Keystone: A Framework for Architecting TEEs

07/23/2019
by   Dayeol Lee, et al.
0

Trusted execution environments (TEEs) are becoming a requirement across a wide range of platforms, from embedded sensors to cloud servers, which encompass a wide range of cost and power constraints as well as security threat models. Unfortunately, each of the current vendor-specific TEEs makes a fixed choice in each of the design dimensions of deployability, trusted computing base (TCB), and threat model, with little room for customization and experimentation. To provide more flexibility, we present Keystone the first open-source framework for building customized TEEs. Keystone uses a simple abstraction of memory isolation together with a programmable layer that sits underneath untrusted components, such as the OS. We demonstrate that this is sufficient to build reusable TEE core primitives, separate from platform-specific modifications and required application features. Thus, Keystone reduces the effort for platform providers and application developers to build only those security features they need. We implement Keystone on RISC-V, an open architecture that provides a straightforward way to realize the Keystone abstractions. We showcase the benefits of our design in executing standard benchmarks, applications, and kernels on various deployment platforms.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
07/23/2019

Keystone: An Open Framework for Architecting TEEs

Trusted execution environments (TEEs) are being used in all the devices ...
research
05/06/2020

Secure System Virtualization: End-to-End Verification of Memory Isolation

Over the last years, security kernels have played a promising role in re...
research
06/02/2022

End-to-End Security for Distributed Event-Driven Enclave Applications on Heterogeneous TEEs

This paper presents an approach to provide strong assurance of the secur...
research
05/25/2022

SoK: Hardware-supported Trusted Execution Environments

The growing complexity of modern computing platforms and the need for st...
research
07/31/2018

Open Source Android Vulnerability Detection Tools: A Survey

Since last decade, smartphones have become an integral part of everyone'...
research
10/01/2017

Leaky Abstraction In Online Experimentation Platforms: A Conceptual Framework To Categorize Common Challenges

Online experimentation platforms abstract away many of the details of ex...
research
03/29/2023

Cyber Security aboard Micro Aerial Vehicles: An OpenTitan-based Visual Communication Use Case

Autonomous Micro Aerial Vehicles (MAVs), with a form factor of 10cm in d...

Please sign up or login with your details

Forgot password? Click here to reset