We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR

Change to browse by:

cs

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: End-to-End Security for Distributed Event-Driven Enclave Applications on Heterogeneous TEEs

Authors: Gianluca Scopelliti (1 and 2), Sepideh Pouyanrad (2), Job Noorman (2), Fritz Alder (2), Christoph Baumann (1), Frank Piessens (2), Jan Tobias Mühlberg (2) ((1) Ericsson AB, Sweden, (2) KU Leuven, Belgium)
Abstract: This paper presents an approach to provide strong assurance of the secure execution of distributed event-driven applications on shared infrastructures, while relying on a small Trusted Computing Base. We build upon and extend security primitives provided by Trusted Execution Environments (TEEs) to guarantee authenticity and integrity properties of applications, and to secure control of input and output devices. More specifically, we guarantee that if an output is produced by the application, it was allowed to be produced by the application's source code based on an authentic trace of inputs.
We present an integrated open-source framework to develop, deploy, and use such applications across heterogeneous TEEs. Beyond authenticity and integrity, our framework optionally provides confidentiality and a notion of availability, and facilitates software development at a high level of abstraction over the platform-specific TEE layer. We support event-driven programming to develop distributed enclave applications in Rust and C for heterogeneous TEE, including Intel SGX, ARM TrustZone and Sancus.
In this article we discuss the workings of our approach, the extensions we made to the Sancus processor, and the integration of our development model with commercial TEEs. Our evaluation of security and performance aspects show that TEEs, together with our programming model, form a basis for powerful security architectures for dependable systems in domains such as Industrial Control Systems and the Internet of Things, illustrating our framework's unique suitability for a broad range of use cases which combine cloud processing, mobile and edge devices, and lightweight sensing and actuation.
Comments: 40 pages, submitted to ACM Transactions on Privacy and Security, first co-authorship between Gianluca Scopelliti and Sepideh Pouyanrad, source code available at this https URL
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:2206.01041 [cs.CR]
  (or arXiv:2206.01041v3 [cs.CR] for this version)

Submission history

From: Gianluca Scopelliti [view email]
[v1] Thu, 2 Jun 2022 13:29:38 GMT (1424kb,D)
[v2] Fri, 3 Jun 2022 08:52:35 GMT (1398kb,D)
[v3] Tue, 18 Oct 2022 14:45:59 GMT (1437kb,D)

Link back to: arXiv, form interface, contact.