Composite Enclaves: Towards Disaggregated Trusted Execution
نویسندگان
چکیده
The ever-rising computation demand is forcing the move from CPU to heterogeneous specialized hardware, which readily available across modern datacenters through disaggregated infrastructure. On other hand, trusted execution environments (TEEs), one of most promising recent developments in hardware security, can only protect code confined CPU, limiting TEEs’ potential and applicability a handful applications. We observe that computing base (TCB) fixed at design time, practice leads using untrusted software employ peripherals TEEs. Based on this observation, we propose composite enclaves with configurable TCB, allowing access multiple IO resources. Finally, present two case studies enclaves: i) an FPGA platform based RISC-V Keystone connected emulated sensors, ii) large-scale accelerator. These showcase flexible but small TCB (2.5 KLoC for drivers), low-performance overhead (only around 220 additional cycles context switch), thus demonstrating feasibility our approach showing it work wide range hardware.
منابع مشابه
Towards an Open Framework Leveraging a Trusted Execution Environment
Sensor data is a core component of big data. The abundance of sensor data combined with advances in data integration and data mining entails a great opportunity to develop innovative applications. However, data about our movements, our energy consumption or our biometry are personal data that we should have full control over. Likewise, companies face a trade-off as the benefits of innovative se...
متن کاملTowards Enhancing Web Application Security Using Trusted Execution
The web continues to serve as a powerful medium through which various services and resources can be exposed or consumed through web applications. Web application platforms such as webinos facilitate communication between the various smart devices in a personal network. Although modern web applications use various cryptographic techniques for authentication and encryption, the security of these ...
متن کاملThe Trusted Execution Module: Commodity General-Purpose Trusted Computing
This paper introduces the Trusted Execution Module (TEM); a high-level specification for a commodity chip that can execute usersupplied procedures in a trusted environment. The TEM is capable of securely executing partially-encrypted procedures/closures expressing arbitrary computation. These closures can be generated by any (potentially untrusted) party who knows the TEM’s public encryption ke...
متن کاملSatem: Trusted Service Code Execution across Transactions
Web services and service oriented architectures are becoming the de facto standard for Internet computing. A main problem faced by users of such services is how to ensure that the service code is trusted. While methods that guarantee trusted service code execution before starting a client-service transaction exist, there is no solution for extending this assurance to the entire lifetime of the ...
متن کاملKey Attestation from Trusted Execution Environments
Credential platforms implemented on top of Trusted Execution Environments (TrEEs) allow users to store and use their credentials, e.g., cryptographic keys or user passwords, securely. One important requirement for a TrEE-based credential platform is the ability to attest that a credential has been created and is kept within the TrEE. Credential properties, such as usage permissions, should be a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IACR transactions on cryptographic hardware and embedded systems
سال: 2021
ISSN: ['2569-2925']
DOI: https://doi.org/10.46586/tches.v2022.i1.630-656