CVTEE: A Compatible Verified TEE Architecture With Enhanced Security

Sensitive resources in Trusted Execution Environment (TEE) have suffered serious security threats in recent years. Previous protection approaches either lack a strong assurance of TEE security properties or are limited to a single platform. We propose a compatible verified TEE architecture, called C...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on dependable and secure computing 2023-01, Vol.20 (1), p.377-391
Main Authors: Miao, Xinliang, Chang, Rui, Zhao, Jianhong, Zhao, Yongwang, Cao, Shuang, Wei, Tao, Jiang, Liehui, Ren, Kui
Format: Article
Language:English
Subjects:
Access control
Computer architecture
Flow control
formal verification
functional specification
Information flow
Kernel
Microprogramming
Monitoring
Runtime
Security
Security management
security monitor
Theorems
Trusted execution environment
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites cdi_FETCH-LOGICAL-c245t-f0ed985ccf0c126ae5da876f53be9fa8a78f0b9352b1b4d2fd2869c5bb6f5cb33
container_end_page 391
container_issue 1
container_start_page 377
container_title IEEE transactions on dependable and secure computing
container_volume 20
creator Miao, Xinliang
Chang, Rui
Zhao, Jianhong
Zhao, Yongwang
Cao, Shuang
Wei, Tao
Jiang, Liehui
Ren, Kui
description Sensitive resources in Trusted Execution Environment (TEE) have suffered serious security threats in recent years. Previous protection approaches either lack a strong assurance of TEE security properties or are limited to a single platform. We propose a compatible verified TEE architecture, called CVTEE , which delegates a security monitor to manage TEE resources securely. This architecture has two key advantages: i) its functional correctness and security are guaranteed by a machine-checkable proof of security objectives of Trusted Application (TA) isolation, runtime confidentiality, and runtime integrity, and ii) it is applicable to different TEE platforms and implementation-independent due to its high level of abstraction and non-determinism of data types. Note that access control policy and information flow control policy are the core for security management of resources. After formally specifying the security attributes of TEE resources, we develop these policies based on Common Criteria (CC) in the security monitor and provide atomic interfaces. CVTEE is formally verified with 386 lemmas/theorems and \sim ∼ 10,000 LOC of Isabelle/HOL. In addition, we implement a proof of concept for the access control module of Teaclave, and prove that the constructed access control model meets the security requirements through 5 theorems.
doi_str_mv 10.1109/TDSC.2021.3133576
format article
fullrecord <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_9645265</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9645265</ieee_id><sourcerecordid>2765185950</sourcerecordid><originalsourceid>FETCH-LOGICAL-c245t-f0ed985ccf0c126ae5da876f53be9fa8a78f0b9352b1b4d2fd2869c5bb6f5cb33</originalsourceid><addsrcrecordid>eNo9kMtqwzAQRUVpoWnaDyjdGLp2qofHlroLjvuAQBdJ06WQ5BFRSOJUthf5-zokdDUD99wZOIQ8MjphjKqX5WxRTjjlbCKYEFDkV2TEVMZSSpm8HnbIIAVVsFty17YbSnkmVTYis3K1rKrXZJqUze5gumC3mKwwBh-wToYomUa3Dh26ro-Y_IRunVT7tdm7IV6g62Pojvfkxpttiw-XOSbfb9Wy_EjnX--f5XSeOp5Bl3qKtZLgnKeO8dwg1EYWuQdhUXkjTSE9tUoAt8xmNfc1l7lyYO3AOCvEmDyf7x5i89tj2-lN08f98FLzIgcmQQEdKHamXGzaNqLXhxh2Jh41o_okS59k6ZMsfZE1dJ7OnYCI_7zKM-A5iD9c4GSZ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2765185950</pqid></control><display><type>article</type><title>CVTEE: A Compatible Verified TEE Architecture With Enhanced Security</title><source>IEEE Xplore (Online service)</source><creator>Miao, Xinliang ; Chang, Rui ; Zhao, Jianhong ; Zhao, Yongwang ; Cao, Shuang ; Wei, Tao ; Jiang, Liehui ; Ren, Kui</creator><creatorcontrib>Miao, Xinliang ; Chang, Rui ; Zhao, Jianhong ; Zhao, Yongwang ; Cao, Shuang ; Wei, Tao ; Jiang, Liehui ; Ren, Kui</creatorcontrib><description><![CDATA[Sensitive resources in Trusted Execution Environment (TEE) have suffered serious security threats in recent years. Previous protection approaches either lack a strong assurance of TEE security properties or are limited to a single platform. We propose a compatible verified TEE architecture, called CVTEE , which delegates a security monitor to manage TEE resources securely. This architecture has two key advantages: i) its functional correctness and security are guaranteed by a machine-checkable proof of security objectives of Trusted Application (TA) isolation, runtime confidentiality, and runtime integrity, and ii) it is applicable to different TEE platforms and implementation-independent due to its high level of abstraction and non-determinism of data types. Note that access control policy and information flow control policy are the core for security management of resources. After formally specifying the security attributes of TEE resources, we develop these policies based on Common Criteria (CC) in the security monitor and provide atomic interfaces. CVTEE is formally verified with 386 lemmas/theorems and <inline-formula><tex-math notation="LaTeX">\sim</tex-math> <mml:math><mml:mo>∼</mml:mo></mml:math><inline-graphic xlink:href="chang-ieq1-3133576.gif"/> </inline-formula> 10,000 LOC of Isabelle/HOL. In addition, we implement a proof of concept for the access control module of Teaclave, and prove that the constructed access control model meets the security requirements through 5 theorems.]]></description><identifier>ISSN: 1545-5971</identifier><identifier>EISSN: 1941-0018</identifier><identifier>DOI: 10.1109/TDSC.2021.3133576</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>Washington: IEEE</publisher><subject>Access control ; Computer architecture ; Flow control ; formal verification ; functional specification ; Information flow ; Kernel ; Microprogramming ; Monitoring ; Runtime ; Security ; Security management ; security monitor ; Theorems ; Trusted execution environment</subject><ispartof>IEEE transactions on dependable and secure computing, 2023-01, Vol.20 (1), p.377-391</ispartof><rights>Copyright IEEE Computer Society 2023</rights><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c245t-f0ed985ccf0c126ae5da876f53be9fa8a78f0b9352b1b4d2fd2869c5bb6f5cb33</cites><orcidid>0000-0002-0178-0171 ; 0000-0002-1969-2591 ; 0000-0003-2798-0873</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9645265$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,777,781,27905,27906,54777</link.rule.ids></links><search><creatorcontrib>Miao, Xinliang</creatorcontrib><creatorcontrib>Chang, Rui</creatorcontrib><creatorcontrib>Zhao, Jianhong</creatorcontrib><creatorcontrib>Zhao, Yongwang</creatorcontrib><creatorcontrib>Cao, Shuang</creatorcontrib><creatorcontrib>Wei, Tao</creatorcontrib><creatorcontrib>Jiang, Liehui</creatorcontrib><creatorcontrib>Ren, Kui</creatorcontrib><title>CVTEE: A Compatible Verified TEE Architecture With Enhanced Security</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description><![CDATA[Sensitive resources in Trusted Execution Environment (TEE) have suffered serious security threats in recent years. Previous protection approaches either lack a strong assurance of TEE security properties or are limited to a single platform. We propose a compatible verified TEE architecture, called CVTEE , which delegates a security monitor to manage TEE resources securely. This architecture has two key advantages: i) its functional correctness and security are guaranteed by a machine-checkable proof of security objectives of Trusted Application (TA) isolation, runtime confidentiality, and runtime integrity, and ii) it is applicable to different TEE platforms and implementation-independent due to its high level of abstraction and non-determinism of data types. Note that access control policy and information flow control policy are the core for security management of resources. After formally specifying the security attributes of TEE resources, we develop these policies based on Common Criteria (CC) in the security monitor and provide atomic interfaces. CVTEE is formally verified with 386 lemmas/theorems and <inline-formula><tex-math notation="LaTeX">\sim</tex-math> <mml:math><mml:mo>∼</mml:mo></mml:math><inline-graphic xlink:href="chang-ieq1-3133576.gif"/> </inline-formula> 10,000 LOC of Isabelle/HOL. In addition, we implement a proof of concept for the access control module of Teaclave, and prove that the constructed access control model meets the security requirements through 5 theorems.]]></description><subject>Access control</subject><subject>Computer architecture</subject><subject>Flow control</subject><subject>formal verification</subject><subject>functional specification</subject><subject>Information flow</subject><subject>Kernel</subject><subject>Microprogramming</subject><subject>Monitoring</subject><subject>Runtime</subject><subject>Security</subject><subject>Security management</subject><subject>security monitor</subject><subject>Theorems</subject><subject>Trusted execution environment</subject><issn>1545-5971</issn><issn>1941-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><recordid>eNo9kMtqwzAQRUVpoWnaDyjdGLp2qofHlroLjvuAQBdJ06WQ5BFRSOJUthf5-zokdDUD99wZOIQ8MjphjKqX5WxRTjjlbCKYEFDkV2TEVMZSSpm8HnbIIAVVsFty17YbSnkmVTYis3K1rKrXZJqUze5gumC3mKwwBh-wToYomUa3Dh26ro-Y_IRunVT7tdm7IV6g62Pojvfkxpttiw-XOSbfb9Wy_EjnX--f5XSeOp5Bl3qKtZLgnKeO8dwg1EYWuQdhUXkjTSE9tUoAt8xmNfc1l7lyYO3AOCvEmDyf7x5i89tj2-lN08f98FLzIgcmQQEdKHamXGzaNqLXhxh2Jh41o_okS59k6ZMsfZE1dJ7OnYCI_7zKM-A5iD9c4GSZ</recordid><startdate>202301</startdate><enddate>202301</enddate><creator>Miao, Xinliang</creator><creator>Chang, Rui</creator><creator>Zhao, Jianhong</creator><creator>Zhao, Yongwang</creator><creator>Cao, Shuang</creator><creator>Wei, Tao</creator><creator>Jiang, Liehui</creator><creator>Ren, Kui</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>JQ2</scope><orcidid>https://orcid.org/0000-0002-0178-0171</orcidid><orcidid>https://orcid.org/0000-0002-1969-2591</orcidid><orcidid>https://orcid.org/0000-0003-2798-0873</orcidid></search><sort><creationdate>202301</creationdate><title>CVTEE: A Compatible Verified TEE Architecture With Enhanced Security</title><author>Miao, Xinliang ; Chang, Rui ; Zhao, Jianhong ; Zhao, Yongwang ; Cao, Shuang ; Wei, Tao ; Jiang, Liehui ; Ren, Kui</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c245t-f0ed985ccf0c126ae5da876f53be9fa8a78f0b9352b1b4d2fd2869c5bb6f5cb33</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Access control</topic><topic>Computer architecture</topic><topic>Flow control</topic><topic>formal verification</topic><topic>functional specification</topic><topic>Information flow</topic><topic>Kernel</topic><topic>Microprogramming</topic><topic>Monitoring</topic><topic>Runtime</topic><topic>Security</topic><topic>Security management</topic><topic>security monitor</topic><topic>Theorems</topic><topic>Trusted execution environment</topic><toplevel>online_resources</toplevel><creatorcontrib>Miao, Xinliang</creatorcontrib><creatorcontrib>Chang, Rui</creatorcontrib><creatorcontrib>Zhao, Jianhong</creatorcontrib><creatorcontrib>Zhao, Yongwang</creatorcontrib><creatorcontrib>Cao, Shuang</creatorcontrib><creatorcontrib>Wei, Tao</creatorcontrib><creatorcontrib>Jiang, Liehui</creatorcontrib><creatorcontrib>Ren, Kui</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE</collection><collection>CrossRef</collection><collection>ProQuest Computer Science Collection</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Miao, Xinliang</au><au>Chang, Rui</au><au>Zhao, Jianhong</au><au>Zhao, Yongwang</au><au>Cao, Shuang</au><au>Wei, Tao</au><au>Jiang, Liehui</au><au>Ren, Kui</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>CVTEE: A Compatible Verified TEE Architecture With Enhanced Security</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2023-01</date><risdate>2023</risdate><volume>20</volume><issue>1</issue><spage>377</spage><epage>391</epage><pages>377-391</pages><issn>1545-5971</issn><eissn>1941-0018</eissn><coden>ITDSCM</coden><abstract><![CDATA[Sensitive resources in Trusted Execution Environment (TEE) have suffered serious security threats in recent years. Previous protection approaches either lack a strong assurance of TEE security properties or are limited to a single platform. We propose a compatible verified TEE architecture, called CVTEE , which delegates a security monitor to manage TEE resources securely. This architecture has two key advantages: i) its functional correctness and security are guaranteed by a machine-checkable proof of security objectives of Trusted Application (TA) isolation, runtime confidentiality, and runtime integrity, and ii) it is applicable to different TEE platforms and implementation-independent due to its high level of abstraction and non-determinism of data types. Note that access control policy and information flow control policy are the core for security management of resources. After formally specifying the security attributes of TEE resources, we develop these policies based on Common Criteria (CC) in the security monitor and provide atomic interfaces. CVTEE is formally verified with 386 lemmas/theorems and <inline-formula><tex-math notation="LaTeX">\sim</tex-math> <mml:math><mml:mo>∼</mml:mo></mml:math><inline-graphic xlink:href="chang-ieq1-3133576.gif"/> </inline-formula> 10,000 LOC of Isabelle/HOL. In addition, we implement a proof of concept for the access control module of Teaclave, and prove that the constructed access control model meets the security requirements through 5 theorems.]]></abstract><cop>Washington</cop><pub>IEEE</pub><doi>10.1109/TDSC.2021.3133576</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0002-0178-0171</orcidid><orcidid>https://orcid.org/0000-0002-1969-2591</orcidid><orcidid>https://orcid.org/0000-0003-2798-0873</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 1545-5971
ispartof IEEE transactions on dependable and secure computing, 2023-01, Vol.20 (1), p.377-391
issn 1545-5971
1941-0018
language eng
recordid cdi_ieee_primary_9645265
source IEEE Xplore (Online service)
subjects Access control
Computer architecture
Flow control
formal verification
functional specification
Information flow
Kernel
Microprogramming
Monitoring
Runtime
Security
Security management
security monitor
Theorems
Trusted execution environment
title CVTEE: A Compatible Verified TEE Architecture With Enhanced Security
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-19T23%3A46%3A59IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=CVTEE:%20A%20Compatible%20Verified%20TEE%20Architecture%20With%20Enhanced%20Security&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Miao,%20Xinliang&rft.date=2023-01&rft.volume=20&rft.issue=1&rft.spage=377&rft.epage=391&rft.pages=377-391&rft.issn=1545-5971&rft.eissn=1941-0018&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2021.3133576&rft_dat=%3Cproquest_ieee_%3E2765185950%3C/proquest_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c245t-f0ed985ccf0c126ae5da876f53be9fa8a78f0b9352b1b4d2fd2869c5bb6f5cb33%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2765185950&rft_id=info:pmid/&rft_ieee_id=9645265&rfr_iscdi=true