComputing Frontiers 2023_Pedro Trancoso presentation
Computing Frontiers 2023_Pedro Trancoso presentation
 
HiPEAC-CSW 2022_Pedro Trancoso presentation
HiPEAC-CSW 2022_Pedro Trancoso presentationHiPEAC-CSW 2022_Pedro Trancoso presentation
HiPEAC-CSW 2022_Pedro Trancoso presentation
 
IoT Week 2022-NGIoT session_Micha vor dem Berge presentation
IoT Week 2022-NGIoT session_Micha vor dem Berge presentationIoT Week 2022-NGIoT session_Micha vor dem Berge presentation
IoT Week 2022-NGIoT session_Micha vor dem Berge presentation
 
Next Generation IoT Architectures_Hans Salomonsson
Next Generation IoT Architectures_Hans SalomonssonNext Generation IoT Architectures_Hans Salomonsson
Next Generation IoT Architectures_Hans Salomonsson
 
CONASENSE 2022_Jens Hagemeyer presentation
CONASENSE 2022_Jens Hagemeyer presentationCONASENSE 2022_Jens Hagemeyer presentation
CONASENSE 2022_Jens Hagemeyer presentation
 
NGIoT standardisation workshops_Jens Hagemeyer presentation
NGIoT standardisation workshops_Jens Hagemeyer presentationNGIoT standardisation workshops_Jens Hagemeyer presentation
NGIoT standardisation workshops_Jens Hagemeyer presentation
 
IoT Tech Expo 2023_Pedro Trancoso presentation
IoT Tech Expo 2023_Pedro Trancoso presentationIoT Tech Expo 2023_Pedro Trancoso presentation
IoT Tech Expo 2023_Pedro Trancoso presentation
 
HiPEAC-CSW 2022_Kevin Mika presentation
HiPEAC-CSW 2022_Kevin Mika presentationHiPEAC-CSW 2022_Kevin Mika presentation
HiPEAC-CSW 2022_Kevin Mika presentation
 
HiPEAC 2022-DL4IoT workshop_René Griessl presentation
HiPEAC 2022-DL4IoT workshop_René Griessl presentationHiPEAC 2022-DL4IoT workshop_René Griessl presentation
HiPEAC 2022-DL4IoT workshop_René Griessl presentation
 
SS-CPSIoT 2023_Kevin Mika and Piotr Zierhoffer presentation
SS-CPSIoT 2023_Kevin Mika and Piotr Zierhoffer presentationSS-CPSIoT 2023_Kevin Mika and Piotr Zierhoffer presentation
SS-CPSIoT 2023_Kevin Mika and Piotr Zierhoffer presentation
 
HiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentation
HiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentationHiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentation
HiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentation
 
IoT Week 2021_Jens Hagemeyer presentation
IoT Week 2021_Jens Hagemeyer presentationIoT Week 2021_Jens Hagemeyer presentation
IoT Week 2021_Jens Hagemeyer presentation
 
IoT Tech Expo 2023_Hans-Martin Heyn presentation
IoT Tech Expo 2023_Hans-Martin Heyn presentationIoT Tech Expo 2023_Hans-Martin Heyn presentation
IoT Tech Expo 2023_Hans-Martin Heyn presentation
 
HiPEAC 2022_Marco Tassemeier presentation
HiPEAC 2022_Marco Tassemeier presentationHiPEAC 2022_Marco Tassemeier presentation
HiPEAC 2022_Marco Tassemeier presentation
 
HiPEAC Computing Systems Week 2022_Mario Porrmann presentation
HiPEAC Computing Systems Week 2022_Mario Porrmann presentationHiPEAC Computing Systems Week 2022_Mario Porrmann presentation
HiPEAC Computing Systems Week 2022_Mario Porrmann presentation
 
HiPEAC2022_António Casimiro presentation
HiPEAC2022_António Casimiro presentationHiPEAC2022_António Casimiro presentation
HiPEAC2022_António Casimiro presentation
 
NGIoT Sustainability Workshop 2023_ Hans-Martin Heyn presentation
NGIoT Sustainability Workshop 2023_ Hans-Martin Heyn presentationNGIoT Sustainability Workshop 2023_ Hans-Martin Heyn presentation
NGIoT Sustainability Workshop 2023_ Hans-Martin Heyn presentation
 
EU-IoT Training Workshops Series: AIoT and Edge Machine Learning 2021_Jens Ha...
EU-IoT Training Workshops Series: AIoT and Edge Machine Learning 2021_Jens Ha...EU-IoT Training Workshops Series: AIoT and Edge Machine Learning 2021_Jens Ha...
EU-IoT Training Workshops Series: AIoT and Edge Machine Learning 2021_Jens Ha...
 
NGIoT Sustainability Workshop 2023_Rene Griessl presentation
NGIoT Sustainability Workshop 2023_Rene Griessl presentationNGIoT Sustainability Workshop 2023_Rene Griessl presentation
NGIoT Sustainability Workshop 2023_Rene Griessl presentation
 

Recently uploaded

ThrombUS+ Project Presentation - June 2024
ThrombUS+ Project Presentation - June 2024ThrombUS+ Project Presentation - June 2024
ThrombUS+ Project Presentation - June 2024
elenikaldoudi1
 
Electrostatic force class 8 physics .pdf
Electrostatic force class 8 physics .pdfElectrostatic force class 8 physics .pdf
Electrostatic force class 8 physics .pdf
yokeswarikannan123
 
Types of Garden (Mughal and Buddhist style)
Types of Garden (Mughal and Buddhist style)Types of Garden (Mughal and Buddhist style)
Types of Garden (Mughal and Buddhist style)
saloniswain225
 
PART 1 The New Natural Principles of Electromagnetism and Electromagnetic Fie...
PART 1 The New Natural Principles of Electromagnetism and Electromagnetic Fie...PART 1 The New Natural Principles of Electromagnetism and Electromagnetic Fie...
PART 1 The New Natural Principles of Electromagnetism and Electromagnetic Fie...
Thane Heins
 
Founders Of Modern Science 16th Century to the 21st Century.pdf
Founders Of Modern Science 16th Century to the 21st Century.pdfFounders Of Modern Science 16th Century to the 21st Century.pdf
Founders Of Modern Science 16th Century to the 21st Century.pdf
Steven Camilleri
 
SUBJECT SPECIFIC ETHICAL ISSUES IN STUDY
SUBJECT SPECIFIC ETHICAL ISSUES IN STUDYSUBJECT SPECIFIC ETHICAL ISSUES IN STUDY
SUBJECT SPECIFIC ETHICAL ISSUES IN STUDY
Dr Kirpa Ram Jangra
 
degree Certificate of Aston University
degree Certificate of Aston Universitydegree Certificate of Aston University
degree Certificate of Aston University
ebgyz
 
The National Research Platform Enables a Growing Diversity of Users and Appl...
The National Research Platform Enables a Growing Diversity of Users and Appl...The National Research Platform Enables a Growing Diversity of Users and Appl...
The National Research Platform Enables a Growing Diversity of Users and Appl...
Larry Smarr
 
Liver & Gall Bladder 23098463278654387654328765439875.pptx
Liver & Gall Bladder 23098463278654387654328765439875.pptxLiver & Gall Bladder 23098463278654387654328765439875.pptx
Liver & Gall Bladder 23098463278654387654328765439875.pptx
muralinath2
 
TOPIC: INTRODUCTION TO FORENSIC SCIENCE.pptx
TOPIC: INTRODUCTION TO FORENSIC SCIENCE.pptxTOPIC: INTRODUCTION TO FORENSIC SCIENCE.pptx
TOPIC: INTRODUCTION TO FORENSIC SCIENCE.pptx
imansiipandeyy
 
Principles of Colorimetry - Mastering the Art of Colour Measurement
Principles of Colorimetry - Mastering the Art of Colour MeasurementPrinciples of Colorimetry - Mastering the Art of Colour Measurement
Principles of Colorimetry - Mastering the Art of Colour Measurement
Colours Guide
 
Cause and solution of Water hyacinth (Terror of Bengal)
Cause and solution of Water hyacinth (Terror of Bengal)Cause and solution of Water hyacinth (Terror of Bengal)
Cause and solution of Water hyacinth (Terror of Bengal)
saloniswain225
 
Dalghren, Thorne and Stebbins System of Classification of Angiosperms
Dalghren, Thorne and Stebbins System of Classification of AngiospermsDalghren, Thorne and Stebbins System of Classification of Angiosperms
Dalghren, Thorne and Stebbins System of Classification of Angiosperms
Gurjant Singh
 
Electrostatic force class 8 ncert. .pptx
Electrostatic force class 8 ncert. .pptxElectrostatic force class 8 ncert. .pptx
Electrostatic force class 8 ncert. .pptx
yokeswarikannan123
 
CULEX MOSQUITOES, SYSTEMATIC CLASSIFICATION, MORPHOLOGY, LIFE CYCLE , CLINICA...
CULEX MOSQUITOES, SYSTEMATIC CLASSIFICATION, MORPHOLOGY, LIFE CYCLE , CLINICA...CULEX MOSQUITOES, SYSTEMATIC CLASSIFICATION, MORPHOLOGY, LIFE CYCLE , CLINICA...
CULEX MOSQUITOES, SYSTEMATIC CLASSIFICATION, MORPHOLOGY, LIFE CYCLE , CLINICA...
DhakeshworShougrakpa
 
Gijubhai Badheka bed 1st year pppt presentation
Gijubhai Badheka bed 1st year pppt presentationGijubhai Badheka bed 1st year pppt presentation
Gijubhai Badheka bed 1st year pppt presentation
PRITIKUMARI117
 
Prototype Implementation of Non-Volatile Memory Support for RISC-V Keystone E...
Prototype Implementation of Non-Volatile Memory Support for RISC-V Keystone E...Prototype Implementation of Non-Volatile Memory Support for RISC-V Keystone E...
Prototype Implementation of Non-Volatile Memory Support for RISC-V Keystone E...
LenaYu2
 
Mathematics 7th class English medium text book
Mathematics 7th class English medium text bookMathematics 7th class English medium text book
Mathematics 7th class English medium text book
AnilKumar210119
 
Science grade 09 Lesson1-2 NLC-pptx.pptx
Science grade 09 Lesson1-2 NLC-pptx.pptxScience grade 09 Lesson1-2 NLC-pptx.pptx
Science grade 09 Lesson1-2 NLC-pptx.pptx
JoanaBanasen1
 
CONSOLSCI8_Lesson1. presentation for NLC
CONSOLSCI8_Lesson1. presentation for NLCCONSOLSCI8_Lesson1. presentation for NLC
CONSOLSCI8_Lesson1. presentation for NLC
ROLANARIBATO3
 

Recently uploaded (20)

ThrombUS+ Project Presentation - June 2024
ThrombUS+ Project Presentation - June 2024ThrombUS+ Project Presentation - June 2024
ThrombUS+ Project Presentation - June 2024
 
Electrostatic force class 8 physics .pdf
Electrostatic force class 8 physics .pdfElectrostatic force class 8 physics .pdf
Electrostatic force class 8 physics .pdf
 
Types of Garden (Mughal and Buddhist style)
Types of Garden (Mughal and Buddhist style)Types of Garden (Mughal and Buddhist style)
Types of Garden (Mughal and Buddhist style)
 
PART 1 The New Natural Principles of Electromagnetism and Electromagnetic Fie...
PART 1 The New Natural Principles of Electromagnetism and Electromagnetic Fie...PART 1 The New Natural Principles of Electromagnetism and Electromagnetic Fie...
PART 1 The New Natural Principles of Electromagnetism and Electromagnetic Fie...
 
Founders Of Modern Science 16th Century to the 21st Century.pdf
Founders Of Modern Science 16th Century to the 21st Century.pdfFounders Of Modern Science 16th Century to the 21st Century.pdf
Founders Of Modern Science 16th Century to the 21st Century.pdf
 
SUBJECT SPECIFIC ETHICAL ISSUES IN STUDY
SUBJECT SPECIFIC ETHICAL ISSUES IN STUDYSUBJECT SPECIFIC ETHICAL ISSUES IN STUDY
SUBJECT SPECIFIC ETHICAL ISSUES IN STUDY
 
degree Certificate of Aston University
degree Certificate of Aston Universitydegree Certificate of Aston University
degree Certificate of Aston University
 
The National Research Platform Enables a Growing Diversity of Users and Appl...
The National Research Platform Enables a Growing Diversity of Users and Appl...The National Research Platform Enables a Growing Diversity of Users and Appl...
The National Research Platform Enables a Growing Diversity of Users and Appl...
 
Liver & Gall Bladder 23098463278654387654328765439875.pptx
Liver & Gall Bladder 23098463278654387654328765439875.pptxLiver & Gall Bladder 23098463278654387654328765439875.pptx
Liver & Gall Bladder 23098463278654387654328765439875.pptx
 
TOPIC: INTRODUCTION TO FORENSIC SCIENCE.pptx
TOPIC: INTRODUCTION TO FORENSIC SCIENCE.pptxTOPIC: INTRODUCTION TO FORENSIC SCIENCE.pptx
TOPIC: INTRODUCTION TO FORENSIC SCIENCE.pptx
 
Principles of Colorimetry - Mastering the Art of Colour Measurement
Principles of Colorimetry - Mastering the Art of Colour MeasurementPrinciples of Colorimetry - Mastering the Art of Colour Measurement
Principles of Colorimetry - Mastering the Art of Colour Measurement
 
Cause and solution of Water hyacinth (Terror of Bengal)
Cause and solution of Water hyacinth (Terror of Bengal)Cause and solution of Water hyacinth (Terror of Bengal)
Cause and solution of Water hyacinth (Terror of Bengal)
 
Dalghren, Thorne and Stebbins System of Classification of Angiosperms
Dalghren, Thorne and Stebbins System of Classification of AngiospermsDalghren, Thorne and Stebbins System of Classification of Angiosperms
Dalghren, Thorne and Stebbins System of Classification of Angiosperms
 
Electrostatic force class 8 ncert. .pptx
Electrostatic force class 8 ncert. .pptxElectrostatic force class 8 ncert. .pptx
Electrostatic force class 8 ncert. .pptx
 
CULEX MOSQUITOES, SYSTEMATIC CLASSIFICATION, MORPHOLOGY, LIFE CYCLE , CLINICA...
CULEX MOSQUITOES, SYSTEMATIC CLASSIFICATION, MORPHOLOGY, LIFE CYCLE , CLINICA...CULEX MOSQUITOES, SYSTEMATIC CLASSIFICATION, MORPHOLOGY, LIFE CYCLE , CLINICA...
CULEX MOSQUITOES, SYSTEMATIC CLASSIFICATION, MORPHOLOGY, LIFE CYCLE , CLINICA...
 
Gijubhai Badheka bed 1st year pppt presentation
Gijubhai Badheka bed 1st year pppt presentationGijubhai Badheka bed 1st year pppt presentation
Gijubhai Badheka bed 1st year pppt presentation
 
Prototype Implementation of Non-Volatile Memory Support for RISC-V Keystone E...
Prototype Implementation of Non-Volatile Memory Support for RISC-V Keystone E...Prototype Implementation of Non-Volatile Memory Support for RISC-V Keystone E...
Prototype Implementation of Non-Volatile Memory Support for RISC-V Keystone E...
 
Mathematics 7th class English medium text book
Mathematics 7th class English medium text bookMathematics 7th class English medium text book
Mathematics 7th class English medium text book
 
Science grade 09 Lesson1-2 NLC-pptx.pptx
Science grade 09 Lesson1-2 NLC-pptx.pptxScience grade 09 Lesson1-2 NLC-pptx.pptx
Science grade 09 Lesson1-2 NLC-pptx.pptx
 
CONSOLSCI8_Lesson1. presentation for NLC
CONSOLSCI8_Lesson1. presentation for NLCCONSOLSCI8_Lesson1. presentation for NLC
CONSOLSCI8_Lesson1. presentation for NLC
 

HiPEAC 2022_Marcelo Pasin presentation

  • 1. Marcelo Pasin University of Neuchâtel HiPEAC 2022 Budapest, 20 June 2022 Security for VEDLIoT Components, from Cloud through Edge to IoT
  • 2. 2 Applications (WP7) Requirements (WP2) Security & Safety (WP5) Trusted Exec. Hardware (WP4) Accelerator (WP3) Middleware (WP6) Embedded / Far Edge (u.RECS) Near Edge (t.RECS) Cloud (RECS|Box) FPGA Reconfigurable Infrastructure Communication Run-Time reconfiguration Management ASIC AI Accelerators Ultra Low Power Mid Range High Performance AI Toolchain (EmbeDL) Optimization Model Zoo Robustness Deployment Industrial IoT Motor Condition Classification Arc Detection Automotive AI Automatic Emergency Breaking Safety and Robustness Monitoring RISC-V extensions Trusted Web Assembly VM Root of Trust Distributed Attestation RISC-V evaluation (Embench Tester) Benchmark Framework (Kenning) Smart Home Smart Mirror Require- ments Engineering Ethics Safety and Robustness Modelling and Verification IoT/Edge Emulation Framework (Renode) Processing Platforms Peripherals Communication Infrastructures ARM, x86, RISC-V, GPU, FPGA, ASIC Open Calls … … … Trusted Com. Secure IoT Gateway LORA/5G
  • 3. 3 Processing IoT data in 2022 • Cloud applications are everywhere • High availability and performance, flexible management • Very common usage: cloud-backed handheld apps • Edge processing capacity is expanding • Proximity, lower latency • Legal compliance • Internet of things is being deployed • Small devices, simple tasks, user-centred • VEDLIoT project • Develop hardware and software solutions • Use deep learning to process IoT data GPS
  • 4. 4 Security must be part of the continuum • Providers, developers and users must be able to trust in the whole continuum • Security has always been essential in the cloud • Users need guarantees that their data's confidentiality and integrity are respected • Hard to provide in a multi-tenant system: co-tenants may use vulnerabilities to uncover (or infer) data • Even harder when the providers are curious, they have the power to inspect all content • Infrastructure providers wish to be protected from malicious tenants • Tenants may try to exploit vulnerabilities for their own profit • Edge-based infrastructure offers far fewer guarantees than the cloud • Edge computers are much more distributed when compared to the cloud • Installed in user buildings, shared infrastructures, next to roads • Impossible to maintain physical control over the resources • Edge administrators have physical control of the edge devices (similar to cloud) • Users are in the proximity of the edge devices and may physically abuse them • IoT security: either same as edge, or the end-user responsibility
  • 5. 5 Trusted execution environments can help • Most recent computer architectures include a practical solution for establishing trust • Trusted execution environments (TEEs) • TEEs allow software execution in a segregated (secure) space • Access to the space is architecturally impossible from other software • Not even machine administrators can access TEE software • Hardware implementations include an extra execution mode in the processor • May even include memory (RAM) encryption for TEE data • Very popular implementation of TEE: Intel's Secure Guard Extensions (SGX) • Commercial cloud services already exist (ex. Azure Confidential Computing) • Similar solution is necessary for the edge deployments as well • Very popular edge architecture: Arm, offers TrustZone as a TEE • Underlying hardware is built using proprietary and incompatible solutions • Harder to reuse trusted software from cloud to edge and vice versa
  • 6. 6 Cloud-edge-IoT continuum is not so continuous
  • 7. 7 WebAssembly as the common denominator • In VEDLIoT, we proposed using WebAssembly as the technology • We advocate that it is adequate for implementing applications in the continuum • Seamless technology across most hardware devices and software environments • Modern hardware is already able to run WebAssembly efficiently • Technology developed for running distributed applications in web browsers • Good performance and decent levels of security • One can increase security using trusted execution environments • So many bits are still missing for the true continuum • Some of the missing bits are being developed in VEDLIoT • Several security artifacts around TEEs • In this presentation: TEEs in WebAssembly
  • 8. 8 TWINE, a solution with Intel SGX • TWINE: an execution environment suited for WebAssembly applications inside TEEs • Implemented using Intel SGX • Built with two main blocks • WebAssembly runtime • Adapted WAMR • Entirely inside the TEE • WASI interface • Bridge between trusted and untrusted environments • Abstracts the machinery of the underlying OS
  • 10. 10 WATZ, a solution with Arm TrustZone • WATZ: WebAssembly for TrustZone • Similar to TWINE, using Arm processors • Added missing functionality: remote attestation • Extended WASI interface
  • 12. 12 There’s much more in VEDLIoT Other components for implementing security (this list keeps growing) • Physical Memory Protection Unit for RISC-V • ISA extension for facilitating trusted execution on embedded devices • Free and open-source implementation and docs • Secure communication in TrustZone-M (IoT devices) • Mechanism for communication between the TEE and the untrusted environment • Lightweight message protection scheme using the Memory Protection Unit • Replicated remote attestation system • Byzantine fault-tolerant implementation • Auditable integrity-protected storage • Membership and coordination primitives
  • 13. 13 Conclusion Security for VEDLIoT Components, from cloud through edge to the IoT • WebAssembly to build composable applications over the continuum • WebAssembly runtimes for Intel SGX and Arm TrustZone, with attestation • Byzantine fault-tolerant attestation service • TEE for RISC-V • Communication for Arm TEE for embedded systems • Work ahead • Support applications, for example: (yet to define) • Running machine learning in TEEs • Implement distributed attestation in a use case • Maybe edge-cloud migration (offloading)