计算机研究与发展2024,Vol.61Issue(1) :243-260.DOI:10.7544/issn1000-1239.202221016

可信执行环境:现状与展望

Trusted Execution Environment:State-of-the-Art and Future Directions

张锋巍 周雷 张一鸣 任明德 邓韵杰
计算机研究与发展2024,Vol.61Issue(1) :243-260.DOI:10.7544/issn1000-1239.202221016
  • NETL
  • NSTL
  • 万方数据

可信执行环境:现状与展望

Trusted Execution Environment:State-of-the-Art and Future Directions

张锋巍 1周雷 1张一鸣 1任明德 1邓韵杰1
扫码查看

作者信息

  • 1. 南方科技大学斯发基斯可信自主系统研究院 广东深圳 518055;南方科技大学计算机科学与工程系 广东深圳 518055
  • 折叠

摘要

当前在云服务、移动社交网络下用户普遍追求隐私保护、安全计算,从而推动了隐私计算、机密计算等领域的快速发展.可信执行环境(trusted execution environment,TEE)作为机密计算服务中重要的技术基础已经广泛部署到各类计算平台中.目前,以Intel,Arm等为代表的设备制造商采用软硬件隔离机制,推出了多类实用TEE技术并不断迭代更新,从功能上更加方便设备管理者、普通用户使用安全服务.研究人员则根据不同的系统架构和应用需求,优化TEE模型,扩大可信应用领域并提升其工作效率.全面分析主流系统架构(包括x86、Arm、RISC-V、异构计算单元)中TEE技术发展路线、技术特点包括基础硬件设施设计、软件接口定义、安全边界等,挖掘TEE技术可行的应用场景.同时,分析各类TEE技术面临的挑战,探讨TEE技术局限性以及自身面临的安全风险如侧信道攻击等.在此基础上,从安全性、功能性等方面总结各类TEE技术优缺点,并提出TEE技术未来的发展思路.

Abstract

Trusted execution environment(TEE)technologies are widely developed in the current computer systems along with the user's serious concerns about privacy protection,secure computing,etc.in network services.Generally,TEEs provide an isolated execution environment for the managers and users for privacy and confidential computing even if the underlying operating systems are compromised.To build the TEEs,the device manufacturers like Intel,Arm update the hardware foundation by adding the external processor mode,memory control,cryptography engine,etc.In addition,they provide corresponding interfaces in the system following the application requirements.Except that,researchers further design compatible TEE models for various goals with the above hardware or firmware assistance.We comprehensively analyze the technical characteristics of TEE technology in mainstream system architecture(including x86,Arm,RISC-V,heterogeneous computing unit),including infrastructure and hardware facilities design,software interface definition,security boundary,etc.,and explore the feasible application scenarios of TEE technology.At the same time,we analyze the challenges of current TEE technologies and discuss the limitations and the security risks,e.g.,side-channel attacks.Finally,we summarize the advantages and disadvantages of various TEE technologies from the aspects of security and functionality,and consider the future development of TEE.

关键词

可信执行环境/操作系统架构/内存隔离/处理器模式/安全性验证

Key words

trusted execution environment(TEE)/OS architecture/memory isolation/processor mode/security attestation

引用本文复制引用

基金项目

国家自然科学基金(62372218)

国家自然科学基金(62002151)

深圳市科技计划(SGDX20201103095408029)

出版年

2024
计算机研究与发展
中国科学院计算技术研究所 中国计算机学会

计算机研究与发展

CSTPCD北大核心
影响因子:2.649
ISSN:1000-1239
被引量2
参考文献量3
段落导航相关论文