|Author||Adam Bozanich, Greg Osuri|
Trusted Execution Environment (TEE) guarantees code and data loaded inside to be protected with respect to confidentiality and integrity that is enforced at the processor level.
Providers execute a Tenant’s workload. Providers have physical access to the machine executing a tenant’s workload thereby can gain access to sensitive information by inspecting the memory. The unprotected access presents a challenge to secure sensitive information when running on an untrusted node.
When we use the cloud today, AWS for example, even though AWS employees can inspect your application, we trust that AWS ensures that it won’t be the case because of brand value. Akash. [DCS-8] ensure this level of trust by means of accreditation. We can enhance that trust further by providing a Trusted Execution Environment (TEE).
A TEE as an isolated execution environment provides security features such as isolated execution, the integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security to tenants than a rich operating system (OS) and more functionality than a ‘secure element’ (SE).
TEE is platform-dependent, all major providers have a form for TEE implementations as stated below.
- Ilinux-sgx: Reference implementation of a Launch Enclave for ‘Flexible Launch Control’ for Intel SGX
- linux-sgx-driver: out-of-tree driver for the Linux Intel(R) SGX software stack, which will be used until the driver upstreaming process is complete.
Opensource Implementations for TEE are incomplete, projects like Keystone are making progress in the right direction and require further analysis on practicality.