Composite Enclaves: Towards Disaggregated Trusted Execution
dc.contributor.author
Schneider, Moritz
dc.contributor.author
Dhar, Aritra
dc.contributor.author
Puddu, Ivan
dc.contributor.author
Kostiainen, Kari
dc.contributor.author
Čapkun, Srdjan
dc.date.accessioned
2021-11-30T09:10:26Z
dc.date.available
2021-11-29T14:10:12Z
dc.date.available
2021-11-30T09:10:26Z
dc.date.issued
2021-11-19
dc.identifier.issn
2569-2925
dc.identifier.other
10.46586/tches.v2022.i1.630-656
en_US
dc.identifier.uri
http://hdl.handle.net/20.500.11850/517576
dc.identifier.doi
10.3929/ethz-b-000517576
dc.description.abstract
The ever-rising computation demand is forcing the move from the CPU to heterogeneous specialized hardware, which is readily available across modern datacenters through disaggregated infrastructure. On the other hand, trusted execution environments (TEEs), one of the most promising recent developments in hardware security, can only protect code confined in the CPU, limiting TEEs’ potential and applicability to a handful of applications. We observe that the TEEs’ hardware trusted computing base (TCB) is fixed at design time, which in practice leads to using untrusted software to employ peripherals in TEEs. Based on this observation, we propose composite enclaves with a configurable hardware and software TCB, allowing enclaves access to multiple computing and IO resources. Finally, we present two case studies of composite enclaves: i) an FPGA platform based on RISC-V Keystone connected to emulated peripherals and sensors, and ii) a large-scale accelerator. These case studies showcase a flexible but small TCB (2.5 KLoC for IO peripherals and drivers), with a low-performance overhead (only around 220 additional cycles for a context switch), thus demonstrating the feasibility of our approach and showing that it can work with a wide range of specialized hardware.
en_US
dc.format
application/pdf
en_US
dc.language.iso
en
en_US
dc.publisher
Ruhr-Universität Bochum
en_US
dc.rights.uri
http://creativecommons.org/licenses/by/4.0/
dc.subject
Trusted execution environments
en_US
dc.subject
RISC-V security
en_US
dc.title
Composite Enclaves: Towards Disaggregated Trusted Execution
en_US
dc.type
Journal Article
dc.rights.license
Creative Commons Attribution 4.0 International
ethz.journal.title
IACR Transactions on Cryptographic Hardware and Embedded Systems
ethz.journal.volume
2022
en_US
ethz.journal.issue
1
en_US
ethz.pages.start
630
en_US
ethz.pages.end
656
en_US
ethz.size
27 p.
en_US
ethz.version.deposit
publishedVersion
en_US
ethz.publication.place
Bochum
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::03755 - Capkun, Srdan / Capkun, Srdan
en_US
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::03755 - Capkun, Srdan / Capkun, Srdan
en_US
ethz.date.deposited
2021-11-29T14:10:18Z
ethz.source
FORM
ethz.eth
yes
en_US
ethz.availability
Open access
en_US
ethz.rosetta.installDate
2021-11-30T09:10:33Z
ethz.rosetta.lastUpdated
2024-02-02T15:27:44Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=Composite%20Enclaves:%20Towards%20Disaggregated%20Trusted%20Execution&rft.jtitle=IACR%20Transactions%20on%20Cryptographic%20Hardware%20and%20Embedded%20Systems&rft.date=2021-11-19&rft.volume=2022&rft.issue=1&rft.spage=630&rft.epage=656&rft.issn=2569-2925&rft.au=Schneider,%20Moritz&Dhar,%20Aritra&Puddu,%20Ivan&Kostiainen,%20Kari&%C4%8Capkun,%20Srdjan&rft.genre=article&rft_id=info:doi/10.46586/tches.v2022.i1.630-656&
Dateien zu diesem Eintrag
Publikationstyp
-
Journal Article [130960]