Nowadays,application migration becomes more and more attractive.For example,it can make computation closer to data sources or make service closer to end-users,which may significantly decrease latency in edge computing.Yet,migrating applications among servers that are controlled by different platform owners raises security issues.We leverage hardware-secured trusted execution environment(TEE,aka.,enclave)technologies,such as Intel SGX,AMD SEV,and ARM TrustZone,for protecting critical computations on untrusted servers.However,these hardware TEEs propose non-uniform programming abstractions and are based on heterogeneous architectures,which not only forces programmers to develop secure applications targeting some specific abstraction but also hinders the migration of protected applications.Therefore,we propose UniTEE which gives a unified enclave programming abstraction across the above three hardware TEEs by using a microkernel-based design and enables the secure enclave migration by integrating heterogeneous migration techniques.We have implemented the prototype on real machines.The evaluation results show the migration support incurs nearly-zero runtime overhead and the migration procedure is also efficient.

Jin-Yu Gu;Hao Li;Yu-Bin Xia;Hai-Bo Chen;Cheng-Gang Qin;Zheng-Yu He

Engineering Research Center for Domain-Specific Operating Systems,Ministry of Education,Shanghai 200240,China;Institute of Parallel and Distributed Systems,Shanghai Jiao Tong University,Shanghai 200240,China;Ant Group,Hangzhou 310099,China

计算机科学技术学报（英文版）

[1]Jin-Yu Gu;Hao Li;Yu-Bin Xia;Hai-Bo Chen;Cheng-Gang Qin;Zheng-Yu He-.Unified Enclave Abstraction and Secure Enclave Migration on Heterogeneous Security Architectures)[J].计算机科学技术学报（英文版）,2022(02):468-486

Abstraction,enclave,TEEs,abstractions,programmers,UniTEE,microkernel

Unified,Enclave,Secure,Migration,Heterogeneous,Security,Architectures,Nowadays,migration,becomes,more,attractive,For,example,make,closer,data,sources,service,end,users,which,may,significantly,decrease,latency,edge,computing,Yet,migrating,applications,among,servers,that,controlled,by,different,platform,owners,raises,security,issues,We,leverage,hardware,secured,execution,environment,aka,technologies,such,Intel,SGX,AMD,SEV,ARM,TrustZone,protecting,critical,computations,untrusted,However,these,propose,uniform,programming,heterogeneous,architectures,not,only,forces,develop,targeting,some,specific,but,also,hinders,protected,Therefore,gives,unified,across,above,three,using,design,enables,integrating,techniques,have,implemented,prototype,real,machines,evaluation,results,show,support,incurs,nearly,zero,runtime,overhead,procedure,efficient

0.611944