Sun 14 Apr 2019 10:00 - 10:25 at Garden Room - Session1

Trusted Execution Environments (TEE) are widely deployed, especially on smartphones. A recent trend in TEE development is the transition from vendor-controlled, single-purpose TEEs to open TEEs that host Trusted Applications (TAs) from multiple sources with independent tasks. This transition is expected to create a TA ecosystem needed for providing stronger and customized security to apps and OS running in the Rich Execution Environment (REE). However, the transition also poses two security challenges: enlarged attack surface resulted from the increased complexity of TAs and TEEs; the lack of trust (or isolation) among TAs and the TEE.

In this paper, we first present a comprehensive analysis on the recent CVEs related to TEE and the need of multiple TEE scheme. We then propose TEEv, a TEE virtualization architecture that supports multiple isolated, restricted TEE instances (i.e., vTEEs) running concurrently. Relying on a tiny hypervisor (we call it TEE-visor), TEEv allows TEE instances from different vendors to run in isolation on the same smartphone and to host their own TAs. Therefore, a compromised vTEE cannot affect its peers or REE; TAs no longer have to run in untrusted/unsuitable TEEs. We have implemented TEEv on a development board and a real smartphone, which runs multiple commercial TEE instances from different vendors with very small porting effort. Our evaluation results show that TEEv can isolate vTEEs and defend all known attacks on TEE with only mild performance overhead.

Sun 14 Apr

Displayed time zone: Eastern Time (US & Canada) change

10:00 - 12:05
10:00
25m
Talk
TEEv: Virtualizing Trusted Execution Environments on Mobile Platforms
Research Papers
Wenhao Li Shanghai Jiao Tong University, China, Yubin Xia Shanghai Jiao Tong University, China, Long Lu Northeastern University, n.n., Haibo Chen Shanghai Jiao Tong University, China, Binyu Zang Shanghai Jiao Tong University, China
10:25
25m
Talk
Secure Guest Virtual Machine Support in Apparition
Research Papers
Ethan Johnson University of Rochester, USA, Komail Dharsee University of Rochester, USA, John Criswell University of Rochester, USA
10:50
25m
Talk
ACRN: A Big Little Hypervisor for IoT Development
Research Papers
Hao Li , Xuefei Xu Intel, China, Jinkui Ren Intel, China, Yaozu Dong Intel, China
11:15
25m
Talk
Fast and Live Hypervisor Replacement
Research Papers
Spoorti Doddamani Binghamton University, USA, Piush Kumar Sinha Binghamton University, USA, Hui Lu Binghamton University, USA, Tsu-Hsiang K. Cheng Binghamton University, USA, Hardik H. Bagdi Binghamton University, USA, Kartik Gopalan Binghamton University, USA
11:40
25m
Talk
A Binary-Compatible Unikernel
Research Papers
Pierre Olivier Virginia Tech, USA, Daniel Chiba Virginia Tech, USA, Stefan Lankes RWTH Aachen University, Germany, Changwoo Min Virginia Tech, USA, Binoy Ravindran Virginia Tech, USA