Title | : | Trusted Execution Support for Legacy Applications (TESLA) |
Speaker | : | Saltanat Firdous Allaqband (IITM) |
Details | : | Wed, 5 Feb, 2025 3:00 PM @ SSB 233 / MR1 |
Abstract: | : | Trusted Execution Environments (TEEs) have gained significant prominence recently due to their ability to enhance security by isolating critical tasks within enclaves that are separated from the rest of the system's software. Despite these benefits, current TEEs face several limitations. Current TEEs often require application modifications or incur substantial overhead to handle system calls. Additionally, most TEEs enforce fixed enclave sizes, which may fail to accommodate the dynamic memory needs of applications. Furthermore, existing TEEs do not consider the security of I/O operations, and those that do, expand the Trusted Computing Base (TCB) significantly, weakening the TEE. We propose TESLA: Trusted Execution Support for Legacy Applications, a TEE architecture designed to natively support the execution of unmodified legacy applications. TESLA introduces elastic enclaves, which dynamically adjust enclave sizes based on the application's runtime memory behavior. To minimize system call overheads, TESLA introduces Enclave Windows that permit an untrusted OS temporary access to system call parameters within the enclave. TESLA also ensures confidentiality and integrity of I/O data exchanged between the enclaves and peripherals. We have implemented a prototype of TESLA on a RISC-V processor running the Linux kernel, synthesizing it on an FPGA board to demonstrate its feasibility. The evaluation quantifies the hardware and runtime performance overheads, demonstrating TESLA's practicality and effectiveness in overcoming key limitations of existing TEEs. |