Vinay Phegade

Using innovative instructions to create trustworthy software solutions

Software developers face a number of challenges when creating applications that attempt to keep important data confidential. Even with diligent attention paid to correct software design and implementation practices, secrets can still be exposed through a single flaw in any of the privileged code on the platform, code which may have been written by thousands of developers from hundreds of organizations throughout the world. Intel is developing innovative security technology which provides the ability for software developers to maintain control of the security of sensitive code and data by creating trusted domains within applications to protect critical information during execution and at rest. This paper will describe how this technology has been effectively used in lab exercises to protect private information in applications including enterprise rights management, video chat, trusted financial transactions, and others. Examples will include both protection of local processing and the establishment of secure communication with cloud services. It will illustrate useful software design patterns that can be followed to create many additional types of trusted software solutions.

Client-based authentication technology: user-centric authentication using secure containers

Todays authentication suffers from unsolved problems in security and usability. Adversaries have multiple attack vectors with which to steal user credentials, including phishing, malware, and attacks on service providers. Current security practices such as password-complexity policies and idle timeouts often compromise usability. We propose our solution, Client-Based Authentication Technology (CBAT), to simultaneously improve security and usability in authentication. The main component of CBAT is our Trusted Identity Manager (TIM), which resides within a hardware-based secure container on the users system. The TIM asserts the users authentication to local and remote service providers without releasing the users credentials. In addition, the TIM non-intrusively monitors the users physical presence and locks the system if the user leaves. We provide architectural and implementation details of CBAT in hopes of improving current methods of authentication.

Time to Rethink: Trust Brokerage Using Trusted Execution Environments

Mining and analysis of digital data has the potential to provide improved quality of life and offer even life-saving insights. However, loss of privacy or secret information would be detrimental to these goals and inhibit widespread application. Traditional data protection measures tend to result in the formation of data silos, severely limiting the scope and yield of “Big Data”. Technology such as privacy-preserving multi-party computation (MPC) and data de-identification can break these silos enabling privacy-preserving computation. However, currently available de-identification schemes tend to suffer from privacy/utility trade-offs, and MPC has found deployment only in niche applications.