Research

CloudSafetyNet: Data-centric Security for Clouds

• Lightweight data leakage detection in multi-tenant clouds through client-side tagging, server-side socket level monitoring and inter-tenant collaboration.
• Prevention of data disclosure vulnerabilities in web applications based on user-defined data flow policies and proxy-based policy enforcement.

SERECA: Secure Enclaves for Reactive Cloud Application & SecureCloud: Secure Big Data Processing in Untrusted Clouds

• Automated partitioning of legacy applications for the execution on trusted hardware.
• Providing system support for the execution of unmodified binaries in SGX enclaves.

Publications

• Jörg Thalheim, Harshavardhan Unnibhavi, Christian Priebe, Pramod Bhatotia, and Peter Pietzuch. rkt-io: A Direct I/O Stack for Shielded Execution. In Proceedings of the 16th European Conference on Computer Systems (EuroSys), 2021. PDF
• Christian Priebe. Protecting Applications Using Trusted Execution Environments. PhD Thesis, 2020. PDF
• Christian Priebe, Kapil Vaswani, Manuel Costa. EnclaveDB: A Secure Database using SGX. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2018. PDF
• Pierre-Louis Aublin, Florian Kelbert, Dan O'Keeffe, Divya Muthukumaran, Christian Priebe, Joshua Lind, Robert Krahn, Christof Fetzer, David Eyers, and Peter Pietzuch. LibSEAL: Revealing Service Integrity Violations Using Trusted Execution. In Proceedings of the 13th European Conference on Computer Systems (EuroSys), 2018. PDF
• Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O'Keeffe, Pierre-Louis Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Ruediger Kapitza, Christof Fetzer, and Peter Pietzuch. Glamdring: Automatic Application Partitioning for Intel SGX. In Proceedings of the 2017 USENIX Annual Technical Conference (ATC), 2017. PDF
• Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2016. PDF
• Divya Muthukumaran, Dan O'Keeffe, Christian Priebe, David Eyers, Brian Shand, and Peter Pietzuch. FlowWatcher: Defending against Data Disclosure Vulnerabilities in Web Applications. In Proceedings of the 22nd edition of the ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2015. PDF
• Christian Priebe, Divya Muthukumaran, Dan O'Keeffe, David Eyers, Brian Shand, Ruediger Kapitza, and Peter Pietzuch. CloudSafetyNet: Detecting Data Leakage between Cloud Tenants. In Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security (CCSW), pp. 117-128. ACM, 2014. PDF

Projects

SGX-LKL: Library OS for Running Unmodified Binaries in Intel SGX Enclaves

SGX-LKL is a library OS designed to run unmodified Linux binaries inside SGX enclaves. It uses the Linux Kernel Library (LKL) and a modified version of musl as C standard library implementation. The goal of SGX-LKL is to provide system support for complex applications and managed runtimes such as the JVM with minimal or no modifications and minimal reliance on the host OS.

Education

Contact

Office 346
Huxley Building
Department of Computing
Imperial College London
180 Queen's Gate
SW7 2RH London, United Kingdom