Secure Multi-threading in Keystone Enclaves

Stephan Kaminsky

EECS Department, University of California, Berkeley

Technical Report No. UCB/EECS-2021-136

May 17, 2021

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2021/EECS-2021-136.pdf

There has been a growing popularity of running applications in Enclaves. Enclaves protect an application and its data against a un-trusted and possibly malicious operating system. Because of this, trusted execution environments have been created to combat this such as Intel's SGX and ARM TrustZone. As the enclave market has begun to mature, there has been a shift in research to integrate existing legacy applications in enclaves to protect them in the cloud. Some of these enclave platforms such as SGX are limited on the size of their enclaves due to hardware limitations while other platforms like ARM TrustZone only have a single secure zone. Keystone is another framework which creates customizable TEEs based on the RISC-V architecture. It does not share the same listed limitations as SGX or TrustZone though currently does not support an enclave running on multiple harts. This limits enclaves which want to be secure and performant. This paper analyzes the different approaches of secure multi-threading in Intel's SGX and ARM TrustZone to design a model for secure multi-threading in Keystone Enclaves. The design is robust enough to allow for support of thread isolation inside an enclave which is useful in edge computing networks.There has been a growing popularity of running applications in Enclaves. Enclaves protect an application and its data against a un-trusted and possibly malicious operating system. Because of this, trusted execution environments have been created to combat this such as Intel's SGX and ARM TrustZone. As the enclave market has begun to mature, there has been a shift in research to integrate existing legacy applications in enclaves to protect them in the cloud. Some of these enclave platforms such as SGX are limited on the size of their enclaves due to hardware limitations while other platforms like ARM TrustZone only have a single secure zone. Keystone is another framework which creates customizable TEEs based on the RISC-V architecture. It does not share the same listed limitations as SGX or TrustZone though currently does not support an enclave running on multiple harts. This limits enclaves which want to be secure and performant. This paper analyzes the different approaches of secure multi-threading in Intel's SGX and ARM TrustZone to design a model for secure multi-threading in Keystone Enclaves. The design is robust enough to allow for support of thread isolation inside an enclave which is useful in edge computing networks.

Advisors: Dawn Song

BibTeX citation:

@mastersthesis{Kaminsky:EECS-2021-136,
    Author= {Kaminsky, Stephan},
    Title= {Secure Multi-threading in Keystone Enclaves},
    School= {EECS Department, University of California, Berkeley},
    Year= {2021},
    Month= {May},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2021/EECS-2021-136.html},
    Number= {UCB/EECS-2021-136},
    Abstract= {There has been a growing popularity of running applications in Enclaves. Enclaves protect an application and its data against a un-trusted and possibly malicious operating system. Because of this, trusted execution environments have been created to combat this such as Intel's SGX and ARM TrustZone. As the enclave market has begun to mature, there has been a shift in research to integrate existing legacy applications in enclaves to protect them in the cloud. Some of these enclave platforms such as SGX are limited on the size of their enclaves due to hardware limitations while other platforms like ARM TrustZone only have a single secure zone. Keystone is another framework which creates customizable TEEs based on the RISC-V architecture. It does not share the same listed limitations as SGX or TrustZone though currently does not support an enclave running on multiple harts. This limits enclaves which want to be secure and performant. This paper analyzes the different approaches of secure multi-threading in Intel's SGX and ARM TrustZone to design a model for secure multi-threading in Keystone Enclaves. The design is robust enough to allow for support of thread isolation inside an enclave which is useful in edge computing networks.There has been a growing popularity of running applications in Enclaves. Enclaves protect an application and its data against a un-trusted and possibly malicious operating system. Because of this, trusted execution environments have been created to combat this such as Intel's SGX and ARM TrustZone. As the enclave market has begun to mature, there has been a shift in research to integrate existing legacy applications in enclaves to protect them in the cloud. Some of these enclave platforms such as SGX are limited on the size of their enclaves due to hardware limitations while other platforms like ARM TrustZone only have a single secure zone. Keystone is another framework which creates customizable TEEs based on the RISC-V architecture. It does not share the same listed limitations as SGX or TrustZone though currently does not support an enclave running on multiple harts. This limits enclaves which want to be secure and performant. This paper analyzes the different approaches of secure multi-threading in Intel's SGX and ARM TrustZone to design a model for secure multi-threading in Keystone Enclaves. The design is robust enough to allow for support of thread isolation inside an enclave which is useful in edge computing networks.},
}

EndNote citation:

%0 Thesis
%A Kaminsky, Stephan 
%T Secure Multi-threading in Keystone Enclaves
%I EECS Department, University of California, Berkeley
%D 2021
%8 May 17
%@ UCB/EECS-2021-136
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2021/EECS-2021-136.html
%F Kaminsky:EECS-2021-136