abstract.tex

\begin{abstract}

Applications often assume a monolithic trust setting where a single party
controls the application, its data, and its execution environment.
%
This assumption no longer holds when organizations outsource applications to a
third-party cloud, or use the application to compute over a heterogeneous
data set, such as data from multiple parties.
%
The result of this broken assumption is that using applications in these
settings leaks one party's private data to another.
%
I propose to evaluate the following thesis: \emph{it is possible to run legacy
application binaries with confidentiality and integrity guarantees that reflect
a multi-party trust setting.}
%
My approach is to apply operating system designs and fine-grained information
flow control to hoist, or otherwise partition, the execution environment into
trust boundaries in a manner that is transparent to the application.


In the first part of my proposal, I review my prior work in extending a
library operating system that runs within an Intel SGX secure hardware
enclave, so as to support running a broader set of trusted, legacy,
applications in untrusted environments.
%
In the second part, I discuss my proposed work, \emph{codomains}, an execution
model that maintains the source-level abstraction of a monolithic program, but
allows an application to dynamically switch execution to different domains
(hosts and enclaves) via language-neutral mechanisms.

\end{abstract}