While modern computing architectures rely on specialized hardware such as
accelerators to provide performance and functionality, trusted execution
environments (TEEs), one of the most promising recent developments in security,
can only protect code confined in the CPU, limiting TEEs potential and
applicability to a handful of applications. We observe that the TEEs’ hardware
trusted computing base (TCB) is fixed at design time, forcing users to rely on
(mostly untrustworthy) software to allow peripherals into the TEE. Based on
this observation, we propose PIE, a secure platform design with a configurable
hardware and software TCB, which allows us to support specialized hardware
while ensuring the least privilege principle. We introduce two new security
properties relevant to such systems: platform-wide attestation and platform
awareness. Platform-wide attestation allows to remotely verify the platform’s
current state, including the state of specialized hardware devices and how they
are connected with each other, whereas platform awareness defines how the
enclave reacts upon a change in connected devices. Together, these allow to
attest to the hardware configuration of a system and check that only the
trusted hardware with the right version of its firmware is part of the TCB
(platform-wide attestation) and will stay part of the TCB for the whole
execution (platform awareness). Finally, we present a prototype of PIE based on
RISC-V’s Keystone to show that such systems are feasible with only around 600
lines added to the software TCB, without compromising performance.

By admin