Keystone
Keystone is an open framework for architecting trusted execution environments (TEEs). https://keystone-enclave.org
Keystone is an open framework for architecting trusted execution environments (TEEs). https://keystone-enclave.org
TEEs are a prominent way of securing legacy user-level applications with trusted hardware when the operating system is malicious (See our blog post). Along with the proliferation of vendor-specific TEEs such as Intel SGX and ARM TrustZone, many studies have been trying to identify and overcome limitations of the designs. However, a lot of them (e.g., memory limitation, side-channel attacks, Foreshadow attack, centralized trust, etc) are still in dire need of more research.
Keystone project wants to provide a highly flexible and customizable framework for TEEs that can adapt to various deployment scenarios and threat models. With simpler and cleaner abstractions in RISC-V, Keystone separates the core security primitives such as physical memory isolation, cache side-channel defenses, memory encryption, and so on from the functional features such as virtual memory management, programming model, system call interface and so on. Keystone wants to address many research problems around the trusted execution environments.
Keystone runs in various RISC-V platforms such as QEMU, FPGA soft cores, and SoCs, and is an open-source project (Github).
For more information, see the following resources: