Online / 6 & 7 February 2021

schedule

Penglai Enclave: Verifiable and Scalable RISC-V TEE system


Emerging applications like artificial intelligence and autonomous car require high security-assurance, which stimulates the wide-spread deployment of trusted execution environment (TEE). However, prior enclave systems are far from the ideal for three reasons. 1) Scalability: only support limited security memory (e.g., 256MB secure memory in SGX) or limited number of instances; 2) Performance: not well-fit the requirements of high-performance application, e.g., poor secure communication performance; 3) Security: many still have security flaws, e.g., suffering cache-based side channels attacks.

Penglai-Enclave is proposed to overcome these challenges. Penglai is a scalable, efficient, and open-sourced TEE system based on RISC-V, which is made powerful through hardware-assisted scalable physical memory isolation extensions. Our evaluations show that Penglai can achieve more than 1,000 concurrently running instances even in a resource-restricted device. We also have supported libraries like ARM PSA on Penglai to ease the development of trusted applications, and apply formal methods to validate its software TCB.

Speakers

Photo of Dong Du Dong Du

Links