TUM Logo

Secure Communication Between Enclaves in the Keystone Platform

Secure Communication Between Enclaves in the Keystone Platform

Supervisor(s): Mathias Morbitzer, Lukas Auer
Status: finished
Topic: Others
Author: Erick Ruben Quintanar Salas
Submission: 2021-02-15
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Cloud computing has risen in popularity and a lot of trust is set on the
service providers. When operating on security sensitive data, guaranteeing
that the data remains protected is of utmost importance. Trusted Execu-
tion Environments (TEEs) have been proposed as an answer where there
must not be any trust put into the service providers. Keystone is an open
source enclave TEE based on the RISC-V architecture. Keystone already
has implemented features like data sealing (secure information storage in
non-volatile memory) or remote attestation (remote authentication of the
running software), nevertheless, it lacks inter-enclave communication. This
thesis examines the implementation of inter-enclave communication in
other TEEs such as Sanctum and Intel SGX and proposes a design to imple-
ment inter-enclave communication in Keystone. The proposed mechanism
leverages the security warranties provided by the RISC-V architecture in
Keystone and presents an efficient process to enable authentication and
communication between enclaves. This work bridges the gap to enable
inter-enclave communication in Keystone and also presents a mechanism
that incorporates different ideas to enable authentication and communica-
tion between enclaves.