Keystone: A Framework for Architecting TEEs
share
Trusted execution environments (TEEs) are becoming a requirement across a wide range of platforms, from embedded sensors to cloud servers, which encompass a wide range of cost and power constraints as well as security threat models. Unfortunately, each of the current vendor-specific TEEs makes a fixed choice in each of the design dimensions of deployability, trusted computing base (TCB), and threat model, with little room for customization and experimentation. To provide more flexibility, we present Keystone the first open-source framework for building customized TEEs. Keystone uses a simple abstraction of memory isolation together with a programmable layer that sits underneath untrusted components, such as the OS. We demonstrate that this is sufficient to build reusable TEE core primitives, separate from platform-specific modifications and required application features. Thus, Keystone reduces the effort for platform providers and application developers to build only those security features they need. We implement Keystone on RISC-V, an open architecture that provides a straightforward way to realize the Keystone abstractions. We showcase the benefits of our design in executing standard benchmarks, applications, and kernels on various deployment platforms.
READ FULL TEXT