Antonia Zhai

CSENG Computer Science & Eng
College of Science & Engineering
Twin Cities
Project Title: 
Computer Architecture and Security

A trusted execution environment (TEE) is an isolated execution environment aims to preserve the security of the information in it. A TEE is intended to guarantee the integrity of the application executing in its environment along with the confidentiality of its assets. Hence, TEEs can offer a strong protection for security-sensitive data as unauthorized accesses to such data will be rejected automatically. In general, TEEs are supported through hardware extensions in modern CPUs.  For instance, ARM processors equipped with TrustZone~\cite{ARMTZ} can provide a system-wide hardware isolation for trusted software.  Similarly, Intel processors use secure enclaves enabled by software guard extensions (SGX)~\cite{IntelSGXanual} to provide TEEs. Because of the desired security assurances, many software systems have built their security solutions based on such hardware supported TEEs. For example, Samsung leverages TrustZone to build their KNOX secure platform for mobile devices, and SCONE takes advantage of SGX to protect widely-used application containers.  As more and more applications and services are built on hardware TEEs, it is necessary and crucial to virtualize TEEs across different ISAs in order to facilitate the migration or computation offloading of such applications through a secure and transparent virtualization platform, particularly for data centers and cloud/edge computing environments. To provide a secure virtualization mechanism for guest TEEs, these researchers are leveraging the hardware TEE extensions available on host machines, e.g., Intel SGX, to virtualize guest TEEs. Although the idea is intuitive, it has significant technical challenges to put it into practice.

Project Investigators

Minjun Wu
Antonia Zhai
Are you a member of this group? Log in to see more information.