Composite Enclaves: Towards Disaggregated Trusted Execution

Abstract

Trusted Execution Environments (TEEs) traditionally fail to protect code leveraging specialized or disaggregated heterogeneous hardware outside the main CPU, due to their fixed hardware Trusted Computing Base (TCB). This paper proposes "composite enclaves," which feature a configurable hardware and software TCB, enabling secure access to diverse computing and IO resources. Case studies, including an FPGA platform using RISC-V Keystone, demonstrate the feasibility of the approach, achieving a small TCB (2.5 KLoC) and minimal context switch overhead (around 220 cycles).

Report

Key Highlights

• Innovation: Introduction of composite enclaves to extend trusted execution capabilities beyond the traditional CPU boundary.
• Problem Addressed: Current TEEs (like Intel SGX) have a hardware TCB fixed at design time, limiting their use in environments with rising demands for heterogeneous and disaggregated infrastructure.
• Solution Core: Composite enclaves implement a configurable hardware and software TCB, allowing them to securely incorporate specialized accelerators, peripherals, and IO resources.
• Efficiency: The implementation achieved a small TCB footprint (2.5 KLoC for IO peripherals and drivers) and low-performance overhead.
• Performance Metric: Context switch overhead was measured at only around 220 additional cycles, demonstrating practical feasibility.

Technical Details

• Architectural Feature: The core architectural change is shifting from a fixed TCB model to a configurable TCB that can incorporate multiple computing and IO resources into the trusted domain.
• Implementation Platform (Case Study i): The approach was realized on an FPGA platform based on the RISC-V Keystone TEE framework.
• Validation Scenario i: The FPGA setup included emulated peripherals and sensors to test secure IO access.
• Validation Scenario ii: The methodology was also successfully applied to integrate a large-scale accelerator securely within an enclave.
• Software TCB Size: The specialized software TCB required for IO peripherals and drivers was only 2.5 KLoC (Kilo Lines of Code).

Implications

• Extending TEE Applicability: This work radically expands the potential use cases for TEEs beyond simple computation, enabling sensitive applications to utilize high-performance, specialized hardware (FPGAs, GPUs, AI accelerators) securely in a disaggregated cloud environment.
• Advancement of RISC-V Security: By building upon the RISC-V Keystone framework, the authors showcase the viability and flexibility of open-source TEE solutions for addressing modern hardware security challenges, providing a crucial blueprint for future secure RISC-V systems.
• Security in Cloud Disaggregation: This innovation is essential for data center operators transitioning to disaggregated infrastructure, ensuring that security and privacy guarantees are maintained even when computation moves from the central CPU to remote specialized resources.
• Increased Trustworthiness: By including peripherals and drivers within a measurable, small TCB (2.5 KLoC), the overall trust profile of the secure application is significantly improved compared to relying on large, untrusted operating systems or drivers for IO operations.