SoK: Hardware Security Support for Trustworthy Execution
This work addresses security vulnerabilities in computer systems for researchers and practitioners by providing a systematic review, but it is incremental as it synthesizes existing approaches without introducing new methods.
The paper systematizes hardware security mechanisms for trustworthy execution by analyzing them through the lens of abstraction, identifying vulnerabilities from poorly designed abstractions that obscure or reveal critical information.
In recent years, there have emerged many new hardware mechanisms for improving the security of our computer systems. Hardware offers many advantages over pure software approaches: immutability of mechanisms to software attacks, better execution and power efficiency and a smaller interface allowing it to better maintain secrets. This has given birth to a plethora of hardware mechanisms providing trusted execution environments (TEEs), support for integrity checking and memory safety and widespread uses of hardware roots of trust. In this paper, we systematize these approaches through the lens of abstraction. Abstraction is key to computing systems, and the interface between hardware and software contains many abstractions. We find that these abstractions, when poorly designed, can both obscure information that is needed for security enforcement, as well as reveal information that needs to be kept secret, leading to vulnerabilities. We summarize such vulnerabilities and discuss several research trends of this area.