Conditional Network Availability: Enhancing Connectivity Guarantees for TEE-Based Services

Röckl J, Lindenmeier C, Schulze SM, Müller T (2024)


Publication Language: English

Publication Type: Conference contribution, Conference Contribution

Publication year: 2024

Publisher: Institute of Electrical and Electronics Engineers, Inc.

Pages Range: 225-233

Conference Proceedings Title: 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Event location: Vienna AT

ISBN: 979-8-3503-6729-4

DOI: 10.1109/EuroSPW61312.2024.00030

Abstract

Trusted Execution Environments (TEEs) are widely available, allowing the isolation of security-sensitive trusted services from an untrusted commodity OS. Driven by manifold use cases, more and more trusted services requiring network connectivity are developed. Typically, the traffic of trusted services is routed through the OS, while cryptography ensures confidentiality and integrity. However, the extent to which TEEs can also help to provide network availability for trusted services remains underexplored. We introduce Conditional Network Availability (CNA) as a novel concept for TEE-based networking, ensuring that a trusted service can process network traffic, whenever the potentially malicious OS can do so. Our concept prevents an attacker from monopolizing the network channel (e.g., for a botnet campaign). TEE-based remote device management, system monitoring, and intrusion detection systems can profit from our concept. Proposing a split-driver model, we implement a proof-of-concept on real hardware, multiplexing a complex Ethernet interface between the OS and the ARM TrustZone TEE. Our evaluation shows that our system achieves near-native throughput while keeping the additions to the TCB small.

Authors with CRIS profile

Involved external institutions

How to cite

APA:

Röckl, J., Lindenmeier, C., Schulze, S.M., & Müller, T. (2024). Conditional Network Availability: Enhancing Connectivity Guarantees for TEE-Based Services. In 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 225-233). Vienna, AT: Institute of Electrical and Electronics Engineers, Inc..

MLA:

Röckl, Jonas, et al. "Conditional Network Availability: Enhancing Connectivity Guarantees for TEE-Based Services." Proceedings of the 9th IEEE European Symposium on Security and Privacy Workshops - EUROS&PW 2024, Vienna Institute of Electrical and Electronics Engineers, Inc., 2024. 225-233.

BibTeX: Download