Advertisement
Check these out next
Attestation Mechanisms for Trusted Execution Environments Demystified - Presentation slides
Mar. 24, 2023•0 likes•17 views
0 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Software
The presentation slides of the paper Attestation Mechanisms for Trusted Execution Environments Demystified, published in the proceedings of the 22nd IFIP International Conference on Distributed Applications and Interoperable Systems, June 2022. Read the publication here: https://arxiv.org/abs/2206.03780 This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197.
Jämes MénétreyFollow
University of NeuchâtelAdvertisement
Advertisement
Advertisement
Recommended
WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for T...Jämes Ménétrey
Secure IOT GatewayLF Events
Java in the Air: A Case Study for Java-based Environment Monitoring StationsEurotech
Acceleration_and_Security_draft_v2Srinivasa Addepalli
People Counting: Internet of Things in Motion at JavaOne 2013Eurotech
Sfa community of practice a natural way of buildingChuck Speicher
Attestation Mechanisms for Trusted Execution Environments Demystified - Presentation slides
- Attestation Mechanisms for Trusted Execution Environments Demystified Jämes Ménétrey1 Christian Göttel1 Anum Khurshid2 Marcelo Pasin1 Pascal Felber1 Valerio Schiavoni1 Shahid Raza2 1 University of Neuchâtel, Switzerland 2 RISE Research Institutes of Sweden June 13-17, 2022 17th International Conference on Distributed Applications and Interoperable Systems (DAIS ’22), Lucca, Italy 🇮🇹
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Context Hardware VMM Company OS Software stack Trusted by cloud providers Your apps Trusted by you Developers Cloud providers Your apps Attack surface of your apps • We process and store sensitive data in clouds or on IoT edge devices. • Developers deploy trusted apps on systems they assume to be trustworthy. • TEEs reduce the attack surface and help obtaining remote attestation. 2
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Remote attestation primer (ietf-rats) Attester Veri fi er Relying party Evidence Attestation result Claims H( ) Reference values Reference Value Provider = ? • The attester issues an evidence, which is examined by a verifier and reports to a relying party. • An evidence is a set of claims (e.g., code measurement). 3 Code measurement ② Sending quote ① Provision references values ③ Verification result
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Scope of this survey: available technologies 4 TEEs Intel AMD Arm RISC-V Sanctum LIRA-V
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Intel SGX remote attestation 5 Enclave Process Operating system Hardware High-level architecture of Intel SGX • The enclave are located within the process that spawn it. • Split the application into two parts: secure and unsecure.
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Intel SGX remote attestation (EPID) 6 Enclave (Attester) SGX quoting enclave ② Local attestation ① Challenge Trusted service (Veri fi er) ③ Quote (evidence) Report (claims) ④ Send evidence Intel attestation (Verifier) ⑤ Validate evidence ⑥ Provision data Enclave Process Operating system Hardware High-level architecture
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Intel SGX remote attestation (DCAP) 7 Enclave (Attester) SGX quoting enclave ② Local attestation ① Challenge Trusted service (Veri fi er) ③ Quote (evidence) Report (claims) ④ Send evidence Intel attestation (Verifier) ⑤ Validate evidence ⑥ Provision data Enclave Process Operating system Hardware High-level architecture Intel SGX Certi fi cation Service NEW: ⓪ Download certificates for Intel SGX CPUs
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Arm TrustZone-A 8 TA Process OS Secure monitor High-level architecture of TrustZone-A Trusted OS Normal world Secure world • Available on processors of Cortex-A series. • Split the devices into two worlds.
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Arm TrustZone-A TA Process OS Secure monitor High-level architecture Trusted OS • TrustZone does not provide a built-in remote attestation mechanism. • We demonstrate an extension found in literature [1]. 9 1Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments, Shepherd C. et al., ARES ’17 *Evidence = System state + H( ) TA Endorser OP-TEE Trusted Measurer TA TA Authenticated boot Signing keys Trusted Measurer OP-TEE TA TA System A System B ① Challenge ② Evidence* B ③ Evidence* A Signing keys
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Arm TrustZone-M 10 TA Process OS Hardware High-level architecture of TrustZone-M Firmware Normal world Secure world • Designed for very small devices. • Available on processors of Cortex-M series.
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 AMD SEV-SNP 11 Process Process OS Hypervisor High-level architecture of AMD SEV-SNP OS Firmware/Hardware Secure virtual machine (TEE) • Secure code execution using virtual machines.
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 AMD SEV-SNP 12 Process Process OS Hypervisor High-level architecture OS Firmware/Hardware Verifier SNP Guest (Attester) AMD Firmware AMD Hardware ① Challenge Challenge (claims) ② IOCTL request ③ Report (evidence) ④ Send evidence ⑤ Provision data
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 RISC-V: general purpose TEEs Keystone • Sanctum is a TEE construction that mimics Intel SGX. • Keystone is a composable framework for TEEs with enclaves comprised of a runtime and an enclave apps. • TEE enforced using a secure monitor and PMP. • Measurements are made by the secure monitor, based on the application code during initialisation. • Remote attestation: similar to Intel SGX. 13 Eapp Process OS Secure monitor Keystone Hardware (PMP) Runtime Enclave Enclave Process Operating system Secure monitor Sanctum Hardware (PMP)
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 RISC-V: IoT edge tailored TEEs (1) • TIMBER-V uses memory tagging to instantiate TEEs for small devices. • Measurements are made by Tag root, based on the application code during initialisation. • Remote attestation: Tag root signs the evidence using a MAC (symmetric crypto). 14 Process OS TIMBER-V Hardware Tag root Process
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 RISC-V: IoT edge tailored TEEs (2) • LIRA-V works with programs in supervisor and machine RISC-V modes and attest regions of memory. • Measurements are made by the Root of trust and measures at runtime. • Remote attestation: mutual, similarly to the Arm TrustZone’s state-of- the-art. 15 Process Root of trust (ROM) LIRA-V Hardware (PMP) Process Mem
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Which TEE is the best fit for me? It depends on the deployment scenarios. 16
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 TEEs characteristics Server-grade General purpose IoT Industrial TEEs Many domains Mutual attestation Encrypted DRAM Local attestation Find more criteria in the paper. 17 LIRA-V Sanctum
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Future perspective 18
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Perspectives for the future: Intel TDX • Intel TDX deploys hardware-isolated virtual machines: Trust Domains (TD). • TDX runs legacy applications on regular OSes, similarly to AMD SEV. • The TDX module isolates the TD thanks to new CPU instructions. • TDX reuses the SGX attestation to support remote attestation: • Initial measurement during TD build process • Can be extended to measure additional data at run-time 19 Regular Virtual Machines Secure Trust Domains TDX module VM TDX-aware VMM Hardware VM TD TD TD VM High-level architecture of Intel TDX
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Perspectives for the future: Arm CCA • Arm CCA deploys hardware-isolated virtual machines: Realm VM. • RME is the hardware extension that introduce a new world: the Realm. • Unlike TrustZone, the Realm has shielded memory (encryption + integrity). • CCA provides attestation of the platform & initial state of the realm. 20 TA Process OS Secure monitor High-level architecture of Arm CCA Trusted OS Realm VM Hypervisor RMM Realm VM SPM Realm Realm Management Monitor Secure Partition Manager Normal Secure
- Ménétrey et al. — Attestation Mechanisms for Trusted Execution Environments Demystified — DAIS ’22 / 21 Thanks for your attention! Takeaway • Remote attestation ensures the genuineness of deployed applications in TEEs. • There are many TEEs, but no “one size fits all” TEE, it depends on the usage. • Industrial solutions have well-documented (and undiscovered?) flaws. Emerging solutions lack hindsight. • New TEEs design tend to be VM-based (AMD SEV, Intel TDX, Arm CCA). 21 Read me online!
Advertisement