Litcius/Paper detail

Keystone

Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanović, Dawn Song

2020364 citationsDOIOpen Access PDF

Abstract

Trusted execution environments (TEEs) see rising use in devices from embedded sensors to cloud servers and encompass a range of cost, power constraints, and security threat model choices. On the other hand, each of the current vendor-specific TEEs makes a fixed set of trade-offs with little room for customization. We present Keystone---the first open-source framework for building customized TEEs. Keystone uses simple abstractions provided by the hardware such as memory isolation and a programmable layer underneath untrusted components (e.g., OS). We build reusable TEE core primitives from these abstractions while allowing platform-specific modifications and flexible feature choices. We showcase how Keystone-based TEEs run on unmodified RISC-V hardware and demonstrate the strengths of our design in terms of security, TCB size, execution of a range of benchmarks, applications, kernels, and deployment models.

Topics & Concepts

Computer scienceSoftware deploymentOperating systemEmbedded systemPersonalizationServerKey (lock)VendorSet (abstract data type)Cloud computingThreat modelDistributed computingComputer securityWorld Wide WebProgramming languageMarketingBusinessSecurity and Verification in ComputingCloud Data Security SolutionsAdvanced Malware Detection Techniques
Keystone | Litcius