an open framework for architecting tees · an open framework for architecting tees dayeol lee,...
TRANSCRIPT
![Page 1: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/1.jpg)
An Open Framework for Architecting TEEsDayeol Lee, David Kohlbrenner, Shweta Shinde,
Dawn Song, and Krste Asanovic
![Page 2: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/2.jpg)
Trusted Execution Environment (TEE)
OS
Applications
TrustworthyHardware
User Program and Data
Integrity Confidentiality
Remote Attestation
2
![Page 3: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/3.jpg)
Keystone: an Open Framework for Customizable TEEs
3
● Modular and Extensible Design○ Extensible functional and security plugins
○ Implement new features without changing core primitive
U-mode
S-mode
M-mode
User process
OS
Hypervisor
Root of TrustSecurity Monitor
EnclaveApp
Priv
ilege
Hig
her
Trusted
Untrusted
Low
er
Enclave Runtime
keystone-enclave.org Standard RISC-V HW
Has been tested on QEMU, FPGA, and SoC
● Simple and Clean Abstractions○ Core security primitive: hardware-enforced isolation
○ Memory isolation with RISC-V standard PMP
● Open Source Project○ Support research projects
○ Build an open community
![Page 4: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/4.jpg)
Keystone is NOT a Specific Design of TEE Keystone is a framework for customizable TEEs
4
![Page 5: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/5.jpg)
Keystone● Customizable TEEs
● Keystone Framework
● Keystone Plugins
● Evaluation
5
An Open Framework for Architecting TEEs
![Page 6: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/6.jpg)
TEEs are a Cornerstone Security Primitive
● Maximal Guarantees, Minimal Trust○ Authenticate itself (device)
○ Authenticate software
○ Guarantee the integrity and privacy of remote execution
6
● Foundation for new security applications○ Secure IoT sensor network
○ Decentralized applications (e.g., smart contracts/blockchain)
○ Lambda applications
○ Confidential computing in the cloud (e.g., machine learning)
![Page 7: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/7.jpg)
A New Model: Customizable TEEs
● A framework provides building blocks of TEEs
● Both the platform provider and the enclave developer can customize what primitives and guarantees a TEE should employ
○ e.g., Software Defined Network (SDN)
7
TEE Framework (Software)
Source of RandomnessSecure Boot Memory Isolation
Dynamic Allocation
Side-Channel Protection
Memory Encryption
Secure I/O
Attestation
MultithreadingSecure Timer
libc support
Compatible Hardware
![Page 8: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/8.jpg)
Why Do We Need Customizable TEEs?● Diversity of Deployments
○ Servers to sensors
● Clean Interfaces Between Manufacturers, Providers, and Developers○ Manufacturers cannot anticipate all needs or uses
● Minimize Trusted Computing Base (TCB)○ Don’t have it if you don’t need it
● Rapid Development of Security Features○ Research on defenses needs better starting places
8
![Page 9: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/9.jpg)
Can We Customize Existing TEEs?
9
![Page 10: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/10.jpg)
Why do we Need a New Framework?
10
- Specific threat model
- Slow to iterate
- Non-modifiable
- Only 2 hardware isolation domains
- Further isolation: software TCB
Existing TEE platforms are fixed points in the design space
![Page 11: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/11.jpg)
RISC-V is The Best Place to Start Keystone● Simple, Composible Primitives
○ Hardware-enforced memory isolation○ Assists verification
● Privileged Programmable Layer○ Enclaves with supervisor mode
● Open-Source Cores/SoCs○ Amenable to HW/SW co-design○ Verifiable
● Variety of Design and Deployment○ Testing ground for all use-cases
11
![Page 12: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/12.jpg)
Keystone● Customizable TEEs
● Keystone Framework
● Keystone Plugins
● Evaluation
12
An Open Framework for Architecting TEEs
![Page 13: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/13.jpg)
Keystone Trust Model
13
![Page 14: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/14.jpg)
Keystone Trust Model
14
![Page 15: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/15.jpg)
Keystone Trust Model
15
![Page 16: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/16.jpg)
Keystone Trust Model
16
![Page 17: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/17.jpg)
Keystone Trust Model
17
![Page 18: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/18.jpg)
Memory Isolation via RISC-V PMPSwitching access permissions of PMP entries at context switches
18
![Page 19: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/19.jpg)
Memory Isolation via RISC-V PMPSwitching access permissions of PMP entries at context switches
19
![Page 20: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/20.jpg)
Memory Isolation via RISC-V PMPSwitching access permissions of PMP entries at context switches
20
![Page 21: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/21.jpg)
How does Keystone Customize TEEs?
21
![Page 22: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/22.jpg)
Keystone Workflow for Customizable TEEs
22
Hardware Manufacturer
Hardware
Provisioning
PlatformProvider
Development
EnclaveDeveloper
RTeapp
DeploymentHardware
SMOS
User...
Security Monitor
Customize
Enclave App (eapp)Runtime (RT)
Customize
![Page 23: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/23.jpg)
Keystone Workflow for Customizable TEEs
23
![Page 24: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/24.jpg)
Keystone Workflow for Customizable TEEs
24
![Page 25: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/25.jpg)
Keystone● Customizable TEEs
● Keystone Framework
● Keystone Plugins
● Evaluation
25
An Open Framework for Architecting TEEs
![Page 26: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/26.jpg)
Keystone Plugins● Composable Building Blocks for TEE
○ Configured during compilation
○ Threat models (e.g., Side-channel defense)
○ Workload (e.g., Dynamic resizing)
● Support Diverse Features w/ Minimal TCB○ Virtual memory management
○ Untrusted I/O
○ Dynamic resizing
○ ...
26
TCB LoC of each components
![Page 27: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/27.jpg)
Free Memory Plugin● Enclave can allocate free memory and manage MMU at run time● Implemented on RT ~ 300 LoC
27
Page Tabletext
stack
dataheap
text
stack
dataheap
RT
EApp
Static Mapping
...
Page Tabletextdatatextdata
RT
EApp
Free Mem
Dynamic Mapping
...
![Page 28: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/28.jpg)
OS Memory
Dynamic Enclave Resizing Plugin● Intel SGXv1 enclaves cannot resize after measurement
○ Cannot dynamically add new virtual pages
○ Intel took a few years to have “dynamic memory allocation” in SGXv2
○ Intel SGXv1 has < 100 MB physical memory limit
● Memory resizing in Keystone:○ Enclave requests the OS to extend memory
○ OS calls an additional SM SBI “extend_enclave”
○ Took 2 engineer-days for prototyping (< 200 LoC)
28
Enclave Memory OS Memory
![Page 29: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/29.jpg)
Edge Call & Syscall Plugins● Call interface between trusted and untrusted domain
29
● I/O System Calls (Proxy)
● Other System Callse.g., mmap, brk, getrandom, …
● Supporting libc functions
![Page 30: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/30.jpg)
Off-the-shelf Runtime● Boot seL4 microkernel as a runtime (~8,000 LoC)
● ~ 300 LoC modification for initialization
● Passes all seL4 tests (trivial overhead over native execution)
30
![Page 31: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/31.jpg)
Keystone● Customizable TEEs
● Keystone Framework
● Keystone Plugins
● Evaluation
31
An Open Framework for Architecting TEEs
![Page 32: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/32.jpg)
Experimental Setup for Performance Evaluation
32
Platform Core #, Type
Cache Size (KB) Latency (cycles)
L1-I/D L2 L1 L2
Rocket-S 1 in-order 8/8 512 2 24
Rocket 1 in-order 16/16 512 2 24
BOOM 1 OoO 32/32 2048 4 24
FU540 4 in-order 32/32 2048 2 12-15
● Rocket/BOOM in FPGA (FireSim)● FU540 in HiFive Unleashed Board
![Page 33: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/33.jpg)
CPU-Bound Benchmarks: CoreMark, Beebs
● Enclave init latency is almost proportional to the size○ Enclave measurement dominates initialization
● No meaningful overhead in user application (±0.7%)
33
![Page 34: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/34.jpg)
I/O Benchmark: IOZone
34
![Page 35: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/35.jpg)
I/O Benchmark: IOZone
35
![Page 36: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/36.jpg)
Plugin Performance Trade-offs
36
![Page 37: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/37.jpg)
Cache Partitioning Plugin● 50:50 Cache Way-Partitioning with FU540 L2 controller● Flush L1 + L2 partition on context switch
37
![Page 38: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/38.jpg)
Cache Partitioning Plugin● 50:50 Cache Way-Partitioning with FU540 L2 controller● Flush L1 + L2 partition on context switch
38
![Page 39: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/39.jpg)
Cache Partitioning Plugin● 50:50 Cache Way-Partitioning with FU540 L2 controller● Flush L1 + L2 partition on context switch
39
![Page 40: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/40.jpg)
Cache Partitioning Plugin● 50:50 Cache Way-Partitioning with FU540 L2 controller● Flush L1 + L2 partition on context switch
40
● Overhead Depends on the Working Set Size○ Up to 128.19% (miniz) L2 partitioning overhead
○ L1 flush overhead was trivial with the default context switch period (10 ms)
![Page 41: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/41.jpg)
Cache Partitioning Plugin● 50:50 Cache Way-Partitioning with FU540 L2 controller● Flush L1 + L2 partition on context switch
41
● Overhead Depends on the Working Set Size○ Up to 128.19% (miniz) L2 partitioning overhead
○ L1 flush overhead was trivial with the default context switch period (10 ms)
![Page 42: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/42.jpg)
Dynamic Resizing Plugin● Machine Learning (Inferencing in Torch, 9 Models, 2 Datasets)
42
● Keystone Overhead over Baseline○ Min -3.12% (LeNet) due to lack of page faults
○ Max 7.35% (DenseNet) due to mmap implementation
● Reduced Initialization Latency with Dynamic Resizing○ Runtime does not initialize free memory with dynamic resizing
![Page 43: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/43.jpg)
Is Keystone Expressive Enough to Run Real-World Applications?
43
![Page 44: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/44.jpg)
Real-World Use Cases
44
● Machine Learning Inference ○ Eyrie (3,000 LoC) + Torch Models (21,000-34,000 LoC)
○ seL4 (8,000 LoC) + FANN (14,000 LoC)
● Secure Communication, Crypto Libraries ○ Using libsodium
○ https://github.com/keystone-enclave/keystone-demo
![Page 45: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/45.jpg)
Conclusion● Keystone: an Open Framework for Architecting TEEs
○ Customizable TEE for various threat models & workloads
● Keystone Plugins○ Memory Management: free memory, dynamic resizing○ Functionality: syscalls and muslibc support○ Security: cache way partitioning
● Evaluation○ Trade offs between performance, security, TCB, and functionality
45
keystone-enclave.org
![Page 46: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/46.jpg)
Future Work● TEE for Small Devices (e.g., embedded, microcontroller)
○ RV32, M/U-only ISA
● Formal Verification○ Hardware, Security Monitor, and the Runtime
● Concurrent Multithreading
● More Plugins○ Secure I/O, Sealing, Page Swapping, MEE ...
● More Front-end Support○ RUST, Google Asylo, Microsoft OpenEnclave, ...
46
![Page 47: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/47.jpg)
Keystone Team
47
![Page 48: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/48.jpg)
Project Links● Deployment:
○ QEMU / SiFive Unleashed: https://github.com/keystone-enclave/keystone○ FireSim (FPGA): https://github.com/keystone-enclave/keystone-firesim
● Documentation: ○ Website/Blog: https://keystone-enclave.org○ Development Docs: https://docs.keystone-enclave.org
● Technical Paper:○ arXiv: https://arxiv.org/abs/1907.10119
48
![Page 49: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/49.jpg)
Thank You!
49
Dayeol Lee ([email protected])David Kohlbrenner ([email protected])Shweta Shinde ([email protected])Forum ([email protected])Announcement ([email protected])
![Page 50: An Open Framework for Architecting TEEs · An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Trusted Execution Environment](https://reader036.vdocuments.us/reader036/viewer/2022071213/602b4b98388f9f785d386c87/html5/thumbnails/50.jpg)
Operation Breakdown● Measurement (SHA3) dominates enclave creation
50
Enclave Measurement
Other Operations
● Context switch latency is trivial (~2.5 Kcycles)