Trusted Execution Environments (TEEs) drastically
reduce the trusted computing base (TCB) of the systems by
providing a secure execution environment for security-critical
applications that are isolated from the operating system or
the hypervisor. TEEs are often assumed to be highly secure;
however, over the last few years, TEEs have been proven weak,
as either TEEs built upon security-oriented hardware extensions
(e.g., Arm TrustZone and Intel SGX) or resorting to dedicated
secure elements were exploited multiple times. In this paper,
we propose a novel TEE design, named Trusted Execution
Environments On-Demand (TEEOD), which leverages the re configurable logic of FPGA-SoCs to dynamically provide secure
execution environments for security-critical applications. Unlike
other TEE designs, ours can provide high-bandwidth connections
and physical on-chip isolation while providing configurable hard ware and software TCBs. We implemented a proof-of-concept
(PoC) implementation targeting an Ultra96-V2 platform. The
conducted evaluation demonstrated TEEOD can host up to 6
simultaneous enclaves with a resource usage per enclave of
7.0%, 3.8%, and 15.3% of the total LUTs, FFs, and BRAMS,
respectively
