TU Darmstadt / ULB / TUbiblio

VirTEE: a full backward-compatible TEE with native live migration and secure I/O

Wang, Jianqiang ; Mahmoody, Pouya ; Brasser, Ferdinand ; Jauernig, Patrick ; Sadeghi, Ahmad-Reza ; Yu, Donghui ; Pan, Dahan ; Zhang, Yuanyuan (2022)
VirTEE: a full backward-compatible TEE with native live migration and secure I/O.
59th ACM/IEEE Design Automation Conference. San Francisco, USA (10.07.2022-14.07.2022)
doi: 10.1145/3489517.3530436
Conference or Workshop Item, Bibliographie

Abstract

Modern security architectures provide Trusted Execution Environments (TEEs) to protect critical data and applications against malicious privileged software in so-called enclaves. However, the seamless integration of existing TEEs into the cloud is hindered, as they require substantial adaptation of the software executing inside an enclave as well as the cloud management software to handle enclaved workloads. We tackle these challenges by presenting VirTEE, the first TEE architecture that allows strongly isolated execution of unmodified virtual machines (VMs) in enclaves, as well as secure live migration of VM enclaves between VirTEE-enabled servers. Combined with its secure I/O capabilities, VirTEE enables the integration of enclaved computing in today's complex cloud infrastructure. We thoroughly evaluate our RISC-V-based prototype, and show its effectiveness and efficiency.

Item Type: Conference or Workshop Item
Erschienen: 2022
Creators: Wang, Jianqiang ; Mahmoody, Pouya ; Brasser, Ferdinand ; Jauernig, Patrick ; Sadeghi, Ahmad-Reza ; Yu, Donghui ; Pan, Dahan ; Zhang, Yuanyuan
Type of entry: Bibliographie
Title: VirTEE: a full backward-compatible TEE with native live migration and secure I/O
Language: English
Date: 23 August 2022
Publisher: ACM
Book Title: DAC'22: Proceedings of the 59th ACM/IEEE Design Automation Conference
Event Title: 59th ACM/IEEE Design Automation Conference
Event Location: San Francisco, USA
Event Dates: 10.07.2022-14.07.2022
DOI: 10.1145/3489517.3530436
Abstract:

Modern security architectures provide Trusted Execution Environments (TEEs) to protect critical data and applications against malicious privileged software in so-called enclaves. However, the seamless integration of existing TEEs into the cloud is hindered, as they require substantial adaptation of the software executing inside an enclave as well as the cloud management software to handle enclaved workloads. We tackle these challenges by presenting VirTEE, the first TEE architecture that allows strongly isolated execution of unmodified virtual machines (VMs) in enclaves, as well as secure live migration of VM enclaves between VirTEE-enabled servers. Combined with its secure I/O capabilities, VirTEE enables the integration of enclaved computing in today's complex cloud infrastructure. We thoroughly evaluate our RISC-V-based prototype, and show its effectiveness and efficiency.

Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Date Deposited: 18 Apr 2023 07:11
Last Modified: 26 Jul 2023 12:41
PPN: 509941524
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details