SoK: Hardware-supported Trusted Execution Environments

TL;DR

This paper systematically analyzes hardware-supported Trusted Execution Environments (TEEs), comparing their design choices, mechanisms, and trade-offs to provide a comprehensive understanding of their architecture and security features.

Contribution

It offers a holistic systematization of TEE architectures, detailing design alternatives and trade-offs across various hardware-assisted solutions from academia and industry.

Findings

TEEs share common architectural building blocks.

Design trade-offs impact security and performance.

Diversity exists in goals and usage models of TEEs.

Abstract

The growing complexity of modern computing platforms and the need for strong isolation protections among their software components has led to the increased adoption of Trusted Execution Environments (TEEs). While several commercial and academic TEE architectures have emerged in recent times, they remain hard to compare and contrast. More generally, existing TEEs have not been subject to a holistic systematization to understand the available design alternatives for various aspects of TEE design and their corresponding pros-and-cons. Therefore, in this work, we analyze the design of existing TEEs and systematize the mechanisms that TEEs implement to achieve their security goals, namely, verifiable launch, run-time isolation, trusted IO, and secure storage. More specifically, we analyze the typical architectural building blocks underlying TEE solutions, design alternatives for each of these components and the trade-offs that they entail. We focus on hardware-assisted TEEs and cover a wide range of TEE proposals from academia and the industry. Our analysis shows that although TEEs are diverse in terms of their goals, usage models, and instruction set architectures, they all share many common building blocks in terms of their design.