Trusted execution environments (TEEs) are found in a range of devices — from embedded sensors to cloud servers — and encompass a range of cost, power constraints, and security threat model choices. On the other hand, each of the current vendor-specific TEEs makes a fixed set of trade-offs, with little room for customization. Our project, Keystone, is the first open-source framework for building customized TEEs. Keystone uses simple abstractions provided by the hardware, such as memory isolation and a programmable layer underneath untrusted components (e.g., OS). Using these abstractions, Keystone builds reusable TEE core primitives allowing platform-specific modifications and application-specific features. Keystone-based TEEs can be run on unmodified RISC-V hardware, and we have demonstrated the strength of our design with several proof-of-concept benchmark and application integrations. In this project, we propose fully developing case studies where Keystone proves to be suitable for deploying a TEE. Then, we will explore how Keystone can be adapted for a concrete set of devices, workloads, and application complexities.
Grant / January 2020