- 25/07/2024
- Joint Research Projects
- Hyeseon Oh
- #research, #research-project
About the Project
This project is a collective effort for expanding TEEs' (trusted execution environments) security and versatility, and also surveying on their uses. My efforts on this project spans on the following areas.
Implementing the Emulator for a TEE
Upon researching with TEEs, the greatest barrier is that we require the real device to research on it. This rarely acts for a barrier with TrustZone since most ARM devices are TrustZone-capable and ARM Holdings is also known for actively providing reference virtual environments for them. However, Intel SGX (Software Guard Extensions), which was emerging in that period, was scarcely deployed at that time. What even complicated the issue further is that the state-of-the-art version of SGX, which is SGX V2, was not yet implemented on any real hardware whatsoever back then.
With this background, we saw a need for a TEE emulator to avoid research efforts becoming vain ones. Based on OpenSGX, which implemented SGX commands on QEMU via reverse-engineering public SGX documents, we went even further to devise S-OpenSGX. S-OpenSGX went even further and lowered the emulation level to the system level, allowing production-level to be executed in theory. We also proved that we could simulate SGX V2 specifications or even hypothesize a modification for it in the effort.
The S-OpenSGX paper covers more on this topic.
Combination of inter-device TEEs
Since the System Intrusion project also covers this effort, I will explain only some points which don't overlap with that project. Via the combination of a hardware-based TEE and a software-based TEE, we could also devise a new TEE which acts as a hybrid combining features of different TEEs.
For more details including technical points, see the System Intrusion project page and the Hypernel paper page.
Contribution and Information
- Period of Contribution: 3/2017 ~ 12/2019
- Total Participants: around 7 people
- My Roles
- Contribution at emulator implementation and combination of multiple TEEs
- Co-first author of the related paper (Hypernel)
- Participating author of the related paper (S-OpenSGX)