Keystone: An Open Framework for Architecting TEEs

TL;DR

Keystone introduces an open-source, customizable framework for building trusted execution environments (TEEs) that adapt to various hardware and security needs, demonstrated on RISC-V hardware.

Contribution

It provides a flexible, reusable TEE architecture using hardware abstractions, enabling customization and deployment across diverse platforms.

Findings

Keystone-based TEEs run on unmodified RISC-V hardware.

The framework achieves a small trusted computing base (TCB).

It supports a wide range of benchmarks, applications, and kernels.

Abstract

Trusted execution environments (TEEs) are being used in all the devices from embedded sensors to cloud servers and encompass a range of cost, power constraints, and security threat model choices. On the other hand, each of the current vendor-specific TEEs makes a fixed set of trade-offs with little room for customization. We present Keystone -- the first open-source framework for building customized TEEs. Keystone uses simple abstractions provided by the hardware such as memory isolation and a programmable layer underneath untrusted components (e.g., OS). We build reusable TEE core primitives from these abstractions while allowing platform-specific modifications and application features. We showcase how Keystone-based TEEs run on unmodified RISC-V hardware and demonstrate the strengths of our design in terms of security, TCB size, execution of a range of benchmarks, applications, kernels, and deployment models.