Predictable resource sharing and resource availability with Trusted Execution Environments

Modern computing is increasingly characterized by an abundance of connectivity between networked devices and a sharing of resources on local devices. While this development has created a range of positive opportunities in terms of productivity and technical capabilities, it also opens up modern systems to security issues that were not as critical in the previously insulated systems. Protecting confidentiality and integrity has thus become an integral concern and isolation mechanisms already enabled a type of computing where programs share their resources with other, entirely untrusted, programs.

One approach to ensure the security on such systems are hardware isolation approaches, such as trusted execution environments (TEEs). TEEs aim to isolate programs and shield them from accesses by any other part of the system that is not within the trusted computing base. Specifically, hardware-based TEEs achieve this by employing modifications to the underlying computing architecture that limit access to specific interactions and deny any other access. One type of TEE protects code in so-called enclaves that draw the protection boundary at the program level and usually require coordinated interactions between an untrusted and a trusted program within the same address space.

This dissertation advances the state of the art for this type of TEEs in two directions. First, we investigate availability guarantees on lightweight architectures and equip TEEs for real-time applications. We do this with a hardware-software co-design that places a real-time scheduler inside of an enclave, in order to provide other enclaves with strong availability guarantees. This allows us to combine the approach of openly sharing resources between mutually distrusting parties with the realm of safety-critical devices that must meet real-time deadlines. Our solution can be seen as a first step to apply modern TEE capabilities to the slow-moving but critical area of real-time and mixed-criticality systems on lightweight computing architectures.

Second, this dissertation investigates software responsibilities of Intel Software Guard Extensions (SGX) enclave shielding runtimes. This growing and diverse ecosystem is not sufficiently understood and we make contributions in two parts. First, we manually find and report issues at the low-level transition between enclave and untrusted domain. Our work shows that every extended architectural feature in a processor that the enclave may rely on must be adequately sanitized and initialized to a secure state before being used inside the isolated area. The results show that low-level configuration registers for floating-point accelerators are widely overlooked, and the impacts of this misconfiguration are more dangerous than may be intuitive. Since modern processor architectures are increasingly complex and legacy features are rarely removed, we then develop a tool that helps in automatically finding interface vulnerabilities. This tool, named Pandora, targets the crucial area of enclave shielding runtimes that provide the basis for most projects running in enclave-based TEEs like Intel SGX. Pandora saves the enclave memory at creation time and then uses symbolic execution to simulate execution of this truthful view of the enclave. We use Pandora to automatically detect multiple vulnerabilities across various enclave shielding runtimes, and use it to help vendors in validating their applied mitigations. Our work on Pandora is the first analysis of arbitrary Intel SGX enclaves that is able to automatically find vulnerabilities such as the vulnerability class of improper pointer alignment.

In summary, this dissertation extends the range of applicability of TEEs and secures TEEs by uncovering new vulnerabilities and automatically finding known vulnerabilities in enclave software. Our work thus serves as a fundament for future work to strengthen the capabilities of future TEEs and helps projects to secure their software on existing TEEs against known vulnerabilities.