Runtime Verification for Trustworthy Computing

TL;DR

This paper explores how runtime verification, specifically the RV-TEE approach, can enhance trustworthiness in secure computing environments by addressing practical threat models in trusted execution systems.

Contribution

It proposes practical solutions for deploying runtime verification in trustworthy computing, focusing on threat models involving system access and privilege escalation.

Findings

RV-TEE enhances trust in trusted execution environments.

Practical solutions are proposed for two key threat models.

Runtime verification can effectively monitor and enforce security properties.

Abstract

Autonomous and robotic systems are increasingly being trusted with sensitive activities with potentially serious consequences if that trust is broken. Runtime verification techniques present a natural source of inspiration for monitoring and enforcing the desirable properties of the communication protocols in place, providing a formal basis and ways to limit intrusiveness. A recently proposed approach, RV-TEE, shows how runtime verification can enhance the level of trust to the Rich Execution Environment (REE), consequently adding a further layer of protection around the Trusted Execution Environment (TEE). By reflecting on the implication of deploying RV in the context of trustworthy computing, we propose practical solutions to two threat models for the RV-TEE monitoring process: one where the adversary has gained access to the system without elevated privileges, and another where the adversary gains all privileges to the host system but fails to steal secrets from the TEE.