Towards a Trusted Execution Environment via Reconfigurable FPGA
This addresses security-critical applications by providing a more robust TEE design, though it appears incremental as it builds on existing hardware concepts.
The paper tackles the vulnerability of existing Trusted Execution Environments (TEEs) by introducing TEEOD, a novel design using programmable logic in SoCs for secure execution, achieving up to 6 simultaneous enclaves with resource usage per enclave of 7.0% LUTs, 3.8% FFs, and 15.3% BRAMs.
Trusted Execution Environments (TEEs) are used to protect sensitive data and run secure execution for security-critical applications, by providing an environment isolated from the rest of the system. However, over the last few years, TEEs have been proven weak, as either TEEs built upon security-oriented hardware extensions (e.g., Arm TrustZone) or resorting to dedicated secure elements were exploited multiple times. In this project, we introduce Trusted Execution Environments On-Demand (TEEOD), a novel TEE design that leverages the programmable logic (PL) in the heterogeneous system on chips (SoC) as the secure execution environment. Unlike other TEE designs, TEEOD can provide high-bandwidth connections and physical on-chip isolation. We implemented a proof-of-concept (PoC) implementation targeting an Ultra96-V2 platform. The conducted evaluation demonstrated TEEOD can host up to 6 simultaneous enclaves with a resource usage per enclave of 7.0%, 3.8%, and 15.3% of the total LUTs, FFs, and BRAMS, respectively. To demonstrate the practicability of TEEOD in real-world applications, we successfully run a legacy open-source Bitcoin wallet.