CHERI-TrEE: Flexible enclaves on capability machines

Thomas Van Strydonck *, Job Noorman , Jennifer Jackson, Leonardo Dias, Robin Vanderstraeten , David Oswald, Frank Piessens, Dominique Devriese

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

804 Downloads (Pure)

Abstract

This paper studies the integration of two successful hardware-supported security mechanisms: capabilities and enclaved execution. Capabilities are a powerful and flexible security mechanism for implementing fine-grained memory access control and compartmentalizing untrusted or buggy software components. Capabilities have a long history but have gained significant momentum recently, as evidenced by ARM’s experimental Morello processor that supports the Capability Hardware Enhanced RISC Instructions (CHERI). Enclaved execution is a popular mechanism for dynamically creating Trusted Execution Environments (TEEs), called enclaves. Enclaves are isolated execution contexts that protect the integrity and confidentiality of software in the enclave (even against compromised system software) and that support attestation.Integrating capabilities and enclaved execution in a single processor is challenging because they overlap partially in their security objectives, and a clean integration should unify the way in which these overlapping objectives are achieved. In addition, it is not obvious how attestation should interact with capabilities. In this paper, we propose CHERI-TrEE: a novel design for a processor that cleanly integrates support for both capabilities and enclaved execution. CHERI-TrEE targets low-end embedded systems without virtual memory. We show that CHERI-TrEE is greater than the sum of its parts by showing how it naturally supports useful features that have traditionally been hard to support in enclaved execution, like dynamically growing and shrinking enclaves, non-contiguous and nested enclaves, sharing of memory between enclaves etc. We implement our proposal both in hardware on a RISC-V processor, as well as in a small software hypervisor on top of ARM Morello, and evaluate impact on performance and hardware resources.
Original languageEnglish
Title of host publicationEuroS&P - 8th IEEE European Symposium on Security and Privacy
PublisherIEEE
Pages1143-1159
Number of pages17
ISBN (Electronic)978-1-6654-6512-0
ISBN (Print)978-1-6654-6513-7
DOIs
Publication statusPublished - 3 Jul 2023
Event8th IEEE European Symposium on Security and Privacy - Delft, Netherlands
Duration: 3 Jul 20237 Jul 2023
https://eurosp2023.ieee-security.org/

Publication series

NameIEEE European Symposium on Security and Privacy
PublisherIEEE
ISSN (Print)2768-0649
ISSN (Electronic)2768-0657

Conference

Conference8th IEEE European Symposium on Security and Privacy
Abbreviated titleEuroS&P 2023
Country/TerritoryNetherlands
CityDelft
Period3/07/237/07/23
Internet address

Fingerprint

Dive into the research topics of 'CHERI-TrEE: Flexible enclaves on capability machines'. Together they form a unique fingerprint.

Cite this