SoK: Hardware Security Support for Trustworthy Execution

TL;DR

This paper systematically reviews hardware security mechanisms for trustworthy execution, emphasizing the importance of abstractions in hardware-software interfaces and their impact on security vulnerabilities.

Contribution

It provides a comprehensive systematization of hardware security approaches through the lens of abstraction, highlighting design issues and research trends.

Findings

Abstractions in hardware-software interfaces can obscure security-relevant information.

Poorly designed abstractions may reveal secrets or hide vulnerabilities.

The paper summarizes vulnerabilities and discusses emerging research trends.

Abstract

In recent years, there have emerged many new hardware mechanisms for improving the security of our computer systems. Hardware offers many advantages over pure software approaches: immutability of mechanisms to software attacks, better execution and power efficiency and a smaller interface allowing it to better maintain secrets. This has given birth to a plethora of hardware mechanisms providing trusted execution environments (TEEs), support for integrity checking and memory safety and widespread uses of hardware roots of trust. In this paper, we systematize these approaches through the lens of abstraction. Abstraction is key to computing systems, and the interface between hardware and software contains many abstractions. We find that these abstractions, when poorly designed, can both obscure information that is needed for security enforcement, as well as reveal information that needs to be kept secret, leading to vulnerabilities. We summarize such vulnerabilities and discuss several research trends of this area.