Building Your Own Trusted Execution Environments Using FPGA
- URL: http://arxiv.org/abs/2203.04214v3
- Date: Sat, 11 May 2024 02:12:55 GMT
- Title: Building Your Own Trusted Execution Environments Using FPGA
- Authors: Md Armanuzzaman, Ahmad-Reza Sadeghi, Ziming Zhao,
- Abstract summary: BYOTee (Build Your Own Trusted Execution Environments) is an easy-to-use infrastructure for building multiple equally secure enclaves.
BYOTee creates enclaves with customized hardware TCBs, which include softcore CPUs, block RAMs, and peripheral connections, in FPGA on demand.
- Score: 16.206300249987354
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: In recent years, we have witnessed unprecedented growth in using hardware-assisted Trusted Execution Environments (TEE) or enclaves to protect sensitive code and data on commodity devices thanks to new hardware security features, such as Intel SGX and Arm TrustZone. Even though the proprietary TEEs bring many benefits, they have been criticized for lack of transparency, vulnerabilities, and various restrictions. For example, existing TEEs only provide a static and fixed hardware Trusted Computing Base (TCB), which cannot be customized for different applications. Existing TEEs time-share a processor core with the Rich Execution Environment (REE), making execution less efficient and vulnerable to cache side-channel attacks. Moreover, TrustZone lacks hardware support for multiple TEEs, remote attestation, and memory encryption. In this paper, we present BYOTee (Build Your Own Trusted Execution Environments), which is an easy-to-use infrastructure for building multiple equally secure enclaves by utilizing commodity Field Programmable Gate Arrays (FPGA) devices. BYOTee creates enclaves with customized hardware TCBs, which include softcore CPUs, block RAMs, and peripheral connections, in FPGA on demand. Additionally, BYOTee provides mechanisms to attest the integrity of the customized enclaves' hardware and software stacks, including bitstream, firmware, and the Security-Sensitive Applications (SSA) along with their inputs and outputs to remote verifiers. We implement a BYOTee system for the Xilinx System-on-Chip (SoC) FPGA. The evaluations on the low-end Zynq-7000 system for four SSAs and 12 benchmark applications demonstrate the usage, security, effectiveness, and performance of the BYOTee framework.
Related papers
- Lightweight, Secure and Stateful Serverless Computing with PSL [43.025002382616066]
We present Function-as-a-Serivce (F) framework for Trusted Execution Environments (TEEs)
The framework provides rich programming language support on heterogeneous TEE hardware for statically compiled binaries and/or WebAssembly (WASM) bytecodes.
It achieves near-native execution speeds by utilizing the dynamic memory mapping capabilities of Intel SGX2.
arXiv Detail & Related papers (2024-10-25T23:17:56Z) - Designing and Implementing a Generator Framework for a SIMD Abstraction Library [53.84310825081338]
We present TSLGen, a novel end-to-end framework for generating an SIMD abstraction library.
We show that our framework is comparable to existing libraries, and we achieve the same performance results.
arXiv Detail & Related papers (2024-07-26T13:25:38Z) - DIMSIM -- Device Integrity Monitoring through iSIM Applets and Distributed Ledger Technology [0.023020018305241332]
We introduce a distributed ledger technology-oriented architecture to monitor the remote devices' integrity using eUICC technology.
eUICC is a feature commonly found in industrial devices for cellular connectivity.
We present an end-to-end architecture to monitor device integrity thereby enabling all the stakeholders in the system to trust the devices.
arXiv Detail & Related papers (2024-05-16T09:13:54Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - On Practicality of Using ARM TrustZone Trusted Execution Environment for Securing Programmable Logic Controllers [8.953939389578116]
This paper investigates the application of ARM TrustZone TEE technology for enhancing the security of PLC.
Our aim is to evaluate the feasibility and practicality of the TEE-based PLCs through the proof-of-concept design and implementation using open-source software such as OP-TEE and OpenPLC.
arXiv Detail & Related papers (2024-03-08T16:55:20Z) - Assessing the Performance of OpenTitan as Cryptographic Accelerator in Secure Open-Hardware System-on-Chips [4.635794094881707]
OpenTitan is an open-source silicon root-of-trust designed to be deployed in a wide range of systems.
There has been no accurate and quantitative establishment of the benefits derived from using OpenTitan as a secure accelerator.
This paper addresses this gap by thoroughly analysing strengths and inefficiencies when offloading cryptographic workloads to OpenTitan.
arXiv Detail & Related papers (2024-02-16T01:35:40Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - Abusing Processor Exception for General Binary Instrumentation on Bare-metal Embedded Devices [11.520387655426521]
PIFER (Practical Instrumenting Framework for Embedded fiRmware) enables general and fine-grained static binary instrumentation for embedded bare-metal firmware.
We propose an instruction translation-based scheme to guarantee the correct execution of the original firmware after patching.
arXiv Detail & Related papers (2023-11-28T05:32:20Z) - RIPencapsulation: Defeating IP Encapsulation on TI MSP Devices [6.4241197750493475]
This paper uncovers two fundamental weaknesses in IP Encapsulation (IPE), the TEE deployed by Texas Instruments for MSP430 and MSP432 devices.
We implement an attack called RIPencapsulation, which executes portions of code within the IPE and uses the partial state revealed through the register file to exfiltrate secret data.
arXiv Detail & Related papers (2023-10-25T08:00:59Z) - SOCI^+: An Enhanced Toolkit for Secure OutsourcedComputation on Integers [50.608828039206365]
We propose SOCI+ which significantly improves the performance of SOCI.
SOCI+ employs a novel (2, 2)-threshold Paillier cryptosystem with fast encryption and decryption as its cryptographic primitive.
Compared with SOCI, our experimental evaluation shows that SOCI+ is up to 5.4 times more efficient in computation and 40% less in communication overhead.
arXiv Detail & Related papers (2023-09-27T05:19:32Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.