Academic literature on the topic 'Trusted Execution Environments (TEEs)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Trusted Execution Environments (TEEs).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Journal articles on the topic "Trusted Execution Environments (TEEs)"
1
Meftah, Souhail, Shuhao Zhang, Bharadwaj Veeravalli, and Khin Mi Mi Aung. "Revisiting the Design of Parallel Stream Joins on Trusted Execution Environments." Algorithms 15, no. 6 (May 25, 2022): 183. http://dx.doi.org/10.3390/a15060183.
Full textAbstract:
The appealing properties of secure hardware solutions such as trusted execution environment (TEE) including low computational overhead, confidentiality guarantee, and reduced attack surface have prompted considerable interest in adopting them for secure stream processing applications. In this paper, we revisit the design of parallel stream join algorithms on multicore processors with TEEs. In particular, we conduct a series of profiling experiments to investigate the impact of alternative design choices to parallelize stream joins on TEE including: (1) execution approaches, (2) partitioning schemes, and (3) distributed scheduling strategies. From the profiling study, we observe three major high-performance impediments: (a) the computational overhead introduced with cryptographic primitives associated with page swapping operations, (b) the restrictive Enclave Page Cache (EPC) size that limits the supported amount of in-memory processing, and (c) the lack of vertical scalability to support the increasing workload often required for near real-time applications. Addressing these issues allowed us to design SecJoin, a more efficient parallel stream join algorithm that exploits modern scale-out architectures with TEEs rendering no trade-offs on security whilst optimizing performance. We present our model-driven parameterization of SecJoin and share our experimental results which have shown up to 4-folds of improvements in terms of throughput and latency.
2
Singh, Jatinder, Jennifer Cobbe, Do Le Quoc, and Zahra Tarkhani. "Enclaves in the Clouds." Queue 18, no. 6 (December 14, 2020): 78–114. http://dx.doi.org/10.1145/3442632.3448126.
Full textAbstract:
With organizational data practices coming under increasing scrutiny, demand is growing for mechanisms that can assist organizations in meeting their data-management obligations. TEEs (trusted execution environments) provide hardware-based mechanisms with various security properties for assisting computation and data management. TEEs are concerned with the confidentiality and integrity of data, code, and the corresponding computation. Because the main security properties come from hardware, certain protections and guarantees can be offered even if the host privileged software stack is vulnerable.
3
Niu, Yue, Ramy E. Ali, and Salman Avestimehr. "3LegRace: Privacy-Preserving DNN Training over TEEs and GPUs." Proceedings on Privacy Enhancing Technologies 2022, no. 4 (October 2022): 183–203. http://dx.doi.org/10.56553/popets-2022-0105.
Full textAbstract:
Leveraging parallel hardware (e.g. GPUs) for deep neural network (DNN) training brings high computing performance. However, it raises data privacy concerns as GPUs lack a trusted environment to protect the data. Trusted execution environments (TEEs) have emerged as a promising solution to achieve privacypreserving learning. Unfortunately, TEEs’ limited computing power renders them not comparable to GPUs in performance. To improve the trade-off among privacy, computing performance, and model accuracy, we propose an asymmetric model decomposition framework, AsymML, to (1) accelerate training using parallel hardware; and (2) achieve a strong privacy guarantee using TEEs and differential privacy (DP) with much less accuracy compromised compared to DP-only methods. By exploiting the low-rank characteristics in training data and intermediate features, AsymML asymmetrically decomposes inputs and intermediate activations into low-rank and residual parts. With the decomposed data, the target DNN model is accordingly split into a trusted and an untrusted part. The trusted part performs computations on low-rank data, with low compute and memory costs. The untrusted part is fed with residuals perturbed by very small noise. Privacy, computing performance, and model accuracy are well managed by respectively delegating the trusted and the untrusted part to TEEs and GPUs. We provide a formal DP guarantee that demonstrates that, for the same privacy guarantee, combining asymmetric data decomposition and DP requires much smaller noise compared to solely using DP without decomposition. This improves the privacy-utility trade-off significantly compared to using only DP methods without decomposition. Furthermore, we present a rank bound analysis showing that the low-rank structure is preserved after each layer across the entire model. Our extensive evaluations on DNN models show that AsymML delivers 7.6× speedup in training compared to the TEE-only executions while ensuring privacy. We also demonstrate that AsymML is effective in protecting data under common attacks such as model inversion and gradient attacks.
4
Khurshid, Anum, Sileshi Demesie Yalew, Mudassar Aslam, and Shahid Raza. "TEE-Watchdog: Mitigating Unauthorized Activities within Trusted Execution Environments in ARM-Based Low-Power IoT Devices." Security and Communication Networks 2022 (May 25, 2022): 1–21. http://dx.doi.org/10.1155/2022/8033799.
Full textAbstract:
Trusted execution environments (TEEs) are on the rise in devices all around us ranging from large-scale cloud-based solutions to resource-constrained embedded devices. With the introduction of ARM TrustZone-M, hardware-assisted trusted execution is now supported in IoT nodes. TrustZone-M provides isolated execution of security-critical operations and sensitive data-generating peripherals. However, TrustZone-M, like all other TEEs, does not provide a mechanism to monitor operations in the trusted areas of the device and software in the secure areas of an IoT device has access to the entire secure and nonsecure software stack. This is crucial due to the diversity of device manufacturers and component suppliers in the market, which manifests trust issues, especially when third-party peripherals are incorporated into a TEE. Compromised TEEs can be misused for industrial espionage, data exfiltration through system backdoors, and illegal data sharing. It is of utmost importance here that system peripheral behaviour in terms of resource access is in accordance with their intended usage that is specified during integration. We propose TEE-Watchdog, a lightweight framework that establishes MPU protections for secure system peripherals in TrustZone-enabled low-end IoT devices. TEE-Watchdog ensures blocking unauthorized peripheral accesses and logging of application misbehaviour running in the TEE based on a manifest file. We define lightweight specifications and structure for the application manifest file enlisting permissions for critical system peripherals using concise binary object representation (CBOR). We implement and evaluate TEE-Watchdog using a Musca-A2 test chipboard. Our microbenchmark evaluations on CPU time and RAM usage demonstrated the practicality of TEE-Watchdog. Securing the system peripherals using TEE-Watchdog protections induced a 1.4% overhead on the latency of peripheral accesses, which was 61 microseconds on our test board. Our optimized CBOR-encoded manifest file template also showed a decrease in manifest file size by 40% as compared to the standard file formats, e.g., JSON.
5
Maliszewski, Kajetan, Jorge-Arnulfo Quiané-Ruiz, Jonas Traub, and Volker Markl. "What is the price for joining securely?" Proceedings of the VLDB Endowment 15, no. 3 (November 2021): 659–72. http://dx.doi.org/10.14778/3494124.3494146.
Full textAbstract:
Protection of personal data has been raised to be among the top requirements of modern systems. At the same time, it is now frequent that the owner of the data and the owner of the computing infrastructure are two entities with limited trust between them (e. g., volunteer computing or the hybrid-cloud). Recently, trusted execution environments (TEEs) became a viable solution to ensure the security of systems in such environments. However, the performance of relational operators in TEEs remains an open problem. We conduct a comprehensive experimental study to identify the main bottlenecks and challenges when executing relational equi-joins in TEEs. For this, we introduce TEEbench, a framework for unified benchmarking of relational operators in TEEs, and use it for conducting our experimental evaluation. In a nutshell, we perform the following experimental analysis for eight core join algorithms: off-the-shelf performance; the performance implications of data sealing and obliviousness; sensitivity and scalability. The results show that all eight join algorithms significantly suffer from different performance bottlenecks in TEEs. They can be up to three orders of magnitude slower in TEEs than on plain CPUs. Our study also indicates that existing join algorithms need a complete, hardware-aware redesign to be efficient in TEEs, and that, in secure query plans, managing TEE features is equally important to join selection.
6
Liu, Songran, Nan Guan, Zhishan Guo, and Wang Yi. "MiniTEE—A Lightweight TrustZone-Assisted TEE for Real-Time Systems." Electronics 9, no. 7 (July 11, 2020): 1130. http://dx.doi.org/10.3390/electronics9071130.
Full textAbstract:
While trusted execution environments (TEEs) provide industry standard security and isolation, TEE requests through secure monitor calls (SMCs) attribute to large time overhead and weakened temporal predictability. Moreover, as current available TEE solutions are designed for Linux and/or Android initially, it will encounter many constraints (e.g., driver libraries incompatible, large memory footprint, etc.) when integrating with low-end Real-Time Operating Systems, RTOSs. In this paper, we present MiniTEE to understand, evaluate and discuss the benefits and limitations when integrating TrustZone-assisted TEEs with RTOSs. We demonstrate how MiniTEE can be adequately exploited for meeting the real-time needs, while presenting a low performance overhead to the rich OSs (i.e., low-end RTOSs).
7
Fei, Shufan, Zheng Yan, Wenxiu Ding, and Haomeng Xie. "Security Vulnerabilities of SGX and Countermeasures." ACM Computing Surveys 54, no. 6 (July 2021): 1–36. http://dx.doi.org/10.1145/3456631.
Full textAbstract:
Trusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of the most representative TEEs that creates an isolated environment on an untrusted operating system, thus providing run-time protection for the execution of security-critical code and data. However, Intel SGX is far from the acme of perfection. It has become a target of various attacks due to its security vulnerabilities. Researchers and practitioners have paid attention to the security vulnerabilities of SGX and investigated optimization solutions in real applications. Unfortunately, existing literature lacks a thorough review of security vulnerabilities of SGX and their countermeasures. In this article, we fill this gap. Specifically, we propose two sets of criteria for estimating security risks of existing attacks and evaluating defense effects brought by attack countermeasures. Furthermore, we propose a taxonomy of SGX security vulnerabilities and shed light on corresponding attack vectors. After that, we review published attacks and existing countermeasures, as well as evaluate them by employing our proposed criteria. At last, on the strength of our survey, we propose some open challenges and future directions in the research of SGX security.
8
Choi, Joseph I., and Kevin R. B. Butler. "Secure Multiparty Computation and Trusted Hardware: Examining Adoption Challenges and Opportunities." Security and Communication Networks 2019 (April 2, 2019): 1–28. http://dx.doi.org/10.1155/2019/1368905.
Full textAbstract:
When two or more parties need to compute a common result while safeguarding their sensitive inputs, they use secure multiparty computation (SMC) techniques such as garbled circuits. The traditional enabler of SMC is cryptography, but the significant number of cryptographic operations required results in these techniques being impractical for most real-time, online computations. Trusted execution environments (TEEs) provide hardware-enforced isolation of code and data in use, making them promising candidates for making SMC more tractable. This paper revisits the history of improvements to SMC over the years and considers the possibility of coupling trusted hardware with SMC. This paper also addresses three open challenges: (1) defeating malicious adversaries, (2) mobile-friendly TEE-supported SMC, and (3) a more general coupling of trusted hardware and privacy-preserving computation.
9
Jones, Michael, Matthew Johnson, Mark Shervey, Joel T. Dudley, and Noah Zimmerman. "Privacy-Preserving Methods for Feature Engineering Using Blockchain: Review, Evaluation, and Proof of Concept." Journal of Medical Internet Research 21, no. 8 (August 14, 2019): e13600. http://dx.doi.org/10.2196/13600.
Full textAbstract:
Background The protection of private data is a key responsibility for research studies that collect identifiable information from study participants. Limiting the scope of data collection and preventing secondary use of the data are effective strategies for managing these risks. An ideal framework for data collection would incorporate feature engineering, a process where secondary features are derived from sensitive raw data in a secure environment without a trusted third party. Objective This study aimed to compare current approaches based on how they maintain data privacy and the practicality of their implementations. These approaches include traditional approaches that rely on trusted third parties, and cryptographic, secure hardware, and blockchain-based techniques. Methods A set of properties were defined for evaluating each approach. A qualitative comparison was presented based on these properties. The evaluation of each approach was framed with a use case of sharing geolocation data for biomedical research. Results We found that approaches that rely on a trusted third party for preserving participant privacy do not provide sufficiently strong guarantees that sensitive data will not be exposed in modern data ecosystems. Cryptographic techniques incorporate strong privacy-preserving paradigms but are appropriate only for select use cases or are currently limited because of computational complexity. Blockchain smart contracts alone are insufficient to provide data privacy because transactional data are public. Trusted execution environments (TEEs) may have hardware vulnerabilities and lack visibility into how data are processed. Hybrid approaches combining blockchain and cryptographic techniques or blockchain and TEEs provide promising frameworks for privacy preservation. For reference, we provide a software implementation where users can privately share features of their geolocation data using the hybrid approach combining blockchain with TEEs as a supplement. Conclusions Blockchain technology and smart contracts enable the development of new privacy-preserving feature engineering methods by obviating dependence on trusted parties and providing immutable, auditable data processing workflows. The overlap between blockchain and cryptographic techniques or blockchain and secure hardware technologies are promising fields for addressing important data privacy needs. Hybrid blockchain and TEE frameworks currently provide practical tools for implementing experimental privacy-preserving applications.
10
Koutroumpouchos, Nikolaos, Christoforos Ntantogian, and Christos Xenakis. "Building Trust for Smart Connected Devices: The Challenges and Pitfalls of TrustZone." Sensors 21, no. 2 (January 13, 2021): 520. http://dx.doi.org/10.3390/s21020520.
Full textAbstract:
TrustZone-based Trusted Execution Environments (TEEs) have been utilized extensively for the implementation of security-oriented solutions for several smart intra and inter-connected devices. Although TEEs have been promoted as the starting point for establishing a device root of trust, a number of published attacks against the most broadly utilized TEE implementations request a second view on their security. The aim of this research is to provide an analytical and educational exploration of TrustZone-based TEE vulnerabilities with the goal of pinpointing design and implementation flaws. To this end, we provide a taxonomy of TrustZone attacks, analyze them, and more importantly derive a set of critical observations regarding their nature. We perform a critical appraisal of the vulnerabilities to shed light on their underlying causes and we deduce that their manifestation is the joint effect of several parameters that lead to this situation. The most important ones are the closed implementations, the lack of security mechanisms, the shared resource architecture, and the absence of tools to audit trusted applications. Finally, given the severity of the identified issues, we propose possible improvements that could be adopted by TEE implementers to remedy and improve the security posture of TrustZone and future research directions.
Dissertations / Theses on the topic "Trusted Execution Environments (TEEs)"
1
Cole, Nigel. "Arguing Assurance in Trusted Execution Environments using Goal Structuring Notation." Thesis, Linköpings universitet, Programvara och system, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-177923.
Full textAbstract:
A trusted execution environment (TEE) is an isolated environment used for trusted execution. TEE solutions are usually proprietary and specific for a certain hardware specification, thereby limiting developers that use those TEEs. A potential solution to this issue is the use of open-source alternatives such as the TEE framework Keystone and the Reduced Instruction Set Computer V (RISC-V) hardware. These alternatives are rather young and are not as well established as the variants developed by ARM and Intel. To this end, the assurance in Keystone and RISC-V are analysed by studying a remote attestation assurance use case using the goal structuring notation (GSN) method. The aim is to investigate how GSN can be utilised to build assurance cases for TEEs on RISC-V. This thesis presents a process of how GSNs can be created to argue assurance for a TEE solution. Furthermore, Keystone operates under a specific threat model with made assumptions that may have a large impact depending on the use case. Therefore, Keystone is analysed to understand whether the framework mitigates existing vulnerabilities in TEEs. It is concluded that GSN is a viable method for arguing assurance in TEEs, providing great freedom in the creation of the GSN model. The freedom is also its weakness since the argument composition has a high impact on the argument. Furthermore, we conclude that Keystone mitigates multiple known vulnerabilities primarily through made assumptions in its threat model. These cases need to be considered by developers utilising Keystone to determine whether or not the assumptions are valid for their use case.
2
Da, Silva Mathieu. "Securing a trusted hardware environment (Trusted Execution Environment)." Thesis, Montpellier, 2018. http://www.theses.fr/2018MONTS053/document.
Full textAbstract:
Ce travail de thèse a pour cadre le projet Trusted Environment Execution eVAluation (TEEVA) (projet français FUI n°20 de Janvier 2016 à Décembre 2018) qui vise à évaluer deux solutions alternatives de sécurisation des plateformes mobiles, l’une est purement logicielle, la Whitebox Crypto, alors que l’autre intègre des éléments logiciels et matériels, le Trusted Environment Execution (TEE). Le TEE s’appuie sur la technologie TrustZone d’ARM disponible sur de nombreux chipsets du marché tels que des smartphones et tablettes Android. Cette thèse se concentre sur l’architecture TEE, l’objectif étant d’analyser les menaces potentielles liées aux infrastructures de test/debug classiquement intégrées dans les circuits pour contrôler la conformité fonctionnelle après fabrication.Le test est une étape indispensable dans la production d’un circuit intégré afin d’assurer fiabilité et qualité du produit final. En raison de l’extrême complexité des circuits intégrés actuels, les procédures de test ne peuvent pas reposer sur un simple contrôle des entrées primaires avec des patterns de test, puis sur l’observation des réponses de test produites sur les sorties primaires. Les infrastructures de test doivent être intégrées dans le matériel au moment du design, implémentant les techniques de Design-for-Testability (DfT). La technique DfT la plus commune est l’insertion de chaînes de scan. Les registres sont connectés en une ou plusieurs chaîne(s), appelé chaîne(s) de scan. Ainsi, un testeur peut contrôler et observer les états internes du circuit à travers les broches dédiées. Malheureusement, cette infrastructure de test peut aussi être utilisée pour extraire des informations sensibles stockées ou traitées dans le circuit, comme par exemple des données fortement corrélées à une clé secrète. Une attaque par scan consiste à récupérer la clé secrète d’un crypto-processeur grâce à l’observation de résultats partiellement encryptés.Des expérimentations ont été conduites sur la carte électronique de démonstration avec le TEE afin d’analyser sa sécurité contre une attaque par scan. Dans la carte électronique de démonstration, une contremesure est implémentée afin de protéger les données sensibles traitées et sauvegardées dans le TEE. Les accès de test sont déconnectés, protégeant contre les attaques exploitant les infrastructures de test, au dépend des possibilités de test, diagnostic et debug après mise en service du circuit. Les résultats d’expérience ont montré que les circuits intégrés basés sur la technologie TrustZone ont besoin d’implanter une contremesure qui protège les données extraites des chaînes de scan. Outre cette simple contremesure consistant à éviter l’accès aux chaînes de scan, des contremesures plus avancées ont été développées dans la littérature pour assurer la sécurité tout en préservant l’accès au test et au debug. Nous avons analysé un état de l’art des contremesures contre les attaques par scan. De cette étude, nous avons proposé une nouvelle contremesure qui préserve l’accès aux chaînes de scan tout en les protégeant, qui s’intègre facilement dans un système, et qui ne nécessite aucun redesign du circuit après insertion des chaînes de scan tout en préservant la testabilité du circuit. Notre solution est basée sur l’encryption du canal de test, elle assure la confidentialité des communications entre le circuit et le testeur tout en empêchant son utilisation par des utilisateurs non autorisés. Plusieurs architectures ont été étudiées, ce document rapporte également les avantages et les inconvénients des solutions envisagées en terme de sécurité et de performanceThis work is part of the Trusted Environment Execution eVAluation (TEEVA) project (French project FUI n°20 from January 2016 to December 2018) that aims to evaluate two alternative solutions for secure mobile platforms: a purely software one, the Whitebox Crypto, and a TEE solution, which integrates software and hardware components. The TEE relies on the ARM TrustZone technology available on many of the chipsets for the Android smartphones and tablets market. This thesis focuses on the TEE architecture. The goal is to analyze potential threats linked to the test/debug infrastructures classically embedded in hardware systems for functional conformity checking after manufacturing.Testing is a mandatory step in the integrated circuit production because it ensures the required quality and reliability of the devices. Because of the extreme complexity of nowadays integrated circuits, test procedures cannot rely on a simple control of primary inputs with test patterns, then observation of produced test responses on primary outputs. Test facilities must be embedded in the hardware at design time, implementing the so-called Design-for-Testability (DfT) techniques. The most popular DfT technique is the scan design. Thanks to this test-driven synthesis, registers are connected in one or several chain(s), the so-called scan chain(s). A tester can then control and observe the internal states of the circuit through dedicated scan pins and components. Unfortunately, this test infrastructure can also be used to extract sensitive information stored or processed in the chip, data strongly correlated to a secret key for instance. A scan attack consists in retrieving the secret key of a crypto-processor thanks to the observation of partially encrypted results.Experiments have been conducted during the project on the demonstrator board with the target TEE in order to analyze its security against a scan-based attack. In the demonstrator board, a countermeasure is implemented to ensure the security of the assets processed and saved in the TEE. The test accesses are disconnected preventing attacks exploiting test infrastructures but disabling the test interfaces for testing, diagnosis and debug purposes. The experimental results have shown that chips based on TrustZone technology need to implement a countermeasure to protect the data extracted from the scan chains. Besides the simple countermeasure consisting to avoid scan accesses, further countermeasures have been developed in the literature to ensure security while preserving test and debug facilities. State-of-the-art countermeasures against scan-based attacks have been analyzed. From this study, we investigate a new proposal in order to preserve the scan chain access while preventing attacks, and to provide a plug-and-play countermeasure that does not require any redesign of the scanned circuit while maintaining its testability. Our solution is based on the encryption of the test communication, it provides confidentiality of the communication between the circuit and the tester and prevents usage from unauthorized users. Several architectures have been investigated, this document also reports pros and cons of envisaged solutions in terms of security and performance
3
Mishra, Tanmaya. "Parallelizing Trusted Execution Environments for Multicore Hard Real-Time Systems." Thesis, Virginia Tech, 2019. http://hdl.handle.net/10919/89889.
Full textAbstract:
Real-Time systems are defined not only by their logical correctness but also timeliness.
Modern real-time systems, such as those controlling industrial plants or the flight controller
on UAVs, are no longer isolated. The same computing resources are shared with a variety
of other systems and software. Further, these systems are increasingly being connected
and made available over the internet with the rise of Internet of Things and the need for
automation. Many real-time systems contain sensitive code and data, which not only need to
be kept confidential but also need protection against unauthorized access and modification.
With the cheap availability of hardware supported Trusted Execution Environments (TEE)
in modern day microprocessors, securing sensitive information has become easier and more
robust. However, when applied to real-time systems, the overheads of using TEEs make
scheduling untenable. However, this issue can be mitigated by judiciously utilizing TEEs
and capturing TEE operation peculiarities to create better scheduling policies. This thesis
provides a new task model and scheduling approach, Split-TEE task model and a scheduling
approach ST-EDF. It also presents simulation results for 2 previously proposed approaches
to scheduling TEEs, T-EDF and CT-RM.Master of Science
Real-Time systems are computing systems that not only maintain the traditional purpose of any computer, i.e, to be logically correct, but also timeliness, i.e, guaranteeing an output in a given amount of time. While, traditionally, real-time systems were isolated to reduce interference which could affect the timeliness, modern real-time systems are being increasingly connected to the internet. Many real-time systems, especially those used for critical applications like industrial control or military equipment, contain sensitive code or data that must not be divulged to a third party or open to modification. In such cases, it is necessary to use methods to safeguard this information, regardless of the extra processing time/resource consumption (overheads) that it may add to the system. Modern hardware support Trusted Execution Environments (TEEs), a cheap, easy and robust mechanism to secure arbitrary pieces of code and data. To effectively use TEEs in a real-time system, the scheduling policy which decides which task to run at a given time instant, must be made aware of TEEs and must be modified to take as much advantage of TEE execution while mitigating the effect of its overheads on the timeliness guarantees of the system. This thesis presents an approach to schedule TEE augmented code and simulation results of two previously proposed approaches.
4
Fischer, Andreas [Verfasser]. "Computing on encrypted data using trusted execution environments / Andreas Fischer." Paderborn : Universitätsbibliothek, 2021. http://d-nb.info/1234058790/34.
Full text
5
Elbashir, Khalid. "Trusted Execution Environments for Open vSwitch : A security enabler for the 5G mobile network." Thesis, KTH, Radio Systems Laboratory (RS Lab), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-218070.
Full textAbstract:
The advent of virtualization introduced the need for virtual switches to interconnect virtual machines deployed in a cloud infrastructure. With Software Defined Networking (SDN), a central controller can configure these virtual switches. Virtual switches execute on commodity operating systems. Open vSwitch is an open source project that is widely used in production cloud environments. If an adversary gains access with full privileges to the operating system hosting the virtual switch, then Open vSwitch becomes vulnerable to a variety of different attacks that could compromise the whole network. The purpose of this thesis project is to improve the security of Open vSwitch implementations in order to ensure that only authenticated switches and controllers can communicate with each other, while maintaining code integrity and confidentiality of keys and certificates. The thesis project proposes a design and shows an implementation that leverages Intel® Safe Guard Extensions (SGX) technology. A new library, TLSonSGX, is implemented. This library replaces the use of the OpenSSL library in Open vSwitch. In addition to implementing standard Transport Level Security (TLS) connectivity, TLSonSGX confines TLS communication in the protected memory enclave and hence protects TLS sensitive components necessary to provide confidentiality and integrity, such as private keys and negotiated symmetric keys. Moreover, TLSonSGX introduces new, secure, and automatic means to generate keys and obtain signed certificates from a central Certificate Authority that validates using Linux Integrity Measurements Architecture (IMA) that the Open vSwitch binaries have not been tampered with before issuing a signed certificate. The generated keys and obtained certificates are stored in the memory enclave and hence never exposed as plaintext outside the enclave. This new mechanism is a replacement for the existing manual and unsecure procedures (as described in Open vSwitch project). A security analysis of the system is provided as well as an examination of performance impact of the use of a trusted execution environment. Results show that generating keys and certificates using TLSonSGX takes less than 0.5 seconds while adding 30% latency overhead for the first packet in a flow compared to using OpenSSL when both are executed on Intel® CoreTM i7-6600U processor clocked at 2.6 GHz. These results show that TLSonSGX can enhance Open vSwitch security and reduce its TLS configuration overhead.Framkomsten av virtualisering införde behovet av virtuella växlar för att koppla tillsammans virtuella maskiner placerade i molninfrastruktur. Med mjukvarubaserad nätverksteknik (SDN), kan ett centralt styrenhet konfigurera dessa virtuella växlar. Virtuella växlar kör på standardoperativsystem. Open vSwitch är ett open-source projekt som ofta används i molntjänster. Om en motståndare får tillgång med fullständiga privilegier till operativsystemet där Open vSwitch körs, blir Open vSwitch utsatt för olika attacker som kan kompromettera hela nätverket. Syftet med detta examensarbete är att förbättra säkerheten hos Open vSwitch för att garantera att endast autentiserade växlar och styrenheter kan kommunicera med varandra, samtidigt som att upprätthålla kod integritet och konfidentialitet av nycklar och certifikat. Detta examensarbete föreslår en design och visar en implementation som andvändar Intel®s Safe Guard Extensions (SGX) teknologi. Ett nytt bibliotek, TLSonSGX, är implementerat. Detta bibliotek ersätter biblioteket OpenSSL i Open vSwitch. Utöver att det implementerar ett standard “Transport Layer Security” (TLS) anslutning, TLSonSGX begränsar TLS kommunikation i den skyddade minnes enklaven och skyddar därför TLS känsliga komponenter som är nödvändiga för att ge sekretess och integritet, såsom privata nycklar och förhandlade symmetriska nycklar. Dessutom introducerar TLSonSGX nya, säkra och automatiska medel för att generera nycklar och få signerade certifikat från en central certifikatmyndighet som validerar, med hjälp av Linux Integrity Measurements Architecture (IMA), att Open vSwitch-binärerna inte har manipulerats innan de utfärdade ett signerat certifikat. De genererade nycklarna och erhållna certifikat lagras i minnes enklaven och är därför aldrig utsatta utanför enklaven. Denna nya mekanism ersätter de manuella och osäkra procedurerna som beskrivs i Open vSwitch projektet. En säkerhetsanalys av systemet ges såväl som en granskning av prestandaffekten av användningen av en pålitlig exekveringsmiljö. Resultaten visar att använda TLSonSGX för att generera nycklar och certifikat tar mindre än 0,5 sekunder medan det lägger 30% latens overhead för det första paketet i ett flöde jämfört med att använda OpenSSL när båda exekveras på Intel® Core TM processor i7-6600U klockad vid 2,6 GHz. Dessa resultat visar att TLSonSGX kan förbättra Open vSwitch säkerhet och minska TLS konfigurationskostnaden.
6
Sundblad, Anton, and Gustaf Brunberg. "Secure hypervisor versus trusted execution environment : Security analysis for mobile fingerprint identification applications." Thesis, Linköpings universitet, Databas och informationsteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-139227.
Full textAbstract:
Fingerprint identification is becoming increasingly popular as a means of authentication for handheld devices of different kinds. In order to secure such an authentication solution it is common to use a TEE implementation. This thesis examines the possibility of replacing a TEE with a hypervisor-based solution instead, with the intention of keeping the same security features that a TEE can offer. To carry out the evaluation a suitable method is constructed. This method makes use of fault trees to be able to find possible vulnerabilities in both systems, and these vulnerabilities are then documented. The vulnerabilities of both systems are also compared to each other to identify differences in how they are handled. It is concluded that if the target platform has the ability to implement a TEE solution, it can also implement the same solution using a hypervisor. However, the authors recommend against porting a working TEE solution, as TEEs often offer finished APIs for common operations that would require re-implementation in the examined hypervisor.
7
Dhar, Siddharth. "Optimizing TEE Protection by Automatically Augmenting Requirements Specifications." Thesis, Virginia Tech, 2020. http://hdl.handle.net/10919/98730.
Full textAbstract:
An increasing number of software systems must safeguard their confidential data and code, referred to as critical program information (CPI). Such safeguarding is commonly accomplished by isolating CPI in a trusted execution environment (TEE), with the isolated CPI becoming a trusted computing base (TCB). TEE protection incurs heavy performance costs, as TEE-based functionality is expensive to both invoke and execute. Despite these costs, projects that use TEEs tend to have unnecessarily large TCBs. As based on our analysis, developers often put code and data into TEE for convenience rather than protection reasons, thus not only compromising performance but also reducing the effectiveness of TEE protection.
In order for TEEs to provide maximum benefits for protecting CPI, their usage must be systematically incorporated into the entire software engineering process, starting from Requirements Engineering.
To address this problem, we present a novel approach that incorporates TEEs in the Requirements Engineering phase by using natural language processing (NLP) to classify those software requirements that are security critical and should be isolated in TEE. Our approach takes as input a requirements specification and outputs a list of annotated software requirements. The annotations recommend to the developer which corresponding features comprise CPI that should be protected in a TEE. Our evaluation results indicate that our approach identifies CPI with a high degree of accuracy to incorporate safeguarding CPI into Requirements Engineering.Master of Science
An increasing number of software systems must safeguard their confidential data like passwords, payment information, personal details, etc. This confidential information is commonly protected using a Trusted Execution Environment (TEE), an isolated environment provided by either the existing processor or separate hardware that interacts with the operating system to secure sensitive data and code. Unfortunately, TEE protection incurs heavy performance costs, with TEEs being slower than modern processors and frequent communication between the system and the TEE incurring heavy performance overhead. We discovered that developers often put code and data into TEE for convenience rather than protection purposes, thus not only hurting performance but also reducing the effectiveness of TEE protection. By thoroughly examining a project's features in the Requirements Engineering phase, which defines the project's functionalities, developers would be able to understand which features handle confidential data. To that end, we present a novel approach that incorporates TEEs in the Requirements Engineering phase by means of Natural Language Processing (NLP) tools to categorize the project requirements that may warrant TEE protection. Our approach takes as input a project's requirements and outputs a list of categorized requirements defining which requirements are likely to make use of confidential information. Our evaluation results indicate that our approach performs this categorization with a high degree of accuracy to incorporate safeguarding the confidentiality related features in the Requirements Engineering phase.
8
Fuhry, Benny [Verfasser], and Frederik [Akademischer Betreuer] Armknecht. "Secure and efficient processing of outsourced data structures using trusted execution environments / Benny Fuhry ; Betreuer: Frederik Armknecht." Mannheim : Universitätsbibliothek Mannheim, 2021. http://d-nb.info/1229835911/34.
Full text
9
Lim, Steven. "Recommending TEE-based Functions Using a Deep Learning Model." Thesis, Virginia Tech, 2021. http://hdl.handle.net/10919/104999.
Full textAbstract:
Trusted execution environments (TEEs) are an emerging technology that provides a protected hardware environment for processing and storing sensitive information. By using
TEEs, developers can bolster the security of software systems. However, incorporating
TEE into existing software systems can be a costly and labor-intensive endeavor. Software
maintenance—changing software after its initial release—is known to contribute the majority of the cost in the software development lifecycle. The first step of making use of a TEE
requires that developers accurately identify which pieces of code would benefit from being
protected in a TEE. For large code bases, this identification process can be quite tedious and
time-consuming. To help reduce the software maintenance costs associated with introducing
a TEE into existing software, this thesis introduces ML-TEE, a recommendation tool that
uses a deep learning model to classify whether an input function handles sensitive information or sensitive code. By applying ML-TEE, developers can reduce the burden of manual
code inspection and analysis. ML-TEE's model was trained and tested on functions from
GitHub repositories that use Intel SGX and on an imbalanced dataset. The accuracy of
the final model used in the recommendation system has an accuracy of 98.86% and an F1
score of 80.00%. In addition, we conducted a pilot study, in which participants were asked
to identify functions that needed to be placed inside a TEE in a third-party project. The
study found that on average, participants who had access to the recommendation system's
output had a 4% higher accuracy and completed the task 21% faster.Master of Science
Improving the security of software systems has become critically important. A trusted execution environment (TEE) is an emerging technology that can help secure software that uses or stores confidential information. To make use of this technology, developers need to identify which pieces of code handle confidential information and should thus be placed in a TEE. However, this process is costly and laborious because it requires the developers to understand the code well enough to make the appropriate changes in order to incorporate a TEE. This process can become challenging for large software that contains millions of lines of code. To help reduce the cost incurred in the process of identifying which pieces of code should be placed within a TEE, this thesis presents ML-TEE, a recommendation system that uses a deep learning model to help reduce the number of lines of code a developer needs to inspect. Our results show that the recommendation system achieves high accuracy as well as a good balance between precision and recall. In addition, we conducted a pilot study and found that participants from the intervention group who used the output from the recommendation system managed to achieve a higher average accuracy and perform the assigned task faster than the participants in the control group.
10
Arfaoui, Ghada. "Conception de protocoles cryptographiques préservant la vie privée pour les services mobiles sans contact." Thesis, Orléans, 2015. http://www.theses.fr/2015ORLE2013/document.
Full textAbstract:
Avec l'émergence de nouvelles technologies telles que le NFC (Communication à champ proche) et l'accroissement du nombre de plates-formes mobiles, les téléphones mobiles vont devenir de plus en plus indispensables dans notre vie quotidienne. Ce contexte introduit de nouveaux défis en termes de sécurité et de respect de la vie privée. Dans cette thèse, nous nous focalisons sur les problématiques liées au respect de la vie privée dans les services NFC ainsi qu’à la protection des données privées et secrets des applications mobiles dans les environnements d'exécution de confiance (TEE). Nous fournissons deux solutions pour le transport public: une solution utilisant des cartes d'abonnement (m-pass) et une autre à base de tickets électroniques (m-ticketing). Nos solutions préservent la vie privée des utilisateurs tout en respectant les exigences fonctionnelles établies par les opérateurs de transport. À cette fin, nous proposons de nouvelles variantes de signatures de groupe ainsi que la première preuve pratique d’appartenance à un ensemble, à apport nul de connaissance, et qui ne nécessite pas de calculs de couplages du côté du prouveur. Ces améliorations permettent de réduire considérablement le temps d'exécution de ces schémas lorsqu’ils sont implémentés dans des environnements contraints par exemple sur carte à puce. Nous avons développé les protocoles de m-passe et de m-ticketing dans une carte SIM standard : la validation d'un ticket ou d'un m-pass s'effectue en moins de 300ms et ce tout en utilisant des tailles de clés adéquates. Nos solutions fonctionnent également lorsque le mobile est éteint ou lorsque sa batterie est déchargée. Si les applications s'exécutent dans un TEE, nous introduisons un nouveau protocole de migration de données privées, d'un TEE à un autre, qui assure la confidentialité et l'intégrité de ces données. Notre protocole est fondé sur l’utilisation d’un schéma de proxy de rechiffrement ainsi que sur un nouveau modèle d’architecture du TEE. Enfin, nous prouvons formellement la sécurité de nos protocoles soit dans le modèle calculatoire pour les protocoles de m-pass et de ticketing soit dans le modèle symbolique pour le protocole de migration de données entre TEEThe increasing number of worldwide mobile platforms and the emergence of new technologies such as the NFC (Near Field Communication) lead to a growing tendency to build a user's life depending on mobile phones. This context brings also new security and privacy challenges. In this thesis, we pay further attention to privacy issues in NFC services as well as the security of the mobile applications private data and credentials namely in Trusted Execution Environments (TEE). We first provide two solutions for public transport use case: an m-pass (transport subscription card) and a m-ticketing validation protocols. Our solutions ensure users' privacy while respecting functional requirements of transport operators. To this end, we propose new variants of group signatures and the first practical set-membership proof that do not require pairing computations at the prover's side. These novelties significantly reduce the execution time of such schemes when implemented in resource constrained environments. We implemented the m-pass and m-ticketing protocols in a standard SIM card: the validation phase occurs in less than 300ms whilst using strong security parameters. Our solutions also work even when the mobile is switched off or the battery is flat. When these applications are implemented in TEE, we introduce a new TEE migration protocol that ensures the privacy and integrity of the TEE credentials and user's private data. We construct our protocol based on a proxy re-encryption scheme and a new TEE model. Finally, we formally prove the security of our protocols using either game-based experiments in the random oracle model or automated model checker of security protocols
Book chapters on the topic "Trusted Execution Environments (TEEs)"
1
Szefer, Jakub. "Trusted Execution Environments." In Principles of Secure Processor Architecture Design, 43–51. Cham: Springer International Publishing, 2019. http://dx.doi.org/10.1007/978-3-031-01760-5_4.
Full text
2
Keerup, Kalmer, Dan Bogdanov, Baldur Kubo, and Per Gunnar Auran. "Privacy-Preserving Analytics, Processing and Data Management." In Big Data in Bioeconomy, 157–68. Cham: Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-71069-9_12.
Full textAbstract:
AbstractTypically, data cannot be shared among competing organizations due to confidentiality or regulatory restrictions. We present several technological alternatives to solve the problem: secure multi-party computation (MPC), trusted execution environments (TEE) and multi-key fully homomorphic encryption (MKFHE). We compare these privacy-enhancing technologies from deployment and performance point of view and explain how we selected technology and machine learning methods. We introduce a demonstrator built in the DataBio project for securely combining private and public data for planning of fisheries. The secure machine learning of best catch locations is a web solution utilizing Intel® Software Guard Extensions (Intel® SGX)-based TEE and built with the Sharemind HI (Hardware Isolation) development tools. Knowing where to go fishing is a competitive advantage that a fishery is not interested to share with competitors. Therefore, joint intelligence from public and private sector data while protecting secrets of each contributing organization is an important enabler. Finally, we discuss the wider business impact of secure machine learning in situations where data confidentiality is a concern.
3
Kostiainen, Kari, N. Asokan, and Jan-Erik Ekberg. "Credential Disabling from Trusted Execution Environments." In Information Security Technology for Applications, 171–86. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012. http://dx.doi.org/10.1007/978-3-642-27937-9_12.
Full text
4
Kostiainen, Kari, Alexandra Dmitrienko, Jan-Erik Ekberg, Ahmad-Reza Sadeghi, and N. Asokan. "Key Attestation from Trusted Execution Environments." In Trust and Trustworthy Computing, 30–46. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010. http://dx.doi.org/10.1007/978-3-642-13869-0_3.
Full text
5
Mattsson, Ulf. "HSM, TPM, and Trusted Execution Environments." In Controlling Privacy and the Use of Data Assets, 211–14. Boca Raton: CRC Press, 2022. http://dx.doi.org/10.1201/9781003189664-20.
Full text
6
Martinelli, Fabio, Ilaria Matteucci, Andrea Saracino, and Daniele Sgandurra. "Remote Policy Enforcement for Trusted Application Execution in Mobile Environments." In Trusted Systems, 70–84. Cham: Springer International Publishing, 2013. http://dx.doi.org/10.1007/978-3-319-03491-1_5.
Full text
7
Ménétrey, Jämes, Christian Göttel, Anum Khurshid, Marcelo Pasin, Pascal Felber, Valerio Schiavoni, and Shahid Raza. "Attestation Mechanisms for Trusted Execution Environments Demystified." In Distributed Applications and Interoperable Systems, 95–113. Cham: Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-031-16092-9_7.
Full text
8
Amjad, Ghous, and Tarik Moataz. "Searchable Symmetric Encryption on Trusted Execution Environments." In Encyclopedia of Cryptography, Security and Privacy, 1–4. Berlin, Heidelberg: Springer Berlin Heidelberg, 2021. http://dx.doi.org/10.1007/978-3-642-27739-9_1468-1.
Full text
9
Karl, Ryan. "Quantitative and Qualitative Investigations into Trusted Execution Environments." In Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 372–83. Cham: Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-90022-9_19.
Full text
10
Koeberl, Patrick, Vinay Phegade, Anand Rajan, Thomas Schneider, Steffen Schulz, and Maria Zhdanova. "Time to Rethink: Trust Brokerage Using Trusted Execution Environments." In Trust and Trustworthy Computing, 181–90. Cham: Springer International Publishing, 2015. http://dx.doi.org/10.1007/978-3-319-22846-4_11.
Full textConference papers on the topic "Trusted Execution Environments (TEEs)"
1
Pires, Rafael Pereira, Pascal Felber, and Marcelo Pasin. "Distributed systems and trusted execution environments: Trade-offs and challenges." In XXXVIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos. Sociedade Brasileira de Computação, 2020. http://dx.doi.org/10.5753/sbrc_estendido.2020.12412.
Full textAbstract:
This extended abstract summarises my PhD thesis, which explores design strategies for distributed systems that leverage trusted execution environments (TEEs). We aim at achieving better security and privacy guarantees while maintaining or improving performance in comparison to existing equivalent approaches. To that end, we propose a few original systems that take advantage of TEEs. On top of prototypes built with Intel software guard extensions (SGX) and deployed on real hardware, we evaluate their limitations and discuss the outcomes of such an emergent technology.
2
Li, Wenhao, Yubin Xia, Long Lu, Haibo Chen, and Binyu Zang. "TEEv: virtualizing trusted execution environments on mobile platforms." In the 15th ACM SIGPLAN/SIGOPS International Conference. New York, New York, USA: ACM Press, 2019. http://dx.doi.org/10.1145/3313808.3313810.
Full text
3
Bailleu, Maurice, Donald Dragoti, Pramod Bhatotia, and Christof Fetzer. "TEE-Perf: A Profiler for Trusted Execution Environments." In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 2019. http://dx.doi.org/10.1109/dsn.2019.00050.
Full text
4
Bicakci, Kemal, Ihsan Kagan Ak, Betul Askin Ozdemir, and Mesut Gozutok. "Open-TEE is No Longer Virtual: Towards Software-Only Trusted Execution Environments Using White-Box Cryptography." In 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). IEEE, 2019. http://dx.doi.org/10.1109/tps-isa48467.2019.00029.
Full text
5
McGillion, Brian, Tanel Dettenborn, Thomas Nyman, and N. Asokan. "Open-TEE -- An Open Virtual Trusted Execution Environment." In 2015 IEEE Trustcom/BigDataSE/ISPA. IEEE, 2015. http://dx.doi.org/10.1109/trustcom.2015.400.
Full text
6
Asokan, N. "Hardware-assisted Trusted Execution Environments." In CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: ACM, 2019. http://dx.doi.org/10.1145/3319535.3364969.
Full text
7
Ekberg, Jan-Erik, Kari Kostiainen, and N. Asokan. "Trusted execution environments on mobile devices." In the 2013 ACM SIGSAC conference. New York, New York, USA: ACM Press, 2013. http://dx.doi.org/10.1145/2508859.2516758.
Full text
8
Hosam, Osama, and Fan BinYuan. "A Comprehensive Analysis of Trusted Execution Environments." In 2022 8th International Conference on Information Technology Trends (ITT). IEEE, 2022. http://dx.doi.org/10.1109/itt56123.2022.9863962.
Full text
9
Arfaoui, Ghada, Said Gharout, and Jacques Traore. "Trusted Execution Environments: A Look under the Hood." In 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud). IEEE, 2014. http://dx.doi.org/10.1109/mobilecloud.2014.47.
Full text
10
Gollamudi, Anitha, Stephen Chong, and Owen Arden. "Information Flow Control for Distributed Trusted Execution Environments." In 2019 IEEE 32nd Computer Security Foundations Symposium (CSF). IEEE, 2019. http://dx.doi.org/10.1109/csf.2019.00028.
Full textReports on the topic "Trusted Execution Environments (TEEs)"
1
Akram, Ayaz, Anna Giannakou, Venkatesh Akella, Jason Lowe-Power, and Sean Peisert. Performance Analysis of Scientific Computing Workloads on Trusted Execution Environments. Office of Scientific and Technical Information (OSTI), January 2020. http://dx.doi.org/10.2172/1768054.
Full text