Over the last decade, we have witnessed a rapid growth of blockchain technologies and their applications. Different governments have announced their strategy to boost the blockchain industry. For example, Chinese President Xi Jinping has recently endorsed blockchain and its potential for the Chinese economy; and the Australian Government announced that it would establish a National Blockchain Roadmap to help position Australia’s blockchain industry to become a global leader. This talk presents an overview of three of our works towards secure and scalable blockchains. I will first revisit the honest majority assumption of permissionless blockchains (AsiaCCS’21), and then present our efforts in making blockchain more scalable and secure against real-world threats.

Our standard of living, nation GDP,  and, in some cases, even our safety rely on critical infrastructures (CIs). In particular, being CIs generally perceived as a commodity (think of GPS availability, or avionics & maritime traffic routes and hubs), their security has largely been overlooked. The emergent property is that, nowadays, CIs systems are generally fragile, especially with respect to cyber attacks.

The seminar is an overview on my research path and approach. I will start with my initial research on the concept of intrusion tolerance and present some of the results I had at the time. Then, I will show how this initial research had led me to other areas and related approaches: software security, trusted computing, intrusion detection, intrusion recovery, and blockchain interoperability. I will present with some detail very recent research on securely moving data between trusted execution environments (TEEs) in a non-interactive way, a problem that must be solved for digital id crypto wallets starting to appear in Europe and elsewhere.

Available as dedicated hardware components into several mobile and server-grade processors, and recently included in infrastructure-as-a-service commercial offerings by several cloud providers, TEEs allow applications with high privacy and confidentiality demands to be deployed and executed over untrusted environments, shielding data and code from compromised systems or powerful attackers. After an  introduction to basic concepts for TEEs, I will survey some of our most recent contributions exploiting TEEs, including as defensive tools in the context of Federated Learning, as support to build secure cache systems for edge networks, as protection mechanisms in a med-tech/e-health context,  shielding novel environments (ie, WebAssembly), and more. Finally, I will highlight some of the lessons learned and offer open perspectives, hopefully useful and inspirational to future researchers and practitioners entering this exciting area of research.