Abstraction of Trusted Execution Environments as the Missing Layer for Broad Confidential Computing Adoption: A Systematization of Knowledge

TL;DR

This paper systematically reviews Trusted Execution Environments (TEEs), categorizes their design choices, and proposes abstraction layers to enhance broad adoption of confidential computing, highlighting WebAssembly as a promising approach.

Contribution

It provides a comprehensive classification of TEE ecosystems and introduces a systematization of abstraction layers, identifying opportunities for improvement and future research directions.

Findings

WebAssembly supports the broadest set of features among abstraction layers.

Existing abstraction layers can be improved to facilitate wider confidential computing adoption.

Opportunities exist for integrating abstraction layers with evolving TEE technologies.

Abstract

Trusted Execution Environments (TEEs) protect sensitive code and data from the operating system, hypervisor, or other untrusted software. Different solutions exist, each proposing different features. Abstraction layers aim to unify the ecosystem, allowing application developers and system administrators to leverage confidential computing as broadly and efficiently as possible. We start with an overview of representative available TEE technologies. We describe and summarize each TEE ecosystem, classifying them in different categories depending on their main design choices. Then, we propose a systematization of knowledge focusing on different abstraction layers around each design choice. We describe the underlying technologies of each design, as well as the inner workings and features of each abstraction layer. Our study reveals opportunities for improving existing abstraction layer solutions. It also highlights WebAssembly, a promising approach that supports the largest set of features. We close with a discussion on future directions for research, such as how future abstraction layers may evolve and integrate with the confidential computing ecosystem.