2019
DOI: 10.48550/arxiv.1907.10119
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

Keystone: An Open Framework for Architecting TEEs

Dayeol Lee,
David Kohlbrenner,
Shweta Shinde
et al.

Abstract: Trusted execution environments (TEEs) are being used in all the devices from embedded sensors to cloud servers and encompass a range of cost, power constraints, and security threat model choices. On the other hand, each of the current vendor-specific TEEs makes a fixed set of trade-offs with little room for customization. We present Keystone-the first open-source framework for building customized TEEs. Keystone uses simple abstractions provided by the hardware such as memory isolation and a programmable layer … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
16
0

Year Published

2019
2019
2022
2022

Publication Types

Select...
4
2

Relationship

0
6

Authors

Journals

citations
Cited by 7 publications
(16 citation statements)
references
References 51 publications
0
16
0
Order By: Relevance
“…TEEs separate userspace code and data from the rest of the system, including higher privileged system software such as the OS kernel [37]. Multiple TEE implementations are commercially available, including Intel SGX [24], ARM TrustZone [7] and AMD SEV [4], with several others under way [57,74,86].…”
Section: Trusted Execution Environments In Cloudsmentioning
confidence: 99%
See 1 more Smart Citation
“…TEEs separate userspace code and data from the rest of the system, including higher privileged system software such as the OS kernel [37]. Multiple TEE implementations are commercially available, including Intel SGX [24], ARM TrustZone [7] and AMD SEV [4], with several others under way [57,74,86].…”
Section: Trusted Execution Environments In Cloudsmentioning
confidence: 99%
“…They exploit flaws in specific TEE implementations and can be mitigated through hardware and/or microcode changes [51]. As the maturity of different TEE implementations, especially new open-source ones [4,49,57], grows over time, such attacks will become rarer. Cache side channel attacks [16,41,68] are not specific to TEEs because they are enabled by micro-architectural resource sharing.…”
Section: Security Goals and Threat Modelmentioning
confidence: 99%
“…As a result, even if the state persistent on block B n for a smart contact C eventually becomes dirty due to dApp failure, subsequent dApps can still load clean state for the contract C from a block (prior to B n ) agreed by all parties. Although this design imposes additional requirements on underlying blockchains, it is practical and deliverable using "layertwo" protocols where smart contract executions could be decoupled from the consensus layer, for instance, via the usage of Trusted Execution Environment (e.g., Intel SGX [30] and Keystone [49]).…”
Section: Complete Atomicity For Dappsmentioning
confidence: 99%
“…Enclaves allow for a coarsegrained but strong protection against adversaries in privileged software layers. TEE architectures have been proposed for a variety of computing platforms 1 , in particular for modern high-performance computer systems, e.g., industry solutions like Intel SGX [35], AMD SEV [38], ARM TrustZone [3], or academic solutions such as Sanctum [22], Sanctuary [10], Keystone [48], or Komodo [27] to name some.…”
Section: Introductionmentioning
confidence: 99%
“…On cloud servers, massive amounts of sensitive data are aggregated and used to train proprietary machine learning models, often outside of the CPU, offloaded to hardware accelerators [84]. However, TEE architectures such as SGX [35], SEV [38] and Sanctum [22], do not consider secure I/O at all, solutions such as Keystone [48] would require additional hardware to support DMA-capable peripherals, solutions like Graviton [96] require hardware changes at the peripheral side. TrustZone [3], Sanctuary [10] and Komodo [27] cannot bind peripherals directly to individual enclaves.…”
Section: Introductionmentioning
confidence: 99%