Projects per year
Abstract
To ensure secure and trustworthy execution of applications in potentially insecure environments, vendors frequently embed trusted execution environments (TEE) into their systems.
Applications executed in this safe, isolated space are protected from adversaries, including a malicious operating system.
TEEs are usually build by integrating protection mechanisms directly into the processor or by using dedicated external secure elements.
However, both of these approaches only cover a narrow threat model resulting in limited security guarantees.
Enclaves nested into the application processor typically provide weak isolation between the secure and non-secure domain, especially when considering side-channel attacks.
Although external secure elements do provide strong isolation, the slow communication interface to the application processor is exposed to adversaries and restricts the use cases.
Independently of the used approach, TEEs often lack the possibility to establish secure communication to peripherals, and most operating systems executed inside TEEs do not provide state-of-the-art defense strategies, making them vulnerable to various attacks.
We argue that TEEs, such as Intel SGX or ARM TrustZone, implemented on the main application processor, are insecure, especially when considering side-channel attacks.
In this paper, we demonstrate how a heterogeneous multicore architecture can be utilized to realize a secure TEE design.
We directly embed a secure processor into our HECTOR-V architecture to provide strong isolation between the secure and non-secure domain.
The tight coupling of the TEE and the application processor enables HECTOR-V to provide mechanisms for establishing secure communication channels between different devices.
We further introduce RISC-V Secure Co-Processor (RVSCP), a security-hardened processor tailored for TEEs.
To secure applications executed inside the TEE, RVSCP provides hardware enforced control-flow integrity and rigorously restricts I/O accesses to certain execution states.
RVSCP reduces the trusted computing base to a minimum by providing operating system services directly in hardware.
Applications executed in this safe, isolated space are protected from adversaries, including a malicious operating system.
TEEs are usually build by integrating protection mechanisms directly into the processor or by using dedicated external secure elements.
However, both of these approaches only cover a narrow threat model resulting in limited security guarantees.
Enclaves nested into the application processor typically provide weak isolation between the secure and non-secure domain, especially when considering side-channel attacks.
Although external secure elements do provide strong isolation, the slow communication interface to the application processor is exposed to adversaries and restricts the use cases.
Independently of the used approach, TEEs often lack the possibility to establish secure communication to peripherals, and most operating systems executed inside TEEs do not provide state-of-the-art defense strategies, making them vulnerable to various attacks.
We argue that TEEs, such as Intel SGX or ARM TrustZone, implemented on the main application processor, are insecure, especially when considering side-channel attacks.
In this paper, we demonstrate how a heterogeneous multicore architecture can be utilized to realize a secure TEE design.
We directly embed a secure processor into our HECTOR-V architecture to provide strong isolation between the secure and non-secure domain.
The tight coupling of the TEE and the application processor enables HECTOR-V to provide mechanisms for establishing secure communication channels between different devices.
We further introduce RISC-V Secure Co-Processor (RVSCP), a security-hardened processor tailored for TEEs.
To secure applications executed inside the TEE, RVSCP provides hardware enforced control-flow integrity and rigorously restricts I/O accesses to certain execution states.
RVSCP reduces the trusted computing base to a minimum by providing operating system services directly in hardware.
| Original language | English |
|---|---|
| Title of host publication | ASIA CCS '21: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security |
| Publisher | Association of Computing Machinery |
| Pages | 187–199 |
| ISBN (Electronic) | 978-1-4503-8287-8 |
| DOIs | |
| Publication status | Published - May 2021 |
| Event | 2021 ACM Asia Conference on Computer and Communications Security - Virtuell, China Duration: 7 Jun 2021 → 11 Jun 2021 https://asiaccs2021.comp.polyu.edu.hk/ |
Conference
| Conference | 2021 ACM Asia Conference on Computer and Communications Security |
|---|---|
| Abbreviated title | ACM ASIACCS 2021 |
| Country/Territory | China |
| City | Virtuell |
| Period | 7/06/21 → 11/06/21 |
| Internet address |
Fingerprint
Dive into the research topics of 'HECTOR-V: A Heterogeneous CPU Architecture for a Secure RISC-V Execution Environment'. Together they form a unique fingerprint.Projects
- 1 Finished