Conditional Network Availability: Enhancing Connectivity Guarantees for TEE-Based Services

Abstract

Trusted Execution Environments (TEEs) are widely available, allowing the isolation of security-sensitive trusted services from an untrusted commodity OS. Driven by manifold use cases, more and more trusted services requiring network connectivity are developed. Typically, the traffic of trusted services is routed through the OS, while cryptography ensures confidentiality and integrity. However, the extent to which TEEs can also help to provide network availability for trusted services remains underexplored. We introduce Conditional Network Availability (CNA) as a novel concept for TEE-based networking, ensuring that a trusted service can process network traffic, whenever the potentially malicious OS can do so. Our concept prevents an attacker from monopolizing the network channel (e.g., for a botnet campaign). TEE-based remote device management, system monitoring, and intrusion detection systems can profit from our concept. Proposing a split-driver model, we implement a proof-of-concept on real hardware, multiplexing a complex Ethernet interface between the OS and the ARM TrustZone TEE. Our evaluation shows that our system achieves near-native throughput while keeping the additions to the TCB small.

Mehr zum Titel