TEESec: Pre-Silicon Vulnerability Discovery for Trusted Execution Environments

Ghaniyoun，Moein1; Barber，Kristin2; Xiao，Yuan3; Zhang，Yinqian4; Teodorescu，Radu1

10.1145/3579371.3589070

2023-06-17

1063-6897

Proceedings - International Symposium on Computer Architecture

489-503

Trusted execution environments (TEE) are CPU hardware extensions that provide security guarantees for applications running on untrusted operating systems. The security of TEEs is threatened by a variety of microarchitectural vulnerabilities, which have led to a large number of demonstrated attacks. While various solutions for verifying the correctness and security of TEE designs have been proposed, they generally do not extend to jointly verifying the security of the underlying microarchitecture. This paper presents TEESec, the first pre-silicon framework for discovering microarchitectural vulnerabilities in the context of trusted execution environments. TEESec is designed to jointly and systematically test the TEE and underlying microarchitecture against data and metadata leakage across isolation boundaries. We implement TEESec in the Chipyard framework and evaluate it on two open-source RISC-V out-of-order processors running the Keystone TEE. Using TEESec we uncover 10 distinct vulnerabilities in these processors that violate TEE security principles and could lead to leakage of enclave secrets.

Security Trusted Execution Environments Verification

Others

English

2-s2.0-85168881216

Scopus

1.The Ohio State University,Columbus,United States
2.Google,Mountain View,United States
3.Intel,Santa Clara,United States
4.SUSTech,Shenzhen,China

Ghaniyoun，Moein,Barber，Kristin,Xiao，Yuan,et al. TEESec: Pre-Silicon Vulnerability Discovery for Trusted Execution Environments[C],2023:489-503.