What problem does this paper attempt to address?

The main problem that this paper attempts to solve is how to simplify and write applications in Trusted Execution Environments (TEEs) safely. Specifically, the paper proposes solutions to the following problems: 1. **Complex programming model**: Existing TEE programming models (such as Intel SGX) require developers to manually partition applications and use low - level and error - prone C/C++ libraries, which increases the development difficulty and may lead to data leakage. 2. **Lack of information flow control**: Current TEE programming models cannot effectively prevent the accidental leakage of sensitive information in applications. Applications need to ensure that they do not inadvertently disclose confidential information, and input and output must be correctly encrypted, signed, decrypted, and verified to protect against malicious host attacks. 3. **Difficulty in migrating legacy applications**: Migrating existing applications to the TEE environment is very challenging because these applications usually rely on complex runtime environments, and the operating system inside the TEE is untrusted, resulting in a large amount of porting work. To solve these problems, the author proposes HasTEE, a domain - specific language (DSL) embedded in Haskell for programming TEE applications. The main features of HasTEE include: - **Automatic partitioning**: Use Haskell's type system to automatically partition applications into trusted and untrusted parts. - **Information flow control (IFC)**: Prevent the accidental leakage of sensitive data by designing the Enclave monad. - **Lightweight and simple**: Provided as a simple security library without modifying the GHC compiler. - **Support for high - level abstractions**: Allow applications to be written using familiar Haskell features such as higher - order functions and monads. Through these improvements, HasTEE aims to lower the threshold for TEE programming, improve security, and simplify the transition from traditional programming models to TEE programming models. ### Formula examples During the discussion, some concepts involved can be further illustrated by formulas. For example, information flow control can be expressed as: \[ \text{IFC}: \text{Sec}_H \rightarrow \text{Sec}_L \] where \(\text{Sec}_H\) represents high - security - level calculations and \(\text{Sec}_L\) represents low - security - level calculations. Public information can flow from the low - security level to the high - security level, but not vice versa. In addition, for the process of automatic partitioning, it can be expressed as: \[ \text{Partition}(P) = (\text{TrustedPart}, \text{UntrustedPart}) \] where \(P\) is the source program, and \(\text{TrustedPart}\) and \(\text{UntrustedPart}\) are the trusted and untrusted parts after partitioning, respectively. In conclusion, HasTEE simplifies the development process of TEE applications and improves their security by introducing a new programming model.