Date: 03 - 04 August 2020
Venue: Virtual Conference
Dimitris Deyannis from Foundation for Research and Technology (FORTH-ICS) participated to the 10th ACM Conference on Data and Application Security and Privacy (CODASPY 2021) which was held as a virtual event, on August 3 – 4, 2020.
With rapid global penetration of the Internet and smart phones and the resulting productivity and social gains, the world is becoming increasingly dependent on its cyber infrastructure. Criminals, spies and predators of all kinds have learned to exploit this landscape much quicker than defenders have advanced in their technologies. Security and Privacy has become an essential concern of applications and systems throughout their lifecycle. Security concerns have rapidly moved up the software stack as the Internet and web have matured. The security, privacy, functionality, cost and usability tradeoffs necessary in any practical system can only be effectively achieved at the data and application layers. This conference provides a dedicated venue for high-quality research in this arena, and seeks to foster a community with this focus in cyber security.
On Tuesday, August 4, Mr. Deyannis presented to the relevant audience the work carried out in the context of I-BiDaaS ‘TrustAV: Practical and Privacy Preserving Malware Analysis in the Cloud’ and encouraging feedback was received.
While the number of connected devices is constantly growing, we observe an increased incident rate of cyber attacks that target user data. Typically, personal devices contain the most sensitive information regarding their users, so there is no doubt that they can be a very valuable target for adversaries. Typical defense solution to safeguard user devices and data, are based in malware analysis mechanisms. To amortize the processing and maintenance overheads, the outsourcing of network inspection mechanisms to the cloud has become very popular recently. However, the majority of such cloud-based applications usually offers limited privacy preserving guarantees for data processing in third-party environments. In this work, we propose TrustAV, a practical cloud-based malware detection solution destined for a plethora of device types. TrustAV is able to offload the processing of malware analysis to a remote server, where it is executed entirely inside, hardware supported, secure enclaves. By doing so, TrustAV is capable to shield the transfer and processing of user data even in untrusted environments with tolerable performance overheads, ensuring that private user data are never exposed to malicious entities or honest-but-curious providers. TrustAV also utilizes various techniques in order to overcome performance overheads, introduced by the Intel SGX technology, and reduce the required enclave memory --a limiting factor for malware analysis executed in secure enclave environments-- offering up to 3x better performance.
Deyannis, Dimitris, Eva Papadogiannaki, Giorgos Kalivianakis, Giorgos Vasiliadis, and Sotiris Ioannidis. "Trustav: Practical and privacy preserving malware analysis in the cloud." In Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy, pp. 39-48. 2020.