Publicação
Providing trusted execution environments using FPGA
| Resumo: | Trusted Execution Environments (TEEs) drastically reduce the trusted computing base (TCB) of the systems by providing a secure execution environment for security-critical applications that are isolated from the operating system or the hypervisor. TEEs are often assumed to be highly secure; however, over the last few years, TEEs have been proven weak, as either TEEs built upon security-oriented hardware extensions (e.g., Arm TrustZone and Intel SGX) or resorting to dedicated secure elements were exploited multiple times. In this paper, we propose a novel TEE design, named Trusted Execution Environments On-Demand (TEEOD), which leverages the re configurable logic of FPGA-SoCs to dynamically provide secure execution environments for security-critical applications. Unlike other TEE designs, ours can provide high-bandwidth connections and physical on-chip isolation while providing configurable hard ware and software TCBs. We implemented a proof-of-concept (PoC) implementation targeting an Ultra96-V2 platform. The conducted evaluation demonstrated TEEOD can host up to 6 simultaneous enclaves with a resource usage per enclave of 7.0%, 3.8%, and 15.3% of the total LUTs, FFs, and BRAMS, respectively. |
|---|---|
| Autores principais: | Pereira, Sérgio Augusto Gomes |
| Outros Autores: | Cerdeira, David Martins; Rodrigues, Cristiano António Azevedo; Pinto, Sandro |
| Assunto: | Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática Indústria, inovação e infraestruturas |
| Ano: | 2022 |
| País: | Portugal |
| Tipo de documento: | comunicação em conferência |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Universidade do Minho |
| Idioma: | inglês |
| Origem: | RepositóriUM - Universidade do Minho |
| Resumo: | Trusted Execution Environments (TEEs) drastically reduce the trusted computing base (TCB) of the systems by providing a secure execution environment for security-critical applications that are isolated from the operating system or the hypervisor. TEEs are often assumed to be highly secure; however, over the last few years, TEEs have been proven weak, as either TEEs built upon security-oriented hardware extensions (e.g., Arm TrustZone and Intel SGX) or resorting to dedicated secure elements were exploited multiple times. In this paper, we propose a novel TEE design, named Trusted Execution Environments On-Demand (TEEOD), which leverages the re configurable logic of FPGA-SoCs to dynamically provide secure execution environments for security-critical applications. Unlike other TEE designs, ours can provide high-bandwidth connections and physical on-chip isolation while providing configurable hard ware and software TCBs. We implemented a proof-of-concept (PoC) implementation targeting an Ultra96-V2 platform. The conducted evaluation demonstrated TEEOD can host up to 6 simultaneous enclaves with a resource usage per enclave of 7.0%, 3.8%, and 15.3% of the total LUTs, FFs, and BRAMS, respectively. |
|---|