When we interact with a web server today, we have to assume that the server is trustworthy. If it is a web server with a certain privacy policy, we have to assume that the administrators really do adhere to the privacy policy. If it is a server that performs certain computations for us, we have to assume that they are correctly performed. Although the administrators may make promises, there is no way for a client to be sure that the promises are kept.

This project aims to leverage security primitives that are built into modern hardware, in order to allow a server to provide cryptographic evidence that its computations are done according to a stated policy. The policy can include privacy guarantees (saying, for example, that the clients data is handled in a certain way, and not disclosed to other parties), and also integrity guarantees (saying that the results of the computation are correct, according to some criterion).

Examples.

1. Anonymised search. Today, you can use Scroogle, a Google scraper, to perform anonymous search on Google. Scroogle promises not to retain the search term and your IP address. But they cannot give any evidence that they keep that promise. Your job is to design the architecture that would enable Scroogle to give such evidence.
   
   
2. The digital envelope. When Alice goes on a risky expedition, she wants to leave the combination code of her safe in a envelope for her friend Bob, so that he could access important documents if the worst should happen. If she comes back unharmed, she wants to retrieve that envelope and know that he didn't open it. The tamper-evident feature of an envelope is useful for her purpose. How could this property of an envelope be reproduced by a server?
   
   

The project involves designing an architecture that can achieve the required guarantees, for one of the examples above.

The hardware primitives that can be used to provide those guarantees are:

• Intel's Trusted Execution Technology (TXT), present in many of its new processors. It can be used to ensure that given code is really being executed on the processor.
  
• AMD's Secure Virtual Machine extensions (SVM), which has similar features to Intel's TXT.
• The Trusted Platform Module (TPM), a module present in many laptops. It provides secure storage of data and management of keys, as well as measurement and reporting of platform state.

A framework called Flicker has been developed, which uses the processor's secure execution extensions and the TPM to provide guarantees to a remote party that given software has produced given results.