Tong Sun,Borui Li,Yixiao Teng,Yi Gao,Wei Dong

DOI: https://doi.org/10.1109/ipsn61024.2024.00021

2024-01-01

Abstract:Internet of Things (IoT) applications have recently been widely used in safety-critical scenarios. To prevent sensitive information leaks, IoT device vendors provide hardware-assisted protections, called Trusted Execution Environments (TEEs), like ARM Trust-Zone. Programming a TEE-based application requires separate code for two components, significantly slowing down the development process. Existing solutions tackle this issue by automatic code partition while not successfully applying it in two complicated scenarios: adding trusted logic and interactions with secure peripherals.We propose dTEE, a declarative approach to secure IoT applications based on TrustZone. dTEE proposes a rapid approach that enables developers to declare tiered-sensitive variables and functions of existing applications. Besides, dTEE automatically transforms device drivers into trusted ones. We evaluate dTEE on four real-world IoT applications and seven micro-benchmarks. Results show that dTEE achieves high expressiveness for supporting 50% more applications than existing approaches and reduces 90% of the lines of code against handcrafted development.

Husheng Han,Xinyao Zheng,Yuanbo Wen,Yifan Hao,Erhu Feng,Ling Liang,Jianan Mu,Xiaqing Li,Tianyun Ma,Pengwei Jin,Xinkai Song,Zidong Du,Qi Guo,Xing Hu

DOI: https://doi.org/10.1145/3622781.3674168

2024-07-12

Abstract:Heterogeneous collaborative computing with NPU and CPU has received widespread attention due to its substantial performance benefits. To ensure data confidentiality and integrity during computing, Trusted Execution Environments (TEE) is considered a promising solution because of its comparatively lower overhead. However, existing heterogeneous TEE designs are inefficient for collaborative computing due to fine and different memory granularities between CPU and NPU. 1) The cacheline granularity of CPU TEE intensifies memory pressure due to its extra memory access, and 2) the cacheline granularity MAC of NPU escalates the pressure on the limited memory storage. 3) Data transfer across heterogeneous enclaves relies on the transit of non-secure regions, resulting in cumbersome re-encryption and scheduling. To address these issues, we propose TensorTEE, a unified tensor-granularity heterogeneous TEE for efficient secure collaborative tensor computing. First, we virtually support tensor granularity in CPU TEE to eliminate the off-chip metadata access by detecting and maintaining tensor structures on-chip. Second, we propose tensor-granularity MAC management with predictive execution to avoid computational stalls while eliminating off-chip MAC storage and access. Moreover, based on the unified granularity, we enable direct data transfer without re-encryption and scheduling dilemmas. Our evaluation is built on enhanced Gem5 and a cycle-accurate NPU simulator. The results show that TensorTEE improves the performance of Large Language Model (LLM) training workloads by 4.0x compared to existing work and incurs only 2.1% overhead compared to non-secure training, offering a practical security assurance for LLM training.

Cryptography and Security,Artificial Intelligence,Hardware Architecture

Gianluca Scopelliti,Sepideh Pouyanrad,Job Noorman,Fritz Alder,Christoph Baumann,Frank Piessens,Jan Tobias Mühlberg

DOI: https://doi.org/10.1145/3592607

2023-06-29

Abstract:This paper presents an approach to provide strong assurance of the secure execution of distributed event-driven applications on shared infrastructures, while relying on a small Trusted Computing Base. We build upon and extend security primitives provided by Trusted Execution Environments (TEEs) to guarantee authenticity and integrity properties of applications, and to secure control of input and output devices. More specifically, we guarantee that if an output is produced by the application, it was allowed to be produced by the application's source code based on an authentic trace of inputs. We present an integrated open-source framework to develop, deploy, and use such applications across heterogeneous TEEs. Beyond authenticity and integrity, our framework optionally provides confidentiality and a notion of availability, and facilitates software development at a high level of abstraction over the platform-specific TEE layer. We support event-driven programming to develop distributed enclave applications in Rust and C for heterogeneous TEE, including Intel SGX, ARM TrustZone and Sancus. In this article we discuss the workings of our approach, the extensions we made to the Sancus processor, and the integration of our development model with commercial TEEs. Our evaluation of security and performance aspects show that TEEs, together with our programming model, form a basis for powerful security architectures for dependable systems in domains such as Industrial Control Systems and the Internet of Things, illustrating our framework's unique suitability for a broad range of use cases which combine cloud processing, mobile and edge devices, and lightweight sensing and actuation.

Cryptography and Security

Jianping Zhu,Rui Hou,XiaoFeng Wang,Wenhao Wang,Jiangfeng Cao,Lutan Zhao,Fengkai Yuan,Peinan Li,Zhongpu Wang,Boyan Zhao,Lixin Zhang,Dan Meng

DOI: https://doi.org/10.48550/arXiv.1904.04782

2019-04-10

Abstract:There is an urgent demand for privacy-preserving techniques capable of supporting compute and data intensive (CDI) computing in the era of big data. However, none of existing TEEs can truly support CDI computing tasks, as CDI requires high throughput accelerators like GPU and TPU but TEEs do not offer security protection of such accelerators. This paper present HETEE (Heterogeneous TEE), the first design of TEE capable of strongly protecting heterogeneous computing with unsecure accelerators. HETEE is uniquely constructed to work with today's servers, and does not require any changes for existing commercial CPUs or accelerators. The key idea of our design runs security controller as a stand-alone computing system to dynamically adjust the boundary of between secure and insecure worlds through the PCIe switches, rendering the control of an accelerator to the host OS when it is not needed for secure computing, and shifting it back when it is. The controller is the only trust unit in the system and it runs the custom OS and accelerator runtimes, together with the encryption, authentication and remote attestation components. The host server and other computing systems communicate with controller through an in memory task queue that accommodates the computing tasks offloaded to HETEE, in the form of encrypted and signed code and data. Also, HETEE offers a generic and efficient programming model to the host CPU. We have implemented the HETEE design on a hardware prototype system, and evaluated it with large-scale Neural Networks inference and training tasks. Our evaluations show that HETEE can easily support such secure computing tasks and only incurs a 12.34% throughput overhead for inference and 9.87% overhead for training on average.

Cryptography and Security,Hardware Architecture

Yanling Wang,Xiaolin Chang,Haoran Zhu,Jianhua Wang,Yanwei Gong,Lin Li

DOI: https://doi.org/10.1109/tc.2024.3355772

IF: 3.183

2024-03-15

IEEE Transactions on Computers

Abstract:Processing sensitive data and deploying well-designed Intellectual Property (IP) cores on remote Field Programmable Gate Array (FPGA) are prone to private data leakage and IP theft. One effective solution is constructing Trusted Execution Environment (TEE) and its secure boot process on FPGA-SoC (FPGA System on Chip). This paper aims to establish Secure Runtime Customizable TEE (SrcTEE) on FPGA-SoC through the design of a novel secure boot scheme and the design of the following three components: 1) CrloadIP, which enforces access control on TEE applications deploying IP at runtime such that SrcTEE can alleviate threats from unauthorized TEE applications and then SrcTEE can be adjusted dynamically and securely; 2) CexecIP, which not only enables the execution of newly-installed IP cores without modifying the operating system of FPGA-SoC TEE, but also prevents insider attacks from executing IPs in SrcTEE; 3) CremoAT, which can provide the newly-measured SrcTEE state and establish a secure communication path between remote verifiers and SrcTEE. Our secure boot scheme supports refreshable root trust key, and assures the authenticity and integrity of boot codes during the SrcTEE booting process. We conduct a security analysis of SrcTEE and its performance evaluation on Xilinx Zynq UltraScale+ XCZU15EG 2FFVB1156 MPSoC.

engineering, electrical & electronic,computer science, hardware & architecture

Wenjie Xiong,Liu Ke,Dimitrije Jankov,Michael Kounavis,Xiaochen Wang,Eric Northup,Jie Amy Yang,Bilge Acun,Carole-Jean Wu,Ping Tak Peter Tang,G. Edward Suh,Xuan Zhang,Hsien-Hsin S. Lee

DOI: https://doi.org/10.1109/HPCA53966.2022.00026

2022-01-01

Abstract:Today’s data-intensive applications increasingly suffer from significant performance bottlenecks due to the limited memory bandwidth of the classical von Neumann architecture. Near-Data Processing (NDP) has been proposed to perform computation near memory or data storage to reduce data movement for improving performance and energy consumption. However, the untrusted NDP processing units (PUs) bring in new threats to workloads that are private and sensitive, such as private database queries and private machine learning inferences. Meanwhile, most existing secure hardware designs do not consider off-chip components trustworthy. Once data leaving the processor, they must be protected, e.g., via block cipher encryption. Unfortunately, current encryption schemes do not support computation over encrypted data stored in memory or storage, hindering the adoption of NDP techniques for sensitive workloads.In this paper, we propose SecNDP, a lightweight encryption and verification scheme for untrusted NDP devices to perform computation over ciphertext and verify the correctness of linear operations. Our encryption scheme leverages arithmetic secret sharing in secure Multi-Party Computation (MPC) to support operations over ciphertext, and uses counter-mode encryption to reduce the decryption latency. The security of the encryption and verification algorithm is formally proven. Compared with a non-NDP baseline, secure computation with SecNDP significantly reduces the memory bandwidth usage while providing security guarantees. We evaluate SecNDP for two workloads of distinct memory access patterns. In the setting of eight NDP units, we show a speedup up to 7.46× and energy savings of 18% over an unprotected non-NDP baseline, approaching the performance gain attained by native NDP without protection. Furthermore, SecNDP does not require any security assumption on NDP to hold, thus, using the same threat model as existing secure processors. SecNDP can be implemented without changing the NDP protocols and their inherent hardware design.

Gu Jin-Yu,Li Hao,Xia Yu-Bin,Chen Hai-Bo,Qin Cheng-Gang,He Zheng-Yu

DOI: https://doi.org/10.1007/s11390-021-1083-8

IF: 1.871

2022-01-01

Journal of Computer Science and Technology

Abstract:Nowadays, application migration becomes more and more attractive. For example, it can make computation closer to data sources or make service closer to end-users, which may significantly decrease latency in edge computing. Yet, migrating applications among servers that are controlled by different platform owners raises security issues. We leverage hardware-secured trusted execution environment (TEE, aka., enclave) technologies, such as Intel SGX, AMD SEV, and ARM TrustZone, for protecting critical computations on untrusted servers. However, these hardware TEEs propose non-uniform programming abstractions and are based on heterogeneous architectures, which not only forces programmers to develop secure applications targeting some specific abstraction but also hinders the migration of protected applications. Therefore, we propose UniTEE which gives a unified enclave programming abstraction across the above three hardware TEEs by using a microkernel-based design and enables the secure enclave migration by integrating heterogeneous migration techniques. We have implemented the prototype on real machines. The evaluation results show the migration support incurs nearly-zero runtime overhead and the migration procedure is also efficient.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yang Xiang,Yuxia Cheng,Abdulhameed Alelaiwi

DOI: https://doi.org/10.1007/s10586-017-0833-4

2017-01-01

Cluster Computing

Abstract:With the rapid development of Internet of Things technology and the promotion of embedded devices’ computation performance, smart devices are probably open to security threats and attacks while connecting with rich and novel Internet. Attracting lots of attention in embedded system security community recently, Trusted Execution Environment (TEE), allows for the execution of arbitrary code within environments completely isolated from the rest of a system. However, existing memory protection methods in a TEE are inadequate. In general, the software-based formal methods are not practical and the hardware-based implementation approaches lack of theoretical proof. To address the memory isolation and protection problems in TEE, in this paper, we propose a practical memory integrity protection method on an ARM-based platform, called MIPE, to defend against security threats including kernel data attacks and direct memory access attacks. MIPE utilizes TrustZone technique to create a isolated execution environment, which can protect the sensitive code and data against attacks. To present the integrity protection strategies, we provide the design of MIPE using B method, which is a practical formal method. We also implement MIPE on the Xilinx Zynq ZC702 evaluation board. The evaluation results show that the automatic proof rate of machines using B method is about 78.32%, and the proposed method is effective and feasible in terms of both load time and overhead.

Tianxiang Shen,Sen Wang,Jianyu Jiang,Ji Qi,Gong Zhang,Xiapu Luo,Heming Cui,Li Chen,Xusheng Chen,Shixiong Zhao

DOI: https://doi.org/10.1109/MICRO56248.2022.00019

2022-10-01

Micro

Abstract:With the trend of processing a large volume of sensitive data on PaaS services (e.g., DNN training), a TEE architecture that supports general heterogeneous accelerators, enables spatial sharing on one accelerator, and enforces strong isolation across accelerators is highly desirable. However, none of the existing TEE solutions meet all three requirements. In this paper, we propose CRONUS, the first TEE architecture that achieves the three crucial requirements. The key idea of CRONUS is to partition heterogeneous computation into isolated TEE enclaves, where each enclave encapsulates only one kind of computation (e.g., GPU computation), and multiple enclaves can spatially share an accelerator. Then, CRONUS constructs heterogeneous computing using remote procedure calls (RPCs) among enclaves. With CRONUS, each accelerator’s hardware and its software stack are strongly isolated from others’, and each enclave trusts only its own hardware. To tackle the security challenge caused by inter-enclave interactions, we design a new streaming remote procedure call abstraction to enable secure RPCs with high performance. CRONUS is software-based, making it general to diverse accelerators. We implemented CRONUS on ARM TrustZone. Evaluation on diverse workloads with CPUs, GPUs and NPUs shows that, CRONUS achieves less than 7.1% extra computation time compared to native (unprotected) executions.

Computer Science,Engineering

Yanling Wang,Xiaolin Chang,Haoran Zhu,Jianhua Wang,Yanwei Gong,Lin Li

2023-09-13

Abstract:Processing sensitive data and deploying well-designed Intellectual Property (IP) cores on remote Field Programmable Gate Array (FPGA) are prone to private data leakage and IP theft. One effective solution is constructing Trusted Execution Environment (TEE) on FPGA-SoCs (FPGA System on Chips). Researchers have integrated this type TEE with Trusted Platform Module (TPM)-based trusted boot, denoted as FPGA-SoC tbTEE. But there is no effort on secure and trusted runtime customization of FPGA-SoC TEE. This paper extends FPGA-SoC tbTEE to build Runtime Customizable TEE (RCTEE) on FPGA-SoC by additive three major components (our work): 1) CrloadIP, which can load an IP core at runtime such that RCTEE can be adjusted dynamically and securely; 2) CexecIP, which can not only execute an IP core without modifying the operating system of FPGA-SoC TEE, but also prevent insider attacks from executing IPs deployed in RCTEE; 3) CremoAT, which can provide the newly measured RCTEE state and establish a secure and trusted communication path between remote verifiers and RCTEE. We conduct a security analysis of RCTEE and its performance evaluation on Xilinx Zynq UltraScale+ XCZU15EG 2FFVB1156 MPSoC.

Cryptography and Security,Hardware Architecture

Wenjia Zhao,Kangjie Lu,Yong Qi,Saiyu Qi

DOI: https://doi.org/10.1145/3342195.3387536

2020-01-01

Abstract:Intel Software Guard eXtensions (SGX), a hardware-based Trusted Execution Environment (TEE), has become a promising solution to stopping critical threats such as insider attacks and remote exploits. SGX has recently drawn extensive research in two directions using it to protect the confidentiality and integrity of sensitive data, and protecting itself from attacks. Both the applications and defense mechanisms of SGX have a fundamental need flexible memory protection that updates memory-page permissions dynamically and enforces the least-privilege principle. Unfortunately, SGX does not provide such a memory-protection mechanism due to the lack of hardware support and the untrustedness of operating systems. This paper proposes MPTEE, a memory-protection mechanism that provides flexible and efficient enforcement of memory-page permissions in SGX. The enforcement relies on our elastic cross-region bound check technique which uses only three bound registers but provides six memory permissions. To defend MPTEE against potential attacks, we further develop an efficient mechanism that exploits the in place bound-check technique to ensure the integrity of the memory protection. With MPTEE, developers can enhance the protection for data and code in SGX enclaves and enforce the least-privilege principle such as Execute-no-Read memory readily. We have implemented MP TEE and extensively evaluated its effectiveness, utility, and performance. The results show that MPTEE incurs a performance overhead of only 2%-8%, and is effective in ensuring memory protection and in defending against potential attacks.

Xiaohan Zhang,Jinwen Wang,Yueqiang Cheng,Qi Li,Kun Sun,Yao Zheng,Ning Zhang,Xinghua Li

DOI: https://doi.org/10.1109/tnet.2023.3294019

2024-01-01

Abstract:With the accelerating adaption of Cloud and Edge computing, cloud-based networked deployment emerges to enable providers to deliver services in a cost-effective and elastic manner. However, security concern remains one of the major obstacles to its wider adaption. Trusted Execution Environment (TEE) has been advocated to protect cloud services in an isolated execution environment. In this paper, we present a new genre of side-channel attack called interface-based side-channel attack and demonstrate its effectiveness on the TEE-assisted networked service system. The root cause of this attack is the input-dependent interface invocation (e.g., interface information and invocation patterns) that can be observed by untrusted software to reveal the control flows inside the enclave. Our evaluation demonstrates that the attack can effectively re-identify encrypted web pages processed in the SGX enclave with an accuracy of 87.6% and a recall of 76.6%, and can reduce the search domain of the 1024 bits RSA private keys to $1.69 \times 10^{-6}$ of the original search domain. As countermeasures, we propose, implement and evaluate a set of static analysis tools to mitigate the newly discovered threats. The key idea is to use inter-procedural dataflow analysis to identify potential leakage via the interface, and then mitigate them during compilation using techniques including branch obfuscation, loop obfuscation, and constant size wrapper.

Md Armanuzzaman,Ahmad-Reza Sadeghi,Ziming Zhao

2024-05-11

Abstract:In recent years, we have witnessed unprecedented growth in using hardware-assisted Trusted Execution Environments (TEE) or enclaves to protect sensitive code and data on commodity devices thanks to new hardware security features, such as Intel SGX and Arm TrustZone. Even though the proprietary TEEs bring many benefits, they have been criticized for lack of transparency, vulnerabilities, and various restrictions. For example, existing TEEs only provide a static and fixed hardware Trusted Computing Base (TCB), which cannot be customized for different applications. Existing TEEs time-share a processor core with the Rich Execution Environment (REE), making execution less efficient and vulnerable to cache side-channel attacks. Moreover, TrustZone lacks hardware support for multiple TEEs, remote attestation, and memory encryption. In this paper, we present BYOTee (Build Your Own Trusted Execution Environments), which is an easy-to-use infrastructure for building multiple equally secure enclaves by utilizing commodity Field Programmable Gate Arrays (FPGA) devices. BYOTee creates enclaves with customized hardware TCBs, which include softcore CPUs, block RAMs, and peripheral connections, in FPGA on demand. Additionally, BYOTee provides mechanisms to attest the integrity of the customized enclaves' hardware and software stacks, including bitstream, firmware, and the Security-Sensitive Applications (SSA) along with their inputs and outputs to remote verifiers. We implement a BYOTee system for the Xilinx System-on-Chip (SoC) FPGA. The evaluations on the low-end Zynq-7000 system for four SSAs and 12 benchmark applications demonstrate the usage, security, effectiveness, and performance of the BYOTee framework.

Cryptography and Security

Jinyu Gu,Zhichao Hua,Mingyu Li,Haibo Chen

DOI: https://doi.org/10.1360/tb-2022-0557

2022-01-01

Chinese Science Bulletin (Chinese Version)

Abstract:The operating system is the foundation and core support technology of modern computing platforms, responsible for managing hardware resources, controlling the operation of programs, improving the human-machine interface and providing support for application software. Its connotation and extension are constantly expanding with the development of applications and hardware. The scientific aspects of operating systems fall into two categories: The first is the efficient abstraction and management of physical resources; the second is the provision of an efficient operating environment for applications. In the last decade and the period ahead, the specific connotation of the scientific problem is how to provide efficient abstraction and management of physical resources such as heterogeneous cores and data centers, to create efficient operating environments to support application scenarios such as cloud computing, big data and the Internet of Things. Because of the importance of the operating system, the security capability of the operating system is critical to the security of the entire system. The security of the operating system is the security pillar in mobile platforms or cloud platforms. Similarly, in many emerging scenarios, such as the industrial internet, smart networked cars and serverless computing, computer systems' security is related to data and property security, and possibly production and life safety. Therefore, the need to enhance the security capability of the operating system against software and hardware attacks remains urgent in the face of various security threats and multi-dimensional security vulnerabilities. It requires the design of system software to take into account chip TEE security, virtualization security, system kernel security, and application system security. This paper presents our team's work on the innovation and application of operating system security from the above aspects. Specifically, in the aspect of TEE on-chip, we propose Penglai that can offer trusted execution environments for securitysensitive computation. Penglai is built over the emerging RISC-V architecture and its core feature is scalability in both memory capacity and performance. In the aspect of virtualization security, we design CloudVisor which introduces a new system architecture for the virtualization software stack. CloudVisor can offer the abstraction of secure VM against curious or malicious hypervisor and cloud providers. In the aspect of kernel security, we build ChCore which uses the microkernel design and introduces some new mechanisms for reliability. As a microkernel OS, ChCore can greatly mitigate the consequences of security vulnerabilities and it can also work as an TEE OS to cooperate with the TEE hardware technologies. In the aspect of application system security, we propose PiXiu which can provide security guarantee for distributed applications. PiXiu targets on securing sensitive computation, especially for the distributed computation, and it assumes a powerful attack model. Overall, all of the above-introduced research adopt the hardware-software co-designs, and they can fuse with each other to offer a full-stack security system. Meanwhile, the paper will also provide an overview of the representative academic work in each aspect, which includes the comparison of different technical contributations.

Qiushi Li,Ju Ren,Yan Zhang,Chengru Song,Yiqiao Liao,Yaoxue Zhang

DOI: https://doi.org/10.1109/DAC56929.2023.10247964

2023-01-01

Abstract:The embedded software may migrate the collected data to the server for DNN computation acceleration, which may compromise privacy. We propose a DNN computation framework that combines TEE and NNA to address the privacy leakage problem. We design an NNA-friendly encryption method that enables NNA to correctly compute the encrypted linear input. Facing the overhead of TEE-NNA interaction, we design a pipeline-based prefetch mechanism that can reduce the TEE interaction overhead. Experimentally, our approach proves to be compatible with a wide range of NPUs and TPUs, and improves the performance by 8-19 times over the TEE scheme.

Pengzhi Huang,Thang Hoang,Yueying Li,Elaine Shi,G. Edward Suh

2024-06-18

Abstract:In this paper, we propose a new secure machine learning inference platform assisted by a small dedicated security processor, which will be easier to protect and deploy compared to today's TEEs integrated into high-performance processors. Our platform provides three main advantages over the state-of-the-art: (i) We achieve significant performance improvements compared to state-of-the-art distributed Privacy-Preserving Machine Learning (PPML) protocols, with only a small security processor that is comparable to a discrete security chip such as the Trusted Platform Module (TPM) or on-chip security subsystems in SoCs similar to the Apple enclave processor. In the semi-honest setting with WAN/GPU, our scheme is 4X-63X faster than Falcon (PoPETs'21) and AriaNN (PoPETs'22) and 3.8X-12X more communication efficient. We achieve even higher performance improvements in the malicious setting. (ii) Our platform guarantees security with abort against malicious adversaries under honest majority assumption. (iii) Our technique is not limited by the size of secure memory in a TEE and can support high-capacity modern neural networks like ResNet18 and Transformer. While previous work investigated the use of high-performance TEEs in PPML, this work represents the first to show that even tiny secure hardware with really limited performance can be leveraged to significantly speed-up distributed PPML protocols if the protocol can be carefully designed for lightweight trusted hardware.

Cryptography and Security

Moritz Schneider,Aritra Dhar,Ivan Puddu,Kari Kostiainen,Srdjan Capkun

DOI: https://doi.org/10.46586/tches.v2022.i1.630-656

2021-11-15

Abstract:The ever-rising computation demand is forcing the move from the CPU to heterogeneous specialized hardware, which is readily available across modern datacenters through disaggregated infrastructure. On the other hand, trusted execution environments (TEEs), one of the most promising recent developments in hardware security, can only protect code confined in the CPU, limiting TEEs' potential and applicability to a handful of applications. We observe that the TEEs' hardware trusted computing base (TCB) is fixed at design time, which in practice leads to using untrusted software to employ peripherals in TEEs. Based on this observation, we propose \emph{composite enclaves} with a configurable hardware and software TCB, allowing enclaves access to multiple computing and IO resources. Finally, we present two case studies of composite enclaves: i) an FPGA platform based on RISC-V Keystone connected to emulated peripherals and sensors, and ii) a large-scale accelerator. These case studies showcase a flexible but small TCB (2.5 KLoC for IO peripherals and drivers), with a low-performance overhead (only around 220 additional cycles for a context switch), thus demonstrating the feasibility of our approach and showing that it can work with a wide range of specialized hardware.

Cryptography and Security,Hardware Architecture

Jiajian Li,Chenlin Huang,Jun Luo,Jinzhu Kong,Yiwen Ji,Yongpeng Liu,Kaikai Sun,Shuyang Deng

DOI: https://doi.org/10.1117/12.3031944

2024-01-01

Abstract:Traditional Trusted Computing is mainly implemented in the form of boards, chips, etc., and the requirements of hardware modification have greatly limited the widely use of trusted computing. To cope with the dilemma, the idea of designing "Trusted Computing on Chips" becomes a trend with the development of the build-in security module in CPUs. The main challenge lies on how to make full use of processor security features and design a dual-computing security system that meets the requirements of Trusted Computing 3.0. At present, the built-in secure and cryptographic units on processors, such as Phytium and Loongson, and the supported Trust Execution Environment have already provided the foundation for endogenous trusted computing. In this paper, we propose TeTPCM: a TEE Based Endogenous Trusted Platform Control Module (TPCM), which builds an endogenous trusted computing architecture by the collaboration of the TEE and the SoC on phytium processor. Experimental analysis shows that compared with the general-purpose trusted computing chip, endogenous trusted TPCM does not need additional hardware, and is characterized by strong capability, high performance, good scalability, and has better application prospects.

Arttu Paju,Muhammad Owais Javed,Juha Nurmi,Juha Savimäki,Brian McGillion,Billy Bob Brumley

DOI: https://doi.org/10.1145/3600160.3600169

2023-08-15

Abstract:Trusted Execution Environments (TEEs) are a feature of modern central processing units (CPUs) that aim to provide a high assurance, isolated environment in which to run workloads that demand both confidentiality and integrity. Hardware and software components in the CPU isolate workloads, commonly referred to as Trusted Applications (TAs), from the main operating system (OS). This article aims to analyse the TEE ecosystem, determine its usability, and suggest improvements where necessary to make adoption easier. To better understand TEE usage, we gathered academic and practical examples from a total of 223 references. We summarise the literature and provide a publication timeline, along with insights into the evolution of TEE research and deployment. We categorise TAs into major groups and analyse the tools available to developers. Lastly, we evaluate trusted container projects, test performance, and identify the requirements for migrating applications inside them.

Cryptography and Security

Spyridon Mastorakis,Tahrina Ahmed,Jayaprakash Pisharath

DOI: https://doi.org/10.48550/arXiv.1802.06970

2018-02-20

Networking and Internet Architecture

Abstract:Nowadays, enterprises widely deploy Network Functions (NFs) and server applications in the cloud. However, processing of sensitive data and trusted execution cannot be securely deployed in the untrusted cloud. Cloud providers themselves could accidentally leak private information (e.g., due to misconfigurations) or rogue users could exploit vulnerabilities of the providers' systems to compromise execution integrity, posing a threat to the confidentiality of internal enterprise and customer data. In this paper, we identify (i) a number of NF and server application use-cases that trusted execution can be applied to, (ii) the assets and impact of compromising the private data and execution integrity of each use-case, and (iii) we leverage Intel's Software Guard Extensions (SGX) architecture to design Trusted Execution Environments (TEEs) for cloud-based NFs and server applications. We combine SGX with the Data Plane Development KIT (DPDK) to prototype and evaluate our TEEs for a number of application scenarios (Layer 2 frame and Layer 3 packet processing for plain and encrypted traffic, traffic load-balancing and back-end server processing). Our results indicate that NFs involving plain traffic can achieve almost native performance (e.g., ~22 Million Packets Per Second for Layer 3 forwarding for 64-byte frames), while NFs involving encrypted traffic and server processing can still achieve competitive performance (e.g., ~12 Million Packets Per Second for server processing for 64-byte frames).