Prof. Dr. Alexandra Dmitrienko - speaker at the High-Tech Woman event in Darmstadt
04/02/2020The first speaker to hold a presentation at the Darmstadt Women in Tech event on March the 4th 2020 is Prof. Dr. Alexandra Dmitrienko. The presentation deals with side-channel protection for SGX using Data Location Randomization.
The High-Tech Woman in Science and Technology event is the first of its kind to ever have been held in Darmstadt. It has been organized by the CYSEC TU Darmstadt in memory of codebreaker Jane Fawcett and has featured talks by internationally renowned female speakers from all over the world in hopes to encourage and inspire other women to pursue their careers in cybersecurity, artificial intelligence and any other path that falls under the umbrella term 'tech', despite today's gender inequalities.
After the registration and the warm welcome delivered by Prof. Ahmad-Reza Sadeghi from the TU Darmstadt, Prof. Dr. Alexandra Dmitrienko was the first speaker to start with her presentation which can be found in video format -a YouTube upload- as well as in written format -the presentation slides- under the title ""Fix the leak: Side-Channel Protection for SGX using Data Location Randomization" on the High-Tech Women in Science and Technology event page.
Links for the video and slides below.
A short teaser for Prof. Dr. Alexandra Dmitrienko's presentation:
"Hardware-assisted security architectures, such as Intel SGX, promise protection to security-sensitive applications from malicious software executed on the same platform, and even from the compromised operating system. Recent research, however, has demonstrated that Intel’s SGX is vulnerable to software-based side-channel attacks, which can lead to a full compromise of SGX-protected secrets. In this talk, we revisit the problem of side-channel attacks on Intel SGX and present a pill -- Dr.SGX tool, that provides protection against cache-based side-channel attacks and attacks that rely on observation of induced page faults. Dr.SGX breaks the link between the memory observations by the adversary and the actual data accesses by the victim through data randomization and strikes the balance between side-channel protection and performance through continuous runtime enclave re-randomization and the re-randomization rate configurable through an adjustable security parameter. The tool is compiler-based and does not require any code annotations – thus, applicable by non-expert developers."
Watch the entire presentation on Youtube here.
View the presentation slides here.
