Confidential Computing is a new paradigm for protecting data in use from unauthorised access. This is achieved through novel hardware security extensions that enable the creation of Trusted Execution Environments (TEEs). Such TEEs are protected from the surrounding environment, including privileged system software layers and privileged actors such as a system administrator.
The research group conducts holistic research on how these new hardware-enabled environments are programmed and used. This includes the development of system software abstractions to take advantage of the hardware mechanisms, but also to demonstrate the impact of Confidential Computing on applications. In the latter case, distributed applications are of particular interest, as established security assumptions have to be re-evaluated. The group also focuses on the study of the hardware-enabled mechanisms themselves, in particular their non-functional properties such as performance and resource requirements. Furthermore, the gained understanding of the technology leads to identifying vulnerabilities and developing countermeasures.