摘要
ion and secure enclave migration on heterogeneous security architectures.
Nowadays,application migration becomes more and more attractive.For example,it can make computation closer to data sources or make service closer to end-users,which may significantly decrease latency in edge computing.Yet,migrating applications among servers that are controlled by different platform owners raises security issues.We leverage hardware-secured trusted execution environment(TEE,aka.,enclave)technologies,such as Intel SGX,AMD SEV,and ARM TrustZone,for protecting critical computations on untrusted servers.However,these hardware TEEs propose non-uniform programming abstractions and are based on heterogeneous architectures,which not only forces programmers to develop secure applications targeting some specific abstraction but also hinders the migration of protected applications.Therefore,we propose UniTEE which gives a unified enclave programming abstraction across the above three hardware TEEs by using a microkernel-based design and enables the secure enclave migration by integrating heterogeneous migration techniques.We have implemented the prototype on real machines.The evaluation results show the migration support incurs nearly-zero runtime overhead and the migration procedure is also efficient.
作者
Jin-Yu Gu
Hao Li
Yu-Bin Xia
Hai-Bo Chen
Cheng-Gang Qin
Zheng-Yu He
古金宇;李浩;夏虞斌;陈海波;秦承刚;何征宇(Engineering Research Center for Domain-Specific Operating Systems,Ministry of Education,Shanghai 200240,China;Institute of Parallel and Distributed Systems,Shanghai Jiao Tong University,Shanghai 200240,China;Ant Group,Hangzhou 310099,China)
基金
supported in part by the National Key Research and Development Program of China under Grant No.2020AAA-0108502
the National Natural Science Foundation of China under Grant Nos.61972244,U19A2060,and 61925206
the HighTech Support Program from Shanghai Committee of Science and Technology under Grant No.19511121100.
