Twine: An Embedded Trusted Runtime for WebAssembly

Ménétrey, Jämes; Pasin, Marcelo; Felber, Pascal; Schiavoni, Valerio

doi:10.1109/icde51399.2021.00025

Cited by 38 publications

(23 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Wasm is naturally slower than native because of the increasing of register pressure and code size and the presence of extra branch statements, as discussed in previous work [17]. In some rare cases, Wasm may be faster than native thanks to a reduced number of cache misses, as we observed in our previous work [24]. Finally, some workloads are not well optimised when compiled in Wasm and then recompiled ahead-of-time into native code, as can be observed for the Arm versions on the left-hand side of Figure 2.…”

Section: Polybench/c Micro-benchmarkssupporting

confidence: 62%

“…While TEEs are not demonstrated in this work, these two platforms support trusted execution, namely Intel SGX for the former and Arm TrustZone for the latter. We already illustrated how Wasm could be embedded within SGX and TrustZone in our previous work [24,25].…”

Section: Performancementioning

confidence: 99%

“…PolyBench/C [29] is a CPU-bound benchmark suite comprised of various mathematical experiments and commonly used to evaluate the performance of Wasm applications and runtimes [17,13,24]. The name of the experiments have been abbreviated in this paper for conciseness.…”

Section: Polybench/c Micro-benchmarksmentioning

confidence: 99%

See 2 more Smart Citations

WebAssembly as a Common Layer for the Cloud-edge Continuum

Ménétrey

Pasin

Felber

et al. 2022

Proceedings of the 2nd Workshop on Flexible Resource and Application Management on the Edge

Self Cite

View full text Add to dashboard Cite

Over the last decade, the cloud computing landscape has transformed from centralised architecture made of large data centres to a distributed and heterogeneous architecture embracing edge and IoT processing units. This shift has created the so-called cloud-edge continuum, which closes the gap between the large datacentres and the end-user devices. Existing solutions are, however, dominated by proprietary silos and incompatible technologies, built around dedicated devices and run-time stacks. In this position paper, we motivate the need for interoperable solutions that would run seamlessly across hardware devices and software environments, while achieving good performance and a high level of security-a critical requirement for code and data processed off-premises. We argue that the technology provided by WebAssembly running on modern virtual machines and shielded within trusted execution environments, combined with a core set of services and support libraries, allows us to meet both goals. We also present preliminary results from a prototype built with these technologies and deployed on the cloud-edge continuum. CCS CONCEPTS• Security and privacy → Trusted computing; • Computer systems organization → Distributed architectures; • Software and its engineering → Interoperability; Runtime environments.

show abstract

Section: Polybench/c Micro-benchmarkssupporting

confidence: 62%

Section: Performancementioning

confidence: 99%

See 1 more Smart Citation

WebAssembly as a Common Layer for the Cloud-edge Continuum

Ménétrey

Pasin

Felber

et al. 2022

Proceedings of the 2nd Workshop on Flexible Resource and Application Management on the Edge

Self Cite

View full text Add to dashboard Cite

show abstract

“…To analyze these TEE containers, we propose a taxonomy including a set of key security properties expected from a Tcon: 1) their threat models, 2) their supports for isolation between the untrusted OS and the container (through Ecall/Ocall/exception interfaces), 3) their supports for isolation within the container (particularly for those running untrusted code), 4) their mechanism for attestation, 5) protection for storage and 6) their side-channel control. These properties are summarized from Tcon-related publications [105], [109], [50], [87], [80], [62], [81], [61], [59], [97], [48], [74] and documentations [18], [26], [34], [13]. In the rest of the section, we first present popular Tcons and their backgrounds, and then analyze them using the taxonomy.…”

Section: Survey On Mainstream Tee Containersmentioning

confidence: 99%

“…• TWINE. TWINE [81] leverages WebAssembly-Micro-Runtime (WAMR) [46] to run WASM code with WASI support. C/C++ and Rust source code developed for Linux can be easily compiled into WASI target, and TWINE also provides a SQLite example.…”

Section: A Existing Tee Containersmentioning

confidence: 99%

Understanding TEE Containers, Easy to Use? Hard to Trust

Liu¹,

Chen²,

Li³

et al. 2021

Preprint

View full text Add to dashboard Cite

As an emerging technique for confidential computing, trusted execution environment (TEE) receives a lot of attention. To better develop, deploy, and run secure applications on a TEE platform such as Intel's SGX, both academic and industrial teams have devoted much effort to developing reliable and convenient TEE containers. In this paper, we studied the isolation strategies of 15 existing TEE containers to protect secure applications from potentially malicious operating systems (OS) or untrusted applications, using a semi-automatic approach combining a feedback-guided analyzer with manual code review. Our analysis reveals the isolation protection each of these TEE containers enforces, and their security weaknesses. We observe that none of the existing TEE containers can fulfill the goal they set, due to various pitfalls in their design and implementation. We report the lessons learnt from our study for guiding the development of more secure containers, and further discuss the trend of TEE container designs. We also release our analyzer that helps evaluate the container middleware both from the enclave and from the kernel.

show abstract