Overview
Explore a 20-minute IEEE conference talk on virtualizing Intel SGX enclaves on AMD SEV platforms. Delve into the challenges of vendor lock-in in Trusted Execution Environments (TEEs) and discover a novel approach to decoupling TEEs from hardware. Learn about software-defined TEEs, their design goals, and the challenges faced in implementation. Examine the prototype's capabilities, including instruction emulation, memory access, cross-VM communication, and control flow transferring. Analyze performance metrics for instructions, BYTEmark, and Graphene, gaining insights into the potential of this innovative solution for enhancing hardware-independent trusted computing environments.
Syllabus
Intro
Trusted Execution Environment
A problem of Intel SGX... Vendor lock-in
Decoupling TEES from hardware
Software-defined TEE
What our solution is
Design goals
Challenges
Instruction emulation
Memory access
Cross-VM communication
Control flow transferring
Prototype
Capability tested
Performance - Instructions
Performance - BYTEmark
Performance - Graphene
Conclusion
Taught by
IEEE Symposium on Security and Privacy