Building Your Own Trusted Execution Environments Using FPGA
- URL: http://arxiv.org/abs/2203.04214v3
- Date: Sat, 11 May 2024 02:12:55 GMT
- Title: Building Your Own Trusted Execution Environments Using FPGA
- Authors: Md Armanuzzaman, Ahmad-Reza Sadeghi, Ziming Zhao,
- Abstract summary: BYOTee (Build Your Own Trusted Execution Environments) is an easy-to-use infrastructure for building multiple equally secure enclaves.
BYOTee creates enclaves with customized hardware TCBs, which include softcore CPUs, block RAMs, and peripheral connections, in FPGA on demand.
- Score: 16.206300249987354
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: In recent years, we have witnessed unprecedented growth in using hardware-assisted Trusted Execution Environments (TEE) or enclaves to protect sensitive code and data on commodity devices thanks to new hardware security features, such as Intel SGX and Arm TrustZone. Even though the proprietary TEEs bring many benefits, they have been criticized for lack of transparency, vulnerabilities, and various restrictions. For example, existing TEEs only provide a static and fixed hardware Trusted Computing Base (TCB), which cannot be customized for different applications. Existing TEEs time-share a processor core with the Rich Execution Environment (REE), making execution less efficient and vulnerable to cache side-channel attacks. Moreover, TrustZone lacks hardware support for multiple TEEs, remote attestation, and memory encryption. In this paper, we present BYOTee (Build Your Own Trusted Execution Environments), which is an easy-to-use infrastructure for building multiple equally secure enclaves by utilizing commodity Field Programmable Gate Arrays (FPGA) devices. BYOTee creates enclaves with customized hardware TCBs, which include softcore CPUs, block RAMs, and peripheral connections, in FPGA on demand. Additionally, BYOTee provides mechanisms to attest the integrity of the customized enclaves' hardware and software stacks, including bitstream, firmware, and the Security-Sensitive Applications (SSA) along with their inputs and outputs to remote verifiers. We implement a BYOTee system for the Xilinx System-on-Chip (SoC) FPGA. The evaluations on the low-end Zynq-7000 system for four SSAs and 12 benchmark applications demonstrate the usage, security, effectiveness, and performance of the BYOTee framework.
Related papers
- PUFBind: PUF-Enabled Lightweight Program Binary Authentication for FPGA-based Embedded Systems [5.8647828164413625]
Scheme is platform-agnostic and capable of operating in a "bare metal'' mode (no system software requirement) for maximum flexibility.
We demonstrate a successful prototype implementation using the open-source PicoBlaze microcontroller on AMD/Xilinx FPGA.
arXiv Detail & Related papers (2025-01-14T06:12:36Z) - An Efficiency Firmware Verification Framework for Public Key Infrastructure with Smart Grid and Energy Storage System [0.6757476692230008]
Rapid evolution of smart grids has attracted numerous nation-state actors seeking to disrupt the power infrastructure of adversarial nations.
We propose a digital signing and verification framework grounded in Public Key Infrastructure (PKI), specifically tailored for resource-constrained devices such as smart meters.
arXiv Detail & Related papers (2025-01-10T05:43:31Z) - T-Edge: Trusted Heterogeneous Edge Computing [11.859343440194944]
This paper proposes a practical trusted execution environment design for ARM/FPGA System-on-Chip platforms.
The design features a dedicated security controller within the ARM TrustZone, overseeing FPGA reconfiguration and managing communication between CPU cores and FPGA fabrics.
We employ an automated protocol verifier, ProVerif, to validate its compliance with essential security requirements.
arXiv Detail & Related papers (2024-12-18T14:45:07Z) - Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - GNN-Based Code Annotation Logic for Establishing Security Boundaries in C Code [41.10157750103835]
Securing sensitive operations in today's interconnected software landscape is crucial yet challenging.
Modern platforms rely on Trusted Execution Environments (TEEs) to isolate security sensitive code from the main system.
Code Logic (CAL) is a pioneering tool that automatically identifies security sensitive components for TEE isolation.
arXiv Detail & Related papers (2024-11-18T13:40:03Z) - Lightweight, Secure and Stateful Serverless Computing with PSL [43.025002382616066]
We present Function-as-a-Serivce (F) framework for Trusted Execution Environments (TEEs)
The framework provides rich programming language support on heterogeneous TEE hardware for statically compiled binaries and/or WebAssembly (WASM) bytecodes.
It achieves near-native execution speeds by utilizing the dynamic memory mapping capabilities of Intel SGX2.
arXiv Detail & Related papers (2024-10-25T23:17:56Z) - DIMSIM -- Device Integrity Monitoring through iSIM Applets and Distributed Ledger Technology [0.023020018305241332]
We introduce a distributed ledger technology-oriented architecture to monitor the remote devices' integrity using eUICC technology.
eUICC is a feature commonly found in industrial devices for cellular connectivity.
We present an end-to-end architecture to monitor device integrity thereby enabling all the stakeholders in the system to trust the devices.
arXiv Detail & Related papers (2024-05-16T09:13:54Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - On Practicality of Using ARM TrustZone Trusted Execution Environment for Securing Programmable Logic Controllers [8.953939389578116]
This paper investigates the application of ARM TrustZone TEE technology for enhancing the security of PLC.
Our aim is to evaluate the feasibility and practicality of the TEE-based PLCs through the proof-of-concept design and implementation using open-source software such as OP-TEE and OpenPLC.
arXiv Detail & Related papers (2024-03-08T16:55:20Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.