Towards Runtime Customizable Trusted Execution Environment on FPGA-SoC

TL;DR

This paper presents a novel runtime customizable trusted execution environment on FPGA-SoC, enabling secure, dynamic, and trusted deployment and execution of IP cores to prevent data leakage and IP theft.

Contribution

It introduces three new components—CrloadIP, CexecIP, and CremoAT—for secure, dynamic, and trusted runtime customization of FPGA-SoC TEE, extending prior work with runtime flexibility.

Findings

Security analysis confirms robustness against insider attacks.

Performance evaluation demonstrates acceptable overhead on Xilinx Zynq UltraScale+.

RCTEE enables dynamic and secure IP core management.

Abstract

Processing sensitive data and deploying well-designed Intellectual Property (IP) cores on remote Field Programmable Gate Array (FPGA) are prone to private data leakage and IP theft. One effective solution is constructing Trusted Execution Environment (TEE) on FPGA-SoCs (FPGA System on Chips). Researchers have integrated this type TEE with Trusted Platform Module (TPM)-based trusted boot, denoted as FPGA-SoC tbTEE. But there is no effort on secure and trusted runtime customization of FPGA-SoC TEE. This paper extends FPGA-SoC tbTEE to build Runtime Customizable TEE (RCTEE) on FPGA-SoC by additive three major components (our work): 1) CrloadIP, which can load an IP core at runtime such that RCTEE can be adjusted dynamically and securely; 2) CexecIP, which can not only execute an IP core without modifying the operating system of FPGA-SoC TEE, but also prevent insider attacks from executing IPs deployed in RCTEE; 3) CremoAT, which can provide the newly measured RCTEE state and establish a secure and trusted communication path between remote verifiers and RCTEE. We conduct a security analysis of RCTEE and its performance evaluation on Xilinx Zynq UltraScale+ XCZU15EG 2FFVB1156 MPSoC.