Abstract
Commodity operating systems are considered vulnerable. Therefore, when an application handles security-sensitive data, it is highly recommended to run the application in a trusted execution environment. In response to this demand, hardware-based trusted execution environments such as Intel SGX and ARM TrustZone have been developed in commodity computers. However, hardware-based approaches cannot be quickly upgraded to address design vulnerabilities or to reflect customer feedback. In this paper, we propose SofTEE, a software framework to support a trusted execution environment for user applications. For a trusted execution environment, SofTEE should support memory isolation and attestation. For memory isolation, SofTEE relies on kernel deprivileging which delegates the execution of privileged operations such as memory management, from a kernel to a special module called a security monitor. To reduce the overhead of switching between the deprivileged kernel and the security monitor, SofTEE proposes an efficient management mechanism of the address space identifier. SofTEE supports attestation by assuming minimal hardware functionalities of random entropy and root of trust. The main challenge of SofTEE is to guarantee security properties like confidentiality and integrity of security-sensitive applications. For security analysis, we have identified security invariants that SofTEE should meet for confidentiality and integrity guarantees. Based on the security invariants, we have designed and prototyped each component of SofTEE on a Raspberry Pi 3 board. SofTEE produces about 3% overhead in case of a security-sensitive application with long execution time and 23% overhead in case of a security-sensitive application with short execution time.
Highlights
Trusted execution environment (TEE) is an isolated environment that protects user code and data from a malicious kernel
We propose SofTEE, a software framework to implement a TEE for user applications without relying on special hardware features or complicated compiler techniques
From a security perspective, protecting the trusted application is more complex than building a trusted kernel execution environment for the following reasons: 1) it should protect the confidentiality of the security monitor against the compromised kernel because the security monitor includes trusted application context; 2) it should ensure the confidentiality and integrity of the security monitor against trusted applications
Summary
Trusted execution environment (TEE) is an isolated environment that protects user code and data from a malicious kernel. Park: SofTEE for User Applications on special hardware features, e.g. ARM TrustZone [5], Intel SGX [6]. Software-based TEEs can be used together with hardwarebased TEEs. In this paper, we propose SofTEE, a software framework to implement a TEE for user applications without relying on special hardware features or complicated compiler techniques. SofTEE applies a technique called kernel deprivileging to delegate some privileged operations, such as memory management, to a special software module called a ‘security monitor’. A CPU privilege mode in SofTEE is logically divided into a normal mode and a secure mode Based on these two virtual CPU modes, it is possible to support TEEs by software in SofTEE. SofTEE provides a trusted execution environment for secure-sensitive applications, denoted as TAs, without special hardware features.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
