Top TEE bugs you should fix before your audit
Trail of Bits
01:03:11
TEE’s are growing in popularity, and with success comes security concerns. During this webinar, with the help of Jules Drean from Tinfoil, two of our senior security engineers, Paul Bottinelli and Tjaden Hess, will walk through what we do in the first few hours of a real TEE stack audit. Jules will act as our tour guide, covering Tinfoil’s repositories, including hardware configurations, CVM images, and more. Paul and Tjaden will highlight the top areas to examine and present frameworks to understand the different levels of confidential computing security.
During this 45-minute webinar, you’ll hear and see:
- The frameworks for understanding different levels of confidential computing security
- A real-life example of some TEE bugs we’ve seen in our audits
- Discussion of findings like report attestation verification, policy checking for AMD and TDX, traffic padding, and side channel considerations
Speakers
Tjaden Hess
Principal Security Engineer, Cryptography @ Trail of Bits
Paul Bottinelli
Principal Security Engineer, Cryptography @ Trail of Bits
Jules Drean
Co-Founder, Tinfoil
Jules is the co-founder of Tinfoil where he is building verifiably private AI. Before Tinfoil, he was at MIT where he got his PhD in secure hardware and cryptography. He also spent some time at NVIDIA and Microsoft Research working on confidential computing.
Replays
See allTrail of Bits
Building secure end-to-end encrypted systems
Building secure end-to-end encrypted systems
Fredrik Dahlgren
Trail of Bits
After Wiretap and Battering RAM: What Changes for TEE-Based Blockchain Infrastructure
After Wiretap and Battering RAM: What Changes for TEE-Based Blockchain Infrastructure
Andy Campbell
Top TEE bugs you should fix before your audit
01:03:11