Are you an EPFL student looking for a semester project?
Work with us on data science and visualisation projects, and deploy your project as an app on top of Graph Search.
In confidential computing, the view of the system software is Manichean: the host operating system is untrusted and the TEE runtime system is fully trusted. However, the runtime system is often as complex as a full operating system, and thus is not free from bugs and exploitable vulnerabilities. Yet, it executes with complete system-level control over the enclave application, in violation of the least privilege principle. While the confidential computing research community has been striving to secure trusted software from its untrusted counterpart, efforts fall short when it comes to securing the enclave application from potentially bug-prone and vulnerable trusted runtime systems. This project describes the design of a simple RISC-V extension that prevents trusted runtime systems from accessing the enclave application's memory. We implement the hardware extension in the QEMU functional simulator and extend the Keystone TEE framework and its runtime system, Eyrie, to enforce the least privilege principle, support unmodified enclave applications, and prevent a class of Iago attacks that leverage the runtime system's unrestricted access to the enclave application's memory.
Mathias Josef Payer, Edouard Bugnion, Evangelos Marios Kogias, Adrien Ghosn, Charly Nicolas Lucien Castes, Neelu Shivprakash Kalani, Yuchen Qian
Sandro Carrara, Ali Meimandi, Ata Jedari Golparvar, Sarah Tonello
Mathias Josef Payer, Marcel Busch