uTango: an open-source TEE for IoT devices

Oliveira, Daniel V.; Gomes, Tiago; Pinto, Sandro

doi:10.48550/arxiv.2102.03625

Cited by 1 publication

(2 citation statements)

References 26 publications

(47 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…S/T Haven [21] X SGXIO [81] X+H SGX-FPGA [82] X+F KeyStone [52] R Sanctum [32] R CURE [20] R Composite Encl. [71] R SANCTUARY [24] A TrustICE [77] A vTZ [43] A+H Ambassy [45] A+F − − − uTango [62] M Graviton [80] G HECTOR-V [60] N TEEOD [73] F To address the single TEE issue, vTZ [43] provides each guest virtual machine with a virtualized guest TEE by running a monitor within the secure world, which virtualizes memory mapping and world switching for the guest TEEs on Cortex-A TrustZone. SANCTUARY [24] addresses the same drawback by utilizing the memory access controller to provide multidomain isolation for sensitive applications.…”

Section: E Performance On the Low-end Microblaze Softcore Cpumentioning

confidence: 99%

“…TrustICE [77] creates multiple isolated computing environments in the normal domain and runs a monitor in the secure world. uTango [62] use the secure attribution unit of Cortex-M to create multiple secure execution environments within the non-secure state. The uTango kernel runs in the secure state privileged level, while other applications, services, OSes are isolated in their own non-secure state domains.…”

Section: E Performance On the Low-end Microblaze Softcore Cpumentioning

confidence: 99%

See 1 more Smart Citation

BYOTee: Towards Building Your Own Trusted Execution Environments Using FPGA

Armanuzzaman¹,

Zhao²

2022

Preprint

View full text Add to dashboard Cite

In recent years, we have witnessed unprecedented growth in using hardware-assisted Trusted Execution Environments (TEE) or enclaves to protect sensitive code and data on commodity devices thanks to new hardware security features, such as Intel SGX and Arm TrustZone. Even though the proprietary TEEs bring many benefits, they have been criticized for lack of transparency, vulnerabilities, and various restrictions. For example, existing TEEs only provide a static and fixed hardware Trusted Computing Base (TCB), which cannot be customized for different applications. Existing TEEs time-share a processor core with the Rich Execution Environment (REE), making execution less efficient and vulnerable to cache sidechannel attacks. Moreover, TrustZone lacks hardware support for multiple TEEs, remote attestation, and memory encryption.In this paper, we present BYOTEE (Build Your Own Trusted Execution Environments), which is an easy-to-use infrastructure for building multiple equally secure enclaves by utilizing commodity Field Programmable Gate Arrays (FPGA) devices. BYOTEE creates enclaves with customized hardware TCBs, which include softcore CPUs, block RAMs, and peripheral connections, in FPGA on demand. Additionally, BYOTEE provides mechanisms to attest the integrity of the customized enclaves' hardware and software stacks, including bitstream, firmware, and the Security-Sensitive Applications (SSA) along with their inputs and outputs to remote verifiers. We implement a BYOTEE system for the Xilinx System-on-Chip (SoC) FPGA. The evaluations on the low-end Zynq-7000 system for four SSAs and 12 benchmark applications demonstrate the usage, security, effectiveness, and performance of the BYOTEE framework.

show abstract