|Live Migration of SGX Enclaves||Poster||Arseny Kurnikov|
Providing more security guarantees for the cloud computing can benefit both cloud providers and their clients. One technology to protect users data being processed in the cloud is Intel SGX. This work addresses an important challenge of migrating SGX enclaves between physical hosts. We propose a secure protocol for live migration of an enclave.
|Securebox: Platform for Safeguarding Network Edge||Poster||Ibbad Hafeez, Lauri Suomalainen||The number of connected devices is increasing exponentially, which has made the job of managing and securing networks more complex and demanding than ever before. In this paper, we present a novel service-based solution for securing edge networks that are poorly managed and do not offer adequate security and management features. Our proposed system includes a smart gateway Securebox offering advanced security and network management features at device level granularity and a Security and Management Service (SMS) which provides services including traffic analysis services, management services for remote device, network and security policy etc. Instead of tight coupling with hardware, our system enables flexible and on-demand deployment of security services to detect and block malicious activities in the network. Our demonstration shows that the proposed system is easy to deploy, manage and operate different networks and resolves a number of challenges in network security management domain (Demo Videos).|
IoT Sentinel: Automated Device-Type Identification in IoT
|Poster||Markus Miettinen, Samuel Marchal, Ibbad Hafeez||Several IoT vendors are producing IP-connected devices that often suffer from flawed security designs and implementations. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach. We propose a machine learning based system capable of identifying the types of devices being connected to an IoT network. Device-types can be linked to know vulnerabilities in order to take the appropriate measures for mitigating the risk of vulnerable devices.|
|IoTurva: Securing Device-to-Device Communications in IoT Ecosystem||Poster||Ibbad Hafeez||Signature based anomaly detection schemes fall short in handling complex device to device (D2D) interactions in IoT ecosystem. In this work, we envision a fuzzy based inference engine which collects the rule base from crowd-sourcing, online resources and other sources, and uses this rule based to classify new D2D interactions happening in IoT networks as normal or anomalous.|