Securing Secure Enclaves (Internship/Thesis)
Huawei Technologies Oy (Finland), Finland
Job Description
Hardware assisted secure enclaves is a technology direction where secure workloads in a server or terminal equipment are made to execute with a minimal trusted computing base, i.e. with isolation and integrity guaranteed mostly by hardware and supported by as little software as possible, thereby minimizing the attack surface. Technology examples include Intel SGX or VM enclaves constructed via AMD-SEV or ARM-SEL2. A Linux Foundation Consortium (Confidential Compute) nurtures many ecosystem and API projects around this topic, and overall it is a very active research topic for the moment.
In this work, the intern to HSSL will participate in a research project where we intend to further the evolution of memory-protecting the secure enclave code, specifically with the Rust language and a memory-safe run-time. This is itself nothing very novel, there are many research activities promoting Rust code for enclaves, since there is a good match: The enclave is inherently secured by hardware, and the promise of Rust is to generate memory-safe code, ergo, the enclave becomes very resistant against internal or external attacks. However, we intend to leverage the sweet-spot in the intersection between WASM (WebAssembly) interpretation, allowing us to make live-migratable enclaves even between architectures, and Rust. As it happens, Wasmtime, a popular wasm runtime is implemented in Rust and at the same time, wasm is well supported target for Rust. In this work, as part of the research team, the intern will together with our experts design and prototype a few ideas in this area.
Based on an already existing enclave framework, we plan to add Rust WASM support, explore cross-attestation and encryption for enclave migration in this context, but also at extending WASI (the WASM system interface) to include necessary security interfaces for local attestation, RPC and Async calls, e.g. to interact with other Rust code running in the host environment.
This internship can constitute a Master’s thesis work or a PhD internship. Therefore, we especially look for students who have completed all of MSc courses and are searching for an MSc thesis topic, or students with even further experience in security or OSs.
Requirements
- Students who have completed most of their M.Sc. Courses (CS/E.Eng), or higher,
preferably some background in Security / Operating systems - System coding experience (C, Rust, WASM?)
- Sufficient skills to work and interact in English
- Good team-working skills
- Students with an interest to do research and explore new challenges.
Benefits
We offer a position in a forward-looking industrial research team, with a solid track record in both innovation and publication as well as delivering its result as factual contributions to on-the market devices. Many of us are privileged to have security features designed by us in daily use in 100s of millions of customer devices world-wide. Huawei offers opportunity to learn from the best of mobile industry. Working at Huawei in international atmosphere is fun and the opportunity to develop your skills and competences is endless. As we are second largest mobile phone brand in the world, in a long term you have opportunity to relocate around the world. Are you ready for the challenge?