Enclave Computing Paradigm: Hardware-assisted Security Architectures & Applications

Hardware-assisted security solutions, and the isolation guarantees they provide, constitute the basis for the protection of modern software systems. Hardware-enforced isolation of individual components reduces complexity of the overall software as well as the size and complexity of the individual components. The basic idea is that a reduction in complexity minimizes the probability of vulnerabilities in the software, thus strengthening the system's security. In classical system architectures, an application's security depends on the security of all privileged system entities, for example the Operating System. The Trusted Execution Environment (TEE) concept overcomes the dependence of security critical components on the systems overall security. TEEs provide isolated compartments within a single system, allowing isolated operation of a system's individual components and applications. The enclave computing paradigm enhances the TEE concept by enabling self-contained isolation of system components and applications, fulfilling the needs of modern software. It enables novel use cases by providing many parallel mutually isolated TEE-instances without the need to rely on complex privileged entities. The TEE solutions developed by industry and deployed in today's systems follow distinct design approaches and come with various limitations. ARM TrustZone, which is widely available in mobile devices, is fundamentally limited to a single isolation domain. Intel's TEE solution Software Guard Extensions (SGX) provides multiple mutually isolated execution environments, called enclaves. However, SGX enclaves face severe threats, in particular side-channel leakage, that can void its security guarantees. Preventing side-channel leakage from enclaves in a universal and efficient way is a non-trivial problem. Nevertheless, these deployed TEE solutions enable various novel applications. However, different TEE architectures come with diverse properties and features that require special consideration in the design of TEE applications. Security architectures for embedded systems face additional challenges that have not been solved, neither by industry nor by academic research. These security architectures need to be compliant with and need to preserve all functional requirements of an embedded system. Since network-connected embedded devices are increasingly used in safety critical systems, such as industrial control systems or automotive scenarios, security architectures that combine safety and security aspects are vitally needed. Remote Attestation (RA) is a security service that relies on the isolation guarantees of TEEs. It is of particularly high relevance for connected embedded systems. It allows trust establishment between these devices enabling their reliable collaboration in large connected systems. However, many aspects of RA, such as its scalability in large networks or its applicability in autonomous connected systems, are unexplored. In this dissertation, we present novel isolation architectures that bring the enclave computing paradigm to mobile and embedded platforms. We present the first security architecture for small embedded systems that provides isolated execution enclaves and real-time guarantees. Moreover, we present a novel multi-TEE security architecture for TrustZone-systems bringing the enclave computing paradigm to mobile systems, overcoming TrustZone's fundamental limitation. Furthermore, we deal with Intel SGX's vulnerability to side-channel attacks. We demonstrate the severity of side-channel leakage due to observable memory access patterns of SGX enclaves. To counter side-channel attacks, we present solutions that hide memory access patterns of enclaves for both accesses to enclave-external memory as well as access patterns within enclaves' private memory. We present two TEE-applications that follow different design approaches, leveraging the specific capabilities of Intel SGX and ARM TrustZone, respectively. We introduce a cloud-based machine learning solution that enables privacy-preserving speech recognition utilizing isolated execution enclaves. We also demonstrate the limitations of the enclave computing paradigm and show a (remote) policy enforcement solution for mobile devices, which requires an isolated execution environment with elevated privileges. Additionally, we investigate novel RA schemes, which tackle many important aspects of RA that are highly relevant in emerging connected systems. We develop solutions to prevent the misuse of remote attestation for Denial-of-Service (DoS) attacks and present the first efficient multi-prover attestation scheme. Furthermore, we introduce the concept of data integrity attestation, which allows the efficient and reliable collaboration of autonomous connected devices