DCS 12: Trusted Execution Environment (TEE) Source

AuthorAdam Bozanich, Greg Osuri
Discussions-Tohttps://github.com/ovrclk/dcs/issues/10
StatusDraft
TypeStandards Track
CategoryCore
Created2020-03-17

Summary

Trusted Execution Environment (TEE) guarantees code and data loaded inside to be protected with respect to confidentiality and integrity that is enforced at the processor level.

Motivation

Providers execute a Tenant’s workload. Providers have physical access to the machine executing a tenant’s workload thereby can gain access to sensitive information by inspecting the memory. The unprotected access presents a challenge to secure sensitive information when running on an untrusted node.

Rationale

When we use the cloud today, AWS for example, even though AWS employees can inspect your application, we trust that AWS ensures that it won’t be the case because of brand value. Akash. [DCS-8] ensure this level of trust by means of accreditation. We can enhance that trust further by providing a Trusted Execution Environment (TEE).

A TEE as an isolated execution environment provides security features such as isolated execution, the integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security to tenants than a rich operating system (OS) and more functionality than a ‘secure element’ (SE).

TEE is platform-dependent, all major providers have a form for TEE implementations as stated below.

Hardware Support

SDKs

  • Ilinux-sgx: Reference implementation of a Launch Enclave for ‘Flexible Launch Control’ for Intel SGX
  • linux-sgx-driver: out-of-tree driver for the Linux Intel(R) SGX software stack, which will be used until the driver upstreaming process is complete.

Further Research

Opensource Implementations for TEE are incomplete, projects like Keystone are making progress in the right direction and require further analysis on practicality.