MATEE: Multimodal Attestation for Trusted Execution Environments

Publikation: Beitrag zu KonferenzenPaperBeigetragenBegutachtung

Beitragende

Abstract

Confidential computing services enable users to run their workloads in Trusted Execution Environments (TEEs) leveraging secure hardware like Intel SGX, and verify them by performing remote attestation. This process offers necessary proof for the integrity of users’ software and the authenticity of the hardware, signed by a hardware-specific attestation key. Recent side-channel attacks have successfully retrieved such keys, enabling attackers to forge the attestation data and thereby undermining users’ trust in their TEE. If the attestation proof is bound to a second hardware root of trust impervious to side-channel attacks, then the remote attestation process can maintain its security guarantees.

In this paper, we introduce MATEE, a novel remote attestation mechanism for TEEs that creates a second chain of trust to a Trusted Platform Module (TPM), adding diverse redundancy into the existing attestation process. Targeting SGX enclaves for our prototype, as the most prominent TEE implementation to date, we describe how MATEE satisfies the necessary security requirements as well as present several scenarios that demonstrate its applicability and its benefits to the confidential computing landscape.

Details

OriginalspracheEnglisch
Seiten121-134
PublikationsstatusVeröffentlicht - 2022
Peer-Review-StatusJa

Konferenz

Titel23rd International Middleware Conference 2022
Dauer7 - 11 November 2022
Webseite
BekanntheitsgradInternationale Veranstaltung
StadtQuebec
LandKanada

Externe IDs

ORCID /0000-0002-4148-7631/work/142255123

Schlagworte

Forschungsprofillinien der TU Dresden

DFG-Fachsystematik nach Fachkollegium

Fächergruppen, Lehr- und Forschungsbereiche, Fachgebiete nach Destatis

Schlagwörter

  • TPM, SGX, TEEs, Side-channel attacks, Attestation, Attestation, Side-channel attacks, TEEs, SGX, TPM