MATEE: Multimodal Attestation for Trusted Execution Environments

Research output: Contribution to conferencesPaperContributedpeer-review



Confidential computing services enable users to run their workloads in Trusted Execution Environments (TEEs) leveraging secure hardware like Intel SGX, and verify them by performing remote attestation. This process offers necessary proof for the integrity of users' software and the authenticity of the hardware, signed by a hardware-specific attestation key. Recent side-channel attacks have successfully retrieved such keys, enabling attackers to forge the attestation data and thereby undermining users' trust in their TEE. If the attestation proof is bound to a second hardware root of trust impervious to side-channel attacks, then the remote attestation process can maintain its security guarantees.
In this paper, we introduce MATEE, a novel remote attestation mechanism for TEEs that creates a second chain of trust to a Trusted Platform Module (TPM), adding diverse redundancy into the existing attestation process. Targeting SGX enclaves for our prototype, as the most prominent TEE implementation to date, we describe how MATEE satisfies the necessary security requirements as well as present several scenarios that demonstrate its applicability and its benefits to the confidential computing landscape.


Original languageEnglish
Publication statusPublished - 2022


Title23rd International Middleware Conference 2022
Duration7 - 11 November 2022
Degree of recognitionInternational event

External IDs

ORCID /0000-0002-4148-7631/work/142255123


Research priority areas of TU Dresden

DFG Classification of Subject Areas according to Review Boards

Subject groups, research areas, subject areas according to Destatis


  • TPM, SGX, TEEs, Side-channel attacks, Attestation, Attestation, Side-channel attacks, TEEs, SGX, TPM