T-Edge: Trusted Heterogeneous Edge Computing
- URL: http://arxiv.org/abs/2412.13905v1
- Date: Wed, 18 Dec 2024 14:45:07 GMT
- Title: T-Edge: Trusted Heterogeneous Edge Computing
- Authors: Jiamin Shen, Yao Chen, Weng-Fai Wong, Ee-Chien Chang,
- Abstract summary: This paper proposes a practical trusted execution environment design for ARM/FPGA System-on-Chip platforms.
The design features a dedicated security controller within the ARM TrustZone, overseeing FPGA reconfiguration and managing communication between CPU cores and FPGA fabrics.
We employ an automated protocol verifier, ProVerif, to validate its compliance with essential security requirements.
- Score: 11.859343440194944
- License:
- Abstract: Heterogeneous computing, which incorporates GPUs, NPUs, and FPGAs, is increasingly utilized to improve the efficiency of computer systems. However, this shift has given rise to significant security and privacy concerns, especially when the execution platform is remote. One way to tackle these challenges is to establish a trusted and isolated environment for remote program execution, while maintaining minimal overhead and flexibility. While CPU-based trusted execution has been extensively explored and found commercial success, extension to heterogeneous computing systems remains a challenge. This paper proposes a practical trusted execution environment design for ARM/FPGA System-on-Chip platforms, leveraging TrustZone's unique characteristics. The design features a dedicated security controller within the ARM TrustZone, overseeing FPGA reconfiguration and managing communication between CPU cores and FPGA fabrics. This design involves a provisioning service that enables application users to establish trust in the FPGA fabric within cloud-based computing resources provided by the platform owner, running applications developed by third-party developers and hardware manufactured by the device manufacturer. To ensure the security of our proposed system, we employ an automated protocol verifier, ProVerif, to validate its compliance with essential security requirements. Furthermore, we demonstrate the practicality of our system model by implementing a prototype application on the Xilinx MPSoC development board.
Related papers
- PUFBind: PUF-Enabled Lightweight Program Binary Authentication for FPGA-based Embedded Systems [5.8647828164413625]
Scheme is platform-agnostic and capable of operating in a "bare metal'' mode (no system software requirement) for maximum flexibility.
We demonstrate a successful prototype implementation using the open-source PicoBlaze microcontroller on AMD/Xilinx FPGA.
arXiv Detail & Related papers (2025-01-14T06:12:36Z) - Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs [2.0198678236144474]
This paper introduces a novel approach using WebAssembly to address these issues.
We present the design of a portable and fully attested publish/subscribe system as a holistic approach.
Our experimental results showcase most overheads, revealing a 1.55x decrease in message throughput when using a trusted broker.
arXiv Detail & Related papers (2023-12-01T16:37:48Z) - DASICS: Enhancing Memory Protection with Dynamic Compartmentalization [7.802648283305372]
We present the DASICS (Dynamic in-Address-Space Isolation by Code Segments) secure processor design.
It offers dynamic and flexible security protection across multiple privilege levels, addressing data flow protection, control flow protection, and secure system calls.
We have implemented hardware FPGA prototypes and software QEMU simulator prototypes based on DASICS, along with necessary modifications to system software for adaptability.
arXiv Detail & Related papers (2023-10-10T09:05:29Z) - Putting a Padlock on Lambda -- Integrating vTPMs into AWS Firecracker [49.1574468325115]
Software services place implicit trust in the cloud provider, without an explicit trust relationship.
There is currently no cloud provider that exposes Trusted Platform Module capabilities.
We improve trust by integrating a virtual TPM device into the Firecracker, originally developed by Amazon Web Services.
arXiv Detail & Related papers (2023-10-05T13:13:55Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z) - VEDLIoT -- Next generation accelerated AIoT systems and applications [4.964750143168832]
The VEDLIoT project aims to develop energy-efficient Deep Learning methodologies for distributed Artificial Intelligence of Things (AIoT) applications.
We propose a holistic approach that focuses on optimizing algorithms while addressing safety and security challenges inherent to AIoT systems.
arXiv Detail & Related papers (2023-05-09T12:35:00Z) - Monitoring ROS2: from Requirements to Autonomous Robots [58.720142291102135]
This paper provides an overview of a formal approach to generating runtime monitors for autonomous robots from requirements written in a structured natural language.
Our approach integrates the Formal Requirement Elicitation Tool (FRET) with Copilot, a runtime verification framework, through the Ogma integration tool.
arXiv Detail & Related papers (2022-09-28T12:19:13Z) - Building Your Own Trusted Execution Environments Using FPGA [16.206300249987354]
BYOTee (Build Your Own Trusted Execution Environments) is an easy-to-use infrastructure for building multiple equally secure enclaves.
BYOTee creates enclaves with customized hardware TCBs, which include softcore CPUs, block RAMs, and peripheral connections, in FPGA on demand.
arXiv Detail & Related papers (2022-03-08T17:22:52Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.