SoK: Understanding Designs Choices and Pitfalls of Trusted Execution Environments

Trusted execution environment (TEE) is a revolutionary technology that enables secure remote execution (SRE) of cloud workloads on untrusted server-side computing platforms. Both commercial and academic TEEs have been proposed in the past few years, including Intel’s SGX and TDX, AMD’s SEV, ARM’s CCA, IBM’s PEF, and their academic counterparts built atop open-source RISC-V processors, such as Keystone, Sanctum, CURE, and Penglai. While great efforts from both sides have been made in developing a confidential computing ecosystem, the existence of server-side TEEs with drastically different designs and the presence of various known attacks have significantly increased the difficulty of understanding TEE designs and the reasons behind existing attacks. This paper offers a structured analysis of the design choices of server-side TEEs, focusing on dissecting TEE designs and identifying their potential pitfalls. We introduce the TEE Runtime Architectural Framework (TRAF), a detailed framework that facilitates a thorough and methodical dissection of TEE designs by analyzing the high-level considerations made by TEE designs. A key aspect of TRAF’s analysis is the reconfiguration of resource management in TEE designs, where the host OS used to have full control. By incorporating the Trusted Computing Base (TCB), TEE designs adopt different design choices on how to divide and coordinate tasks between the host OS and TCB to achieve security and effective management of computational resources. TRAF specifically investigates how common resources, such as CPU, memory, and I/O devices, are managed jointly by the TCB and host OS. This includes a focused study of factors that influence design choices, such as TCB size, performance, and efficiency. Furthermore, by examining existing vulnerabilities and attacks on TEEs, the paper further evaluates the security impact of varied design choices.