TUM Logo

Trusted Execution Environment (TEE) and software security

Trusted Execution Environment (TEE) and software security  

Praktika 6 SWS / 10 ECTS (Kursbeschreibung)
Veranstalter: Peng Xu
Zeit und Ort:

Kick-off: Monday, 28.01.   16 - 16.30 h , 01.08.033



Praktikum: Tuesday 10 - 12 h at room 01.05.013
Beginn: 2019-04-23

The lecture is given in english
The slides are available in english
The exam will be in english

Motivation:

With the number of threats increasingly pressuring the company and personality usage, it is important to guarantee the application running at software fault or vulnerability isolated environment. Therefore, secure software development with a trusted execution environment (TEE)  becomes more and more attractive and necessary.

In this course, we discuss how to develop secure software with the trusted execution environment (TEE) based ways. Based on the TEE-enabled core, there are many available secure world software architectures, from the range of the most complex secure world operating system to the simplest synchronous library of code in "secure" world.  

Requirements:

1. C/C++ programming  language

2. Basic knowledge of the operating system

3. Program analysis: static analysis and dynamic analysis

4. Knowledge of compiler is better (LLVM/GCC)

 

Organization: 

Session 1: concepts Introduction, practice for basic concepts, discussion of how to extend basic concepts, homework;

......

Session x: concepts Introduction, practice for basic concepts, discussion of how to extend basic concepts, homework.

 

Registration:

1. Registration in the Matching System until 2019-02-14 00:00

2. Set up the development environment ( Intel SGX for Linux/Windows10 or OPTEE for ARM) and give me aTEE based "hello world"  program

If your laptop or PC is not supporting Intel SGX. You can also use openSGX to accomplish the "hello  world" task.   

1. https://github.com/sslab-gatech/opensgx

2. https://gts3.org/assets/papers/2016/jain:opensgx.pdf

3. Summary of opensgx

If you want to develop TrustZone based application, however, you do not have hardware support. Please check the optee.

1. https://www.op-tee.org/

2. https://arxiv.org/pdf/1506.07367.pdf

3. Summary of optee

Contents:

0.  Kick-off meeting 

1.  Basic concepts about the TEE

1-1. Course description, requirement, and grading (pdf,pptx)

1-2. Beginning of the TEE application development (sgx, trustzone)

2.  Proof-of-Concepts program development (Attestation, SealedData, SecureStorage)

2-1. Attestation application development (local attestation, remote attestation)

2-2. Data Sealing(sealed data)

3.  Program analysis (both static and dynamic analysis) and Program Slicing

3-1: Program analysis (control flow graph, dynamic taint analysis [slides])

3-2: Program Slicing (TrustZone-based and Sgx-based [slides])

3-3: SGX and SQLite database ([slides])

4.  Program partitioning with TEE

Links:

1. Trusted Execution Environment: What It is, and What It is Not 

2. Introduction to Trusted Execution Environments 

3. Android's Trusty TEE

4. Open Portable Trusted Execution Environment

5. ARM TrustZone 

6. Intel Software Guard Extensions (SGX)

7. Intel SGX for Linux