Abstract:The ever-rising computation demand is forcing the move from the CPU to heterogeneous specialized hardware, which is readily available across modern datacenters through disaggregated infrastructure. On the other hand, trusted execution environments (TEEs), one of the most promising recent developments in hardware security, can only protect code confined in the CPU, limiting TEEs' potential and applicability to a handful of applications. We observe that the TEEs' hardware trusted computing base (TCB) is fixed at design time, which in practice leads to using untrusted software to employ peripherals in TEEs. Based on this observation, we propose \emph{composite enclaves} with a configurable hardware and software TCB, allowing enclaves access to multiple computing and IO resources. Finally, we present two case studies of composite enclaves: i) an FPGA platform based on RISC-V Keystone connected to emulated peripherals and sensors, and ii) a large-scale accelerator. These case studies showcase a flexible but small TCB (2.5 KLoC for IO peripherals and drivers), with a low-performance overhead (only around 220 additional cycles for a context switch), thus demonstrating the feasibility of our approach and showing that it can work with a wide range of specialized hardware.

What problem does this paper attempt to address?

The main problem that this paper attempts to solve is the limitations encountered by existing Trusted Execution Environments (TEEs) when supporting heterogeneous and decentralized dedicated hardware. Specifically, existing TEE designs mainly focus on CPUs and cannot be effectively extended to other dedicated hardware (such as GPUs, FPGAs, etc.), which limits their application scope and flexibility. ### Summary of Main Problems: 1. **Integration Problem between TEE and Dedicated Hardware**: - Existing TEEs (such as Intel SGX, ARM TrustZone) can only protect the code and data inside the CPU and cannot directly support or protect other dedicated hardware. - When an application needs to use dedicated hardware, the TEE depends on an untrusted operating system (OS) for communication, which introduces security risks. 2. **Problem of Static Trusted Computing Base (TCB)**: - Existing TEEs fix the hardware TCB during design, which means that all peripheral devices (such as IO devices, sensors, etc.) must be managed by untrusted software, increasing potential security vulnerabilities. - This static TCB design makes it difficult for TEEs to adapt to the increasing demand for heterogeneous hardware in modern computing architectures. 3. **Limitations of Remote Attestation**: - The traditional TEE remote attestation mechanism can only verify the authenticity of the code inside the CPU and the processor, and cannot verify the state and configuration of the dedicated hardware participating in the computation. ### Solutions Proposed in the Paper: To solve the above problems, the paper proposes the concept of **Composite Enclaves**. Its core idea is to enable TEEs to safely access and utilize multiple computing and IO resources through a configurable hardware and software TCB. Specifically: - **Configurable TCB**: Composite enclaves allow dynamic configuration of the hardware and software TCB, ensuring that only necessary drivers and firmware are included in the TCB, thereby reducing the trust boundary. - **Multiple Components Working in Collaboration**: Composite enclaves are composed of multiple unit enclaves. These unit enclaves are distributed on different hardware components (such as CPUs, GPUs, FPGAs, etc.) and conduct secure communication through shared memory. - **Enhanced Remote Attestation Mechanism**: Composite enclaves not only verify the software TCB but also verify the state and configuration of the dedicated hardware participating in the computation, ensuring the integrity and confidentiality of the entire system. Through these improvements, composite enclaves can provide stronger security and flexibility in modern decentralized computing environments, support more types of applications, especially those that rely on dedicated hardware to process sensitive data.

Composite Enclaves: Towards Disaggregated Trusted Execution

Dtee: A Declarative Approach to Secure IoT Applications Using TrustZone

Empowering Data Centers for Next Generation Trusted Computing

HECTOR-V: A Heterogeneous CPU Architecture for a Secure RISC-V Execution Environment

Building Your Own Trusted Execution Environments Using FPGA

End-to-End Security for Distributed Event-Driven Enclave Applications on Heterogeneous TEEs

SecScale: A Scalable and Secure Trusted Execution Environment for Servers

HyperEnclave: an Open and Cross-platform Trusted Execution Environment

Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment

CTR: Checkpoint, Transfer, and Restore for Secure Enclaves

TeTPCM: Building Endogenous Trusted Computing on Trusted Execution Environment

Keystone: An Open Framework for Architecting TEEs

Hybrid Trust Multi-party Computation with Trusted Execution Environment.

TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors (Technical Report)

Unified Enclave Abstraction and Secure Enclave Migration on Heterogeneous Security Architectures

An Enclave-based TEE for SE-in-SoC in RISC-V Industry

Enabling Privacy-Preserving, Compute- and Data-Intensive Computing using Heterogeneous Trusted Execution Environment

Colony: A Privileged Trusted Execution Environment with Extensibility

Research Directions for Verifiable Crypto-Physically Secure TEEs

A Hardware-Software Co-design for Efficient Intra-Enclave Isolation

CURE: A Security Architecture with CUstomizable and Resilient Enclaves