TEEVseL4: Trusted Execution Environment for Virtualized seL4-Based Systems

Borna Blazevic, Michael Peter, Mohammad Hamad, Sebastian Steinhorst

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The growing computing power of embedded systems has led to an increase in the use of general-purpose Operating Systems (OSs) such as Linux. However, the substantial attack surface arising from their complexity makes them unsuitable for safety and security-critical use cases. Addressing this issue requires isolating the security-critical functionalities into separate execution environments and protecting them from the untrusted OS. Arm TrustZone applies this approach by providing hardware-based partitioning of the system into a secure and non-secure world, facilitating a Trusted Execution environment for the protection of security-critical functionality in the secure world. TrustZone, however, falls short when dealing with systems that virtualize multiple operating systems. Another approach to isolate functionality is employing a microkernel, such as the formally proven correct seL4 kernel, especially if it also offers virtualization functions. While current seL4-based virtualization systems offer good security and safety properties, they do not provide TrustZone-compatible security services to their virtualized guests. In this paper, we propose TEEVseL4, a TrustZone-compatible virtualization system leveraging the strengths of the seL4 microkernel, that can provide security services to the Linux guests based on the dynamic, scalable and flexible Trusted Computing Base of an seL4 system. A high-level performance benchmarking shows that TEEVseL4 can provide security services with acceptable overheads (less than 20%) when compared to a native TrustZone system, making it an attractive option for platforms with multiple, mutually-distrustful virtualized guests.

Original languageEnglish
Title of host publicationProceedings - 2023 IEEE 29th International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages67-76
Number of pages10
ISBN (Electronic)9798350337860
DOIs
StatePublished - 2023
Event29th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2023 - Niigata, Japan
Duration: 30 Aug 20231 Sep 2023

Publication series

NameProceedings - 2023 IEEE 29th International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2023

Conference

Conference29th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2023
Country/TerritoryJapan
CityNiigata
Period30/08/231/09/23

Keywords

  • Arm TrustZone
  • Security
  • TEE
  • Virtualization
  • seL4

Fingerprint

Dive into the research topics of 'TEEVseL4: Trusted Execution Environment for Virtualized seL4-Based Systems'. Together they form a unique fingerprint.

Cite this