Keystone: Flexible trusted execution with commodity hardware
Abstract:
Trusted execution environments (TEEs) are used in devices from embedded sensors to cloud servers and encompass a range of cost, power constraints, and security threat model choices. Unfortunately, current vendor-specific TEEs make fixed set of trade-offs with little room for customization. Our project, Keystone, is the first open-source framework for architecting customized TEEs. Keystone uses a number of features provided by the RISC-V standard to compose simple security abstractions and allow for maximum design-space exploration.In this talk, we’ll cover the objectives of the Keystone project, the technical approach we’ve taken, and the continuing evolution of secure computing on RISC-V. Finally, we’ll have a discussion around some of the challenges Keystone faces both technical and organizational.Keystone is an open-source project started at UC Berkeley and is available at keystone-enclave.org along with documentation, tutorials, and a technical paper.
Biography:
David is an Assistant Professor in the Paul G. Allen School at the University of Washington. His research focuses on building secure systems at the intersection of software and architecture and he is a lead on the RISC-V based Keystone TEE Framework project. His work on side-channel mitigation has been deployed in Firefox, Chrome and Safari. David also co-founded an embedded security company, Somerset Recon, in 2012 and was a founding member of Carnegie Mellon’s PPP hacking team.