par Alder, Fritz;Van Bulck, Jo;Piessens, Frank;Mühlberg, Jan Tobias 
Référence (November 15 - 19, 2021: Virtual Event Republic of Korea), CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, page (1357 - 1372)
Publication Publié, 2021
Référence (November 15 - 19, 2021: Virtual Event Republic of Korea), CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, page (1357 - 1372)
Publication Publié, 2021
Publication dans des actes
| Résumé : | Embedded Trusted Execution Environments (TEEs) can provide strong security for software in the IoT or in critical control systems. Approaches to combine this security with real-time and availability guarantees are currently missing. In this paper we present Aion, a configurable security architecture that provides a notion of guaranteed real-time execution for dynamically loaded enclaves. We implement preemptive multitasking and restricted atomicity on top of strong enclave software isolation and attestation. Our approach allows the hardware to enforce confidentiality and integrity protections, while a decoupled small enclaved scheduler software component can enforce availability and guarantee strict deadlines of a bounded number of protected applications, without necessarily introducing a notion of priorities amongst these applications. We implement a prototype on a light-weight TEE processor and provide a case study. Our implementation can guarantee that protected applications can handle interrupts and make progress with deterministic activation latencies, even in the presence of a strong adversary with arbitrary code execution capabilities. |
