MATEE: Multimodal Attestation for Trusted Execution Environments
Publikation: Beitrag zu Konferenzen › Paper › Beigetragen › Begutachtung
Beitragende
Abstract
Confidential computing services enable users to run their workloads in Trusted Execution Environments (TEEs) leveraging secure hardware like Intel SGX, and verify them by performing remote attestation. This process offers necessary proof for the integrity of users’ software and the authenticity of the hardware, signed by a hardware-specific attestation key. Recent side-channel attacks have successfully retrieved such keys, enabling attackers to forge the attestation data and thereby undermining users’ trust in their TEE. If the attestation proof is bound to a second hardware root of trust impervious to side-channel attacks, then the remote attestation process can maintain its security guarantees.
In this paper, we introduce MATEE, a novel remote attestation mechanism for TEEs that creates a second chain of trust to a Trusted Platform Module (TPM), adding diverse redundancy into the existing attestation process. Targeting SGX enclaves for our prototype, as the most prominent TEE implementation to date, we describe how MATEE satisfies the necessary security requirements as well as present several scenarios that demonstrate its applicability and its benefits to the confidential computing landscape.
In this paper, we introduce MATEE, a novel remote attestation mechanism for TEEs that creates a second chain of trust to a Trusted Platform Module (TPM), adding diverse redundancy into the existing attestation process. Targeting SGX enclaves for our prototype, as the most prominent TEE implementation to date, we describe how MATEE satisfies the necessary security requirements as well as present several scenarios that demonstrate its applicability and its benefits to the confidential computing landscape.
Details
Originalsprache | Englisch |
---|---|
Seiten | 121-134 |
Publikationsstatus | Veröffentlicht - 2022 |
Peer-Review-Status | Ja |
Konferenz
Titel | 23rd International Middleware Conference 2022 |
---|---|
Dauer | 7 - 11 November 2022 |
Webseite | |
Bekanntheitsgrad | Internationale Veranstaltung |
Stadt | Quebec |
Land | Kanada |
Externe IDs
ORCID | /0000-0002-4148-7631/work/142255123 |
---|
Schlagworte
Forschungsprofillinien der TU Dresden
DFG-Fachsystematik nach Fachkollegium
Fächergruppen, Lehr- und Forschungsbereiche, Fachgebiete nach Destatis
Schlagwörter
- TPM, SGX, TEEs, Side-channel attacks, Attestation, Attestation, Side-channel attacks, TEEs, SGX, TPM