Gabriela Limonta


Gabriela is a Communications Engineering student at Aalto University. She has been working at Nokia since 2016 on cloud infrastructure for 5G and for the past six months she has been working on her Master's thesis in conjunction with the Cybersecurity Team at Nokia Bell Labs, Finland. This work has focused on novel attestation techniques for trusted computing and developing software that contributed to the Trustworthy Telco Cloud. In her free time she enjoys knitting.



A trusted trip in the cloud – working with trusted hardware in practice (2018)

Due to the growth in cloud computing, many industries are deploying their system in virtualized environments. One concern in virtualized environments is to guarantee the integrity of the hardware platform which runs the virtual workload. Trusted Computing denotes a set of technologies that can be used to provide trustworthy platforms by leveraging the use of the Trusted Platform Module (TPM) chip, available in most modern computing platforms.

The TPM provides secure storage of keys, confidential data, certificates, cryptographic measurements of system components, as well as cryptographic functions and key generation. We can use this device to guarantee the integrity of the software running on a platform, from the BIOS up to run-time components.

Recently, a redesign of the specification was released: TPM 2.0, which included new flexibility and deprecated the older version of TPMs. Due to the new specification, the software stack used to interact with the TPM is an open source project with active development.

A lot of the research in the topic talks about the things that can be achieved with trusted platforms, but not many of them discuss the practical challenged faced when using the technologies in practice. In this talk, we will discuss our experiences setting up a trusted cloud with TPM 2.0 hardware. Some of the challenges met include: setting up a software stack from scratch with limited documentation, implementing a remote attestation infrastructure to monitor the health of a trusted cloud, working with hardware that differs in their implementation of the standard and adapting the implementation of our system to work with constantly evolving open source software.