Preliminary Study of Trusted Execution Environments on ...
Transcript of Preliminary Study of Trusted Execution Environments on ...
![Page 1: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/1.jpg)
Preliminary Study of Trusted ExecutionEnvironments on Heterogeneous Edge Platforms
Zhenyu Ning, Jinghui Liao, Fengwei Zhang, Weisong Shi
COMPASS LabWayne State University
October 27, 2018
1
![Page 2: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/2.jpg)
Outline
I Introduction
I Trusted Execution Environment (TEE)
I Intel Software Guard eXtension (SGX)
I ARM TrustZone Technology
I AMD Secure Encrypted Virtualization Technology
I Edge Computing with TEE
I Conclusion and Future Work
2
![Page 3: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/3.jpg)
Outline
I Introduction
I Trusted Execution Environment (TEE)
I Intel Software Guard eXtension (SGX)
I ARM TrustZone Technology
I AMD Secure Encrypted Virtualization Technology
I Edge Computing with TEE
I Conclusion and Future Work
3
![Page 4: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/4.jpg)
Edge Computing
Why moving to Edge from Cloud?
4
![Page 5: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/5.jpg)
Edge Computing
Why moving to Edge from Cloud?
I Reduced network latency for time-sensitive tasks.E.g. Real-time monitoring for transportation [1].
5
![Page 6: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/6.jpg)
Edge Computing
Why moving to Edge from Cloud?
I Reduced network latency for time-sensitive tasks.E.g. Real-time monitoring for transportation [1].
I Increased efficiency for performance-sensitive tasks.E.g. Video analytics for public safety [2].
6
![Page 7: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/7.jpg)
Edge Computing
Why moving to Edge from Cloud?
I Reduced network latency for time-sensitive tasks.E.g. Real-time monitoring for transportation [1].
I Increased efficiency for performance-sensitive tasks.E.g. Video analytics for public safety [2].
I Increased privacy for sensitive data.E.g. Data of home security cameras [3].
7
![Page 8: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/8.jpg)
Edge Computing
What about the security?
8
![Page 9: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/9.jpg)
Edge Computing
What about the security?
I Close to end-user⇒ Close to manipulation
I Distributed deployment⇒ Lacking centralized protection
9
![Page 10: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/10.jpg)
Edge Computing
Solution?
10
![Page 11: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/11.jpg)
Outline
I Introduction
I Trusted Execution Environment (TEE)
I Intel Software Guard eXtension (SGX)
I ARM TrustZone Technology
I AMD Secure Encrypted Virtualization Technology
I Edge Computing with TEE
I Conclusion and Future Work
11
![Page 12: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/12.jpg)
Edge Computing
Trusted Execution Environment (TEE)
I An isolated execution environment that remains secure evenwhen the system software is compromised.
I Using hardware-assisted protection to guarantee the security.
I Different hardware vendors use different protectionmechanisms.
12
![Page 13: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/13.jpg)
Intel Software Guard eXtension (SGX)
Intel Software Guard eXtension (SGX) is proposed via threeresearch papers in 2013 [4, 5, 6].
I The user-level application creates an enclave to act as a TEE.
I The memory inside an enclave is encrypted by a hardwarememory encryption engine.
I Memory access from the outside to the enclave is prohibited.
13
![Page 14: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/14.jpg)
Intel Software Guard eXtension (SGX)
Securing Application in Untrusted OS
Untrusted Components
14
![Page 15: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/15.jpg)
Intel Software Guard eXtension (SGX)
Securing Application in Untrusted OS
Untrusted Components
Trusted Components(Enclave)
Create an Enclave
15
![Page 16: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/16.jpg)
Intel Software Guard eXtension (SGX)
Securing Application in Untrusted OS
Untrusted Components
Trusted Components(Enclave)
ECalls
16
![Page 17: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/17.jpg)
Intel Software Guard eXtension (SGX)
Securing Application in Untrusted OS
Untrusted Components
Trusted Components(Enclave)
ECalls OCalls
17
![Page 18: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/18.jpg)
ARM TrustZone Technology
ARM proposed the TrustZone Technology [7] since ARMv6 around2002.
I The CPU has secure and non-secure states.
I The RAM is partitioned to secure and non-secure regions.
I The interrupts are assigned into the secure or non-securegroup.
I Hardware peripherals can be configured as secure access only.
18
![Page 19: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/19.jpg)
ARM TrustZone Technology
Non-Secure Mode
Non-SecureEL0
Non-SecureEL1
Secure Mode
SecureEL0
SecureEL1
SecureEL3
Trigger EL3
Exception
Exception Return
19
![Page 20: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/20.jpg)
AMD Secure Encrypted Virtualization Technology
AMD Secure Encrypted Virtualization (SEV) [8, 9] Technology isreleased with AMD Secure Memory Encryption (SME) in 2016.
I Protecting the VM memory space from the hypervisor.
I Based on AMD Memory Encryption Technology and AMDSecure Processor.I Memory Encryption: An AES 128 encryption engine inside the
SoC.
I Secure Processor: A 32-bit ARM Cortex-A5 with TrustZonetechnology.
I Modification to the application is NOT required.
20
![Page 21: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/21.jpg)
AMD Secure Encrypted Virtualization Technology
Traditional Model
Hypervisor
Guest OS
Hypervisor
AMD SEV Model
Guest OS
21
![Page 22: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/22.jpg)
Outline
I Introduction
I Trusted Execution Environment (TEE)
I Intel Software Guard eXtension (SGX)
I ARM TrustZone Technology
I AMD Secure Encrypted Virtualization Technology
I Edge Computing with TEE
I Conclusion and Future Work
22
![Page 23: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/23.jpg)
Securing the Edge Computing
How to secure the Edge nodes?
23
![Page 24: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/24.jpg)
Securing the Edge Computing
How to secure the Edge nodes?
I Secure the data and computation⇒ Using existing TEEs
I Accommodate to heterogeneous Edge nodes⇒ Adopting heterogeneous TEEs on different platforms
24
![Page 25: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/25.jpg)
Securing the Edge Computing
Performance Concerns
I The switch between the trusted and untrusted componentsshould be efficient.
I The computing power inside the trusted component should behigh.
I Introducing the trusted component should not affect theperformance of the untrusted components.
25
![Page 26: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/26.jpg)
Edge Computing with Intel SGX
I Testbed Specification
I Intel Fog Node, which is designed specifically for FogComputing.
I Hardware: An octa-core Intel Xeon E3-1275 processor.
I Software: Tianocore BIOS and 64-bit Ubuntu 16.04.
26
![Page 27: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/27.jpg)
Edge Computing with Intel SGX
Experiment Setup
I Context Switch: Use RDTSC instruction to record the timeconsumption of a pair of ECall and OCall with differentparameter sizes.
I Secure Computation: Calculate MD5 of a pre-generatedrandom string with 1024 characters inside the enclave, andrecord the time consumption.
I Overall Performance: Trigger a secure computation every onesecond, and use GeekBench [10] to measure the performancescore.
27
![Page 28: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/28.jpg)
Edge Computing with Intel SGX
Table: Context Switching Time of Intel SGX on the Fog Node (µs).
Buffer Size Mean STD 95% CI
0 KB 2.039 0.066 [2.035, 2.044]1 KB 2.109 0.032 [2.107, 2.111]4 KB 2.251 0.059 [2.247, 2.254]8 KB 2.362 0.055 [2.359, 2.366]
16 KB 2.714 0.036 [2.712, 2.716]
28
![Page 29: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/29.jpg)
Edge Computing with Intel SGX
Table: Time Consumption of MD5 (µs).
CPU Mode Mean STD 95% CI
Normal 4.734 0.095 [4.728, 4.740]Enclave 6.737 0.081 [6.732, 6.742]
Table: Performance Score by GeekBench.
SensitiveComputation
Mean STD 95% CI
No 4327.33 17.124 [4323.974, 4330.686]Yes 4306.46 14.850 [4303.550, 4309.371]
29
![Page 30: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/30.jpg)
Edge Computing with ARM TrustZone
I Testbed Specification
I ARM Juno v1 development board, which represents ARM’sofficial design purpose.
I Hardware: A dual-core 800 MHZ Cortex-A57 cluster and aquad-core 700 MHZ Cortex-A53 cluster.
I Software: ARM Trusted Firmware (ATF) [11] v1.1 andAndroid 5.1.1.
30
![Page 31: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/31.jpg)
Edge Computing with ARM TrustZone
Experiment Setup
I Context Switch: Use Performance Monitor Unit (PMU) torecord the time consumption of the context switch caused bySMC instruction.
I Secure Computation: Calculate MD5 of a pre-generatedrandom string with 1024 characters in secure mode, andrecord the time consumption.
I Overall Performance: Trigger a secure computation every onesecond, and use GeekBench to measure the performance score.
31
![Page 32: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/32.jpg)
Edge Computing with ARM TrustZone
Table: Context Switching Time of ARM TrustZone (µs).
Step Mean STD 95% CI
Non-secure to Secure 0.135 0.001 [0.135, 0.135]Secure to Non-secure 0.082 0.003 [0.082, 0.083]
Overall 0.218 0.005 [0.218, 0.219]
Table: Time Consumption of MD5 (µs).
CPU Mode Mean STD 95% CI
Non-secure 8.229 0.231 [8.215, 8.244]Secure 9.670 0.171 [9.660, 9.681]
Table: Performance Score by GeekBench.
Sensitive Computation Mean STD 95% CI
No 984.70 1.878 [984.332, 985.068]Yes 983.44 3.273 [982.799, 984.082]
32
![Page 33: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/33.jpg)
Edge Computing with AMD SEV
I Testbed Specification
I A customized machine with AMD EPYC-7251 CPU.
I Hardware: 8 physical cores and 16 logic threads.
I Software: Ubuntu 16.04.5 with SEV-enabled Linux kernel4.15.10 and KVM 2.5.0.
33
![Page 34: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/34.jpg)
Edge Computing with AMD SEV
Experiment Setup
I Context Switch: Use RDTSC instruction to record the timeconsumption of the context switch caused by VMMCALL
instruction.
I Secure Computation: Calculate MD5 of a pre-generatedrandom string with 1024 characters inside the guest, andrecord the time consumption.
I Overall Performance: Trigger a secure computation every onesecond, and use GeekBench to measure the performance score.
34
![Page 35: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/35.jpg)
Edge Computing with AMD SEV
I Context switch in AMD SEV takes about 3.09 µs.
Table: Time Consumption of MD5 (µs).
CPU Mode Mean STD 95% CI
Guest OS 3.66 0.126 [3.602, 3.720]Host OS 0.70 0.005 [0.697, 0.702]
Table: Performance Score by GeekBench.
SensitiveComputation
Mean STD 95% CI
No 3425.05 41.016 [3417.011, 3433.089]Yes 3283.15 32.772 [3276.727, 3289.573]
35
![Page 36: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/36.jpg)
Edge Computing with TEE
I The context switch in all tested TEEs is efficient.
I The computing power in the TEEs provided by ARMTrustZone is lower than that out of the TEEs.
I The overall performance overhead of involving Intel SGX,ARM TrustZone, and AMD SEV in Edge Computing is0.48%, 0.13%, and 4.14%, respectively.
36
![Page 37: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/37.jpg)
Outline
I Introduction
I Trusted Execution Environment (TEE)
I Intel Software Guard eXtension (SGX)
I ARM TrustZone Technology
I AMD Secure Encrypted Virtualization Technology
I Edge Computing with TEE
I Conclusion and Future Work
37
![Page 38: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/38.jpg)
Conclusion and Future Work
I The hardware-assisted TEEs provided by different hardwarevendors make it possible to fit the security requirement ofheterogeneous Edge nodes.
I Deploying of these TEEs can efficiently improve the securityof the Edge nodes with a low performance overhead.
I In the future, we will use Asylo project from Google, an openframework for enclave applications, as a base to furtherdevelop a generic framework for TEEs on Edge platforms.
38
![Page 39: Preliminary Study of Trusted Execution Environments on ...](https://reader033.fdocuments.in/reader033/viewer/2022042221/625a276e8364bf303f719338/html5/thumbnails/39.jpg)
References I[1] B. Qi, L. Kang, and S. Banerjee, “A vehicle-based edge computing platform for transit and human mobility
analytics,” in Proceedings of the 2nd ACM/IEEE Symposium on Edge Computing (SEC’17), 2017.
[2] Q. Zhang, Z. Yu, W. Shi, and H. Zhong, “Demo abstract: Evaps: Edge video analysis for public safety,” inProceedings of the 1st IEEE/ACM Symposium on Edge Computing (SEC’16), 2016.
[3] W. Shi, J. Cao, Q. Zhang, Y. Li, and L. Xu, “Edge computing: Vision and challenges,” IEEE Internet ofThings Journal, 2016.
[4] F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar,“Innovative instructions and software model for isolated execution.” in HASP@ ISCA, 2013, p. 10.
[5] M. Hoekstra, R. Lal, P. Pappachan, V. Phegade, and J. Del Cuvillo, “Using innovative instructions to createtrustworthy software solutions.” in HASP@ ISCA, 2013, p. 11.
[6] F. McKeen, I. Alexandrovich, I. Anati, D. Caspi, S. Johnson, R. Leslie-Hurd, and C. Rozas, “Intel R© softwareguard extensions (intel R© SGX) support for dynamic memory management inside an enclave,” in Proceedingsof the Hardware and Architectural Support for Security and Privacy 2016. ACM, 2016, p. 10.
[7] ARM, “TrustZone security,”http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/index.html, 2009.
[8] D. Kaplan, J. Powell, and T. Woller, “Amd memory encryption,” White paper, Apr, 2016.
[9] D. Kaplan, “AMD x86 memory encryption technologies.” Austin, TX: USENIX Association, 2016.
[10] Primate Labs, “GeekBench,” https://www.geekbench.com/, 2016.
[11] ARM, “Trusted firmware,” https://github.com/ARM-software/arm-trusted-firmware, 2013.
39