Trusted Execution Environments (TEEs) are used to protect sensitive data and run secure execution for security-critical applications, by providing an environment isolated from the rest of the system. However, over the last few years, TEEs have been proven weak, as either TEEs built upon security-oriented hardware extensions (e.g., Arm TrustZone) or resorting to dedicated secure elements were exploited multiple times. In this project, we introduce Trusted Execution Environments On-Demand (TEEOD), a novel TEE design that leverages the programmable logic (PL) in the heterogeneous system on chips (SoC) as the secure execution environment. Unlike other TEE designs, TEEOD can provide high-bandwidth connections and physical on-chip isolation. We implemented a proof-of-concept (PoC) implementation targeting an Ultra96-V2 platform. The conducted evaluation demonstrated TEEOD can host up to 6 simultaneous enclaves with a resource usage per enclave of 7.0%, 3.8%, and 15.3% of the total LUTs, FFs, and BRAMS, respectively. To demonstrate the practicability of TEEOD in real-world applications, we successfully run a legacy open-source Bitcoin wallet.
翻译:信任执行环境(TEED)被用于保护敏感数据,并通过提供与系统其他部分隔离的环境,为安全关键应用安全执行运行安全操作。然而,过去几年来,TEEEE被证明是薄弱的,因为TEEE建立在以安全为导向的硬件扩展(如Arm Trustone)上或诉诸专用安全元件的硬件扩展(如Arm Trustone)上,被多次利用。在这个项目中,我们引入了信任执行环境(TEEOD),这是一个新型TEE设计,利用芯片(SoC)上混杂系统中可编逻辑(PLP)作为安全执行环境。与其他TEE设计不同,TEEOD可以提供高带宽连接和在芯片上与物理隔离。我们实施了针对Ultra96-V2平台的验证概念(PoC)实施。我们进行的评估显示,TEEOD可以容纳6个同时的飞地,每个飞地的资源使用率为7.0%、3.8%和15.3%的总LUT、FF和BRAMS(15.3%)作为安全执行环境环境环境环境环境环境环境。成功展示了我们实际应用的TOD。