Wang, Jianqiang ; Mahmoody, Pouya ; Brasser, Ferdinand ; Jauernig, Patrick ; Sadeghi, Ahmad-Reza ; Yu, Donghui ; Pan, Dahan ; Zhang, Yuanyuan (2022)
VirTEE: a full backward-compatible TEE with native live migration and secure I/O.
59th ACM/IEEE Design Automation Conference. San Francisco, USA (10.07.2022-14.07.2022)
doi: 10.1145/3489517.3530436
Conference or Workshop Item, Bibliographie
Abstract
Modern security architectures provide Trusted Execution Environments (TEEs) to protect critical data and applications against malicious privileged software in so-called enclaves. However, the seamless integration of existing TEEs into the cloud is hindered, as they require substantial adaptation of the software executing inside an enclave as well as the cloud management software to handle enclaved workloads. We tackle these challenges by presenting VirTEE, the first TEE architecture that allows strongly isolated execution of unmodified virtual machines (VMs) in enclaves, as well as secure live migration of VM enclaves between VirTEE-enabled servers. Combined with its secure I/O capabilities, VirTEE enables the integration of enclaved computing in today's complex cloud infrastructure. We thoroughly evaluate our RISC-V-based prototype, and show its effectiveness and efficiency.
Item Type: | Conference or Workshop Item |
---|---|
Erschienen: | 2022 |
Creators: | Wang, Jianqiang ; Mahmoody, Pouya ; Brasser, Ferdinand ; Jauernig, Patrick ; Sadeghi, Ahmad-Reza ; Yu, Donghui ; Pan, Dahan ; Zhang, Yuanyuan |
Type of entry: | Bibliographie |
Title: | VirTEE: a full backward-compatible TEE with native live migration and secure I/O |
Language: | English |
Date: | 23 August 2022 |
Publisher: | ACM |
Book Title: | DAC'22: Proceedings of the 59th ACM/IEEE Design Automation Conference |
Event Title: | 59th ACM/IEEE Design Automation Conference |
Event Location: | San Francisco, USA |
Event Dates: | 10.07.2022-14.07.2022 |
DOI: | 10.1145/3489517.3530436 |
Abstract: | Modern security architectures provide Trusted Execution Environments (TEEs) to protect critical data and applications against malicious privileged software in so-called enclaves. However, the seamless integration of existing TEEs into the cloud is hindered, as they require substantial adaptation of the software executing inside an enclave as well as the cloud management software to handle enclaved workloads. We tackle these challenges by presenting VirTEE, the first TEE architecture that allows strongly isolated execution of unmodified virtual machines (VMs) in enclaves, as well as secure live migration of VM enclaves between VirTEE-enabled servers. Combined with its secure I/O capabilities, VirTEE enables the integration of enclaved computing in today's complex cloud infrastructure. We thoroughly evaluate our RISC-V-based prototype, and show its effectiveness and efficiency. |
Divisions: | 20 Department of Computer Science 20 Department of Computer Science > System Security Lab Profile Areas Profile Areas > Cybersecurity (CYSEC) |
Date Deposited: | 18 Apr 2023 07:11 |
Last Modified: | 26 Jul 2023 12:41 |
PPN: | 509941524 |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Send an inquiry |
Options (only for editors)
Show editorial Details |