SoK: Opportunities for Software-Hardware-Security Codesign for Next Generation Secure Computing

TL;DR

This paper systematically analyzes security technologies like trusted execution environments, homomorphic encryption, and differential privacy, emphasizing the importance of integrated software-hardware-security codesign to enhance security while minimizing performance costs.

Contribution

It highlights the need for combined software, hardware, and security mechanism design to overcome limitations of current technologies and proposes guidelines for practical implementation.

Findings

Security technologies vary in threat coverage and performance overheads.

Software-hardware-security codesign is essential for efficient secure computing.

Guidelines are proposed for deploying secure computing solutions.

Abstract

Users are demanding increased data security. As a result, security is rapidly becoming a first-order design constraint in next generation computing systems. Researchers and practitioners are exploring various security technologies to meet user demand such as trusted execution environments (e.g., Intel SGX, ARM TrustZone), homomorphic encryption, and differential privacy. Each technique provides some degree of security, but differs with respect to threat coverage, performance overheads, as well as implementation and deployment challenges. In this paper, we present a systemization of knowledge (SoK) on these design considerations and trade-offs using several prominent security technologies. Our study exposes the need for \textit{software-hardware-security} codesign to realize efficient and effective solutions of securing user data. In particular, we explore how design considerations across applications, hardware, and security mechanisms must be combined to overcome fundamental limitations in current technologies so that we can minimize performance overhead while achieving sufficient threat model coverage. Finally, we propose a set of guidelines to facilitate putting these secure computing technologies into practice.