We use cookies to improve your experience with our site.
Jin-Yu Gu, Hao Li, Yu-Bin Xia, Hai-Bo Chen, Cheng-Gang Qin, Zheng-Yu He. Unified Enclave Abstraction and Secure Enclave Migration on Heterogeneous Security Architectures[J]. Journal of Computer Science and Technology, 2022, 37(2): 468-486. DOI: 10.1007/s11390-021-1083-8
Citation: Jin-Yu Gu, Hao Li, Yu-Bin Xia, Hai-Bo Chen, Cheng-Gang Qin, Zheng-Yu He. Unified Enclave Abstraction and Secure Enclave Migration on Heterogeneous Security Architectures[J]. Journal of Computer Science and Technology, 2022, 37(2): 468-486. DOI: 10.1007/s11390-021-1083-8

Unified Enclave Abstraction and Secure Enclave Migration on Heterogeneous Security Architectures

  • Nowadays, application migration becomes more and more attractive.For example, it can make computation closer to data sources or make service closer to end-users,which may significantly decrease latency in edge computing.Yet, migrating applications among servers that are controlled by different platform owners raises security issues.We leverage hardware-secured trusted execution environment (TEE, aka., enclave) technologies,such as Intel SGX, AMD SEV, and ARM TrustZone, for protecting critical computations on untrusted servers.However, these hardware TEEs propose non-uniform programming abstractions andare based on heterogeneous architectures,which not only forces programmers to develop secure applications targeting some specific abstractionbut also hinders the migration of protected applications.Therefore, we propose UniTEE which gives a unified enclave programming abstractionacross the above three hardware TEEs by using a microkernel-based designand enables the secure enclave migration by integrating heterogeneous migration techniques.We have implemented the prototype on real machines.The evaluation results show the migration support incurs nearly-zero runtime overheadand the migration procedure is also efficient.

  • loading

Catalog

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return