Unified TEE Framework for Virtualized Environments

Summary

Protecting the integrity and confidentiality of application data and code is increasingly important in shared cloud and edge/IoT environments. Trusted execution environments, or TEEs, were developed to address this requirement by offering isolation mechanisms to protect against software-based attacks, even those by privileged system software (e.g., OS). Intel SGX, a recent TEE solution, offers a pure hardware approach but in doing so presents several disadvantages for virtualized environments. In this work, we explore a framework for unifying TEEs in virtual environments using industry-standard, developer-friendly application libraries and a cross-platform approach to back-end hardware features. The scheme is designed with virtualization in mind and offers capabilities that simplify the use of TEEs for guest VM environments.