SecScale: A Scalable and Secure Trusted Execution Environment for Servers

TL;DR

SecScale introduces a scalable, secure trusted execution environment that enhances replay attack protection and memory encryption, outperforming existing solutions in speed and security guarantees on generic hardware.

Contribution

It proposes a novel TEEs design using speculative execution, MAC forests, and full memory encryption to achieve scalability and security, addressing limitations of SGX and competitors.

Findings

SecScale is 10% faster than the nearest alternative.

It provides replay attack protection on generic hardware.

It supports larger enclaves beyond 256 MB.

Abstract

Trusted execution environments (TEEs) are an integral part of modern secure processors. They ensure that their application and code pages are confidential, tamper proof and immune to diverse types of attacks. In 2021, Intel suddenly announced its plans to deprecate its most trustworthy enclave, SGX, on its 11th and 12th generation processors. The reasons stemmed from the fact that it was difficult to scale the enclaves (sandboxes) beyond 256 MB as the hardware overheads outweighed the benefits. Competing solutions by Intel and other vendors are much more scalable, but do not provide many key security guarantees that SGX used to provide notably replay attack protection. In the last three years, no proposal from industry or academia has been able to provide both scalability (with a modest slowdown) as well as replay-protection on generic hardware (to the best of our knowledge). We solve this problem by proposing SecScale that uses some new ideas centered around speculative execution (read first, verify later), creating a forest of MACs (instead of a tree of counters) and providing complete memory encryption (no generic unsecure regions). We show that we are 10% faster than the nearest competing alternative.