Unified Enclave Abstraction and Secure Enclave Migration on Heterogeneous Security Architectures  被引量：3

作　　者：Jin-Yu Gu Hao Li Yu-Bin Xia Hai-Bo Chen Cheng-Gang Qin Zheng-Yu He 古金宇;李浩;夏虞斌;陈海波;秦承刚;何征宇(Engineering Research Center for Domain-Specific Operating Systems,Ministry of Education,Shanghai 200240,China;Institute of Parallel and Distributed Systems,Shanghai Jiao Tong University,Shanghai 200240,China;Ant Group,Hangzhou 310099,China)

机构地区：[1]Engineering Research Center for Domain-Specific Operating Systems,Ministry of Education,Shanghai 200240,China [2]Institute of Parallel and Distributed Systems,Shanghai Jiao Tong University,Shanghai 200240,China [3]Ant Group,Hangzhou 310099,China

出　　处：《Journal of Computer Science & Technology》2022年第2期468-486,共19页计算机科学技术学报（英文版）

基　　金：supported in part by the National Key Research and Development Program of China under Grant No.2020AAA-0108502;the National Natural Science Foundation of China under Grant Nos.61972244,U19A2060,and 61925206;the HighTech Support Program from Shanghai Committee of Science and Technology under Grant No.19511121100.

摘　　要：ion and secure enclave migration on heterogeneous security architectures.Nowadays,application migration becomes more and more attractive.For example,it can make computation closer to data sources or make service closer to end-users,which may significantly decrease latency in edge computing.Yet,migrating applications among servers that are controlled by different platform owners raises security issues.We leverage hardware-secured trusted execution environment(TEE,aka.,enclave)technologies,such as Intel SGX,AMD SEV,and ARM TrustZone,for protecting critical computations on untrusted servers.However,these hardware TEEs propose non-uniform programming abstractions and are based on heterogeneous architectures,which not only forces programmers to develop secure applications targeting some specific abstraction but also hinders the migration of protected applications.Therefore,we propose UniTEE which gives a unified enclave programming abstraction across the above three hardware TEEs by using a microkernel-based design and enables the secure enclave migration by integrating heterogeneous migration techniques.We have implemented the prototype on real machines.The evaluation results show the migration support incurs nearly-zero runtime overhead and the migration procedure is also efficient.

关 键 词：heterogeneous trusted execution environment(TEE) enclave abstraction enclave migration 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]