Hardening and Adapting Trusted Execution Environments for Emerging Platforms
Author(s)
Sang, Fan
Advisor(s)
Editor(s)
Collections
Supplementary to:
Permanent Link
Abstract
The rise of cloud computing, IoT, and edge computing has led users to often give up data control to third-party providers, raising security concerns. Trusted Execution Environments (TEEs), initially developed for cloud computing, create secure processor areas to protect sensitive data. However, TEEs are not yet integrated into emerging platforms due to their recency and ongoing development. Despite this, increasing security expectations and new privacy regulations necessitate adapting TEEs for these platforms. This thesis focuses on hardening and adapting TEEs for emerging platforms.
To harden existing TEEs, this thesis first presents PRIDWEN, a novel framework that dynamically synthesizes a secure TEE program that is optimally hardened against various side-channel attacks (SCAs) simultaneously. This thesis then presents SENSE, an architectural extension that allows TEE programs to subscribe to fine-grained microarchitectural events, thus improving the microarchitectural awareness of TEEs and enabling proactive defenses previously unfeasible. To enable TEEs on emerging platforms, this thesis presents PORTAL, a secure and efficient device I/O interface for Arm Confidential Compute Architecture (CCA) on modern mobile Arm processors. PORTAL addresses challenges due to memory encryption in the architectural trend of an increasing number of integrated devices within Arm processors. By leveraging Arm CCA’s memory isolation mechanism, PORTAL enforces hardware-level access control without memory encryption. PORTAL offers robust security guarantees while eliminating the overhead of memory encryption, maintaining the performance and energy requirement crucial for emerging mobile platforms.
Sponsor
Date
2024-07-25
Extent
Resource Type
Text
Resource Subtype
Dissertation