Trusted Execution Environments (TEEs) shield computations using security-sensitive data (e.g. personal data, banking information, or encryption keys) inside a secure "enclave" from the rest of the untrusted operating system. A TEE protects its data and code even if an attacker has gained full root access to the untrusted parts of the system. Today, TEEs like ARM Trustzone and Intel SGX are therefore widely used in general-purposes devices, including most laptops and smartphones. But with increasingly wide-spread use, TEEs have proven vulnerable to a number of hardware and software-based attacks, often leading to the complete compromise of the protected data. In this project, we will use capability architectures (as e.g. developed by the CHERI project) to protect TEEs against such state-of-the-art attacks. We address a wide range of threats from software vulnerabilities such as buffer overflows to sophisticated hardware attacks like fault injection. CAP-TEE will provide a strong, open-source basis for the future generation of more secure TEEs. When developing such disruptive technologies, it is key to minimise the efforts for porting existing codebases to the new system to facilitate adoption in practice. In CAP-TEE, we therefore focus on techniques to ease the transition to our capability-enabled TEE. In industrial cases studies for the automotive and rail sector, we will demonstrate how complex code written in a memory-unsafe language like C(++) can be seamlessly moved to our platform to benefit from increased security without a full redesign.
More information will be added to this page as we get along. For now, please contact the team at firstname.lastname@example.org if you want to get in touch.
Yes, we will publish source code on our Github repos in the future.
This project will indeed make use of ARM's experimental architecture.
Capability architectures replace handles to access resources (in practice for example pointers) with objects that carry additional information, e.g. on buffer boundaries in the case of pointers. They thus allow to mitigate current vulnerability classes (e.g. buffer overflows) without rewriting legacy code in a memory-safe language. In addition, they also provide new primitives to compartmentalize software. In this project, we will look at the interaction of Trusted Execution Environments with such capability architectures.
This project is funded by EPSRC under EP/V000454/1 and forms part of the UKRI Digital Security by Design Challenge of the Industrial Strategy Challenge Fund (ISCF).