Volume 12, Number 3/4
Object Capability Model for Tee: A Cheri Based Compartmentalization Approach
Authors
Bala Subramanyan, Verifoxx Ltd, UK
Abstract
In this paper, we introduce a capability-driven approach to bolster security and granularity within Trusted Execution Environments (TEEs) [1]. By delivering precise privilege control and fine-grained compartmentalization, we aim to improve TEE security standards. To address vulnerabilities within Trusted Execution Environments (TEEs) and enable selective privilege management and secure object sharing between secure and normal worlds, we introduce a TEE compartmentalization framework based on the CHERI object-capability model. Leveraging DSbD technologies, our framework provides an efficient prototyping environment for developing trusted applications while safeguarding against existing threats. At Verifoxx Ltd, our architecture relies on TEEs to handle sensitive data, encompassing tasks such as extracting client secrets, managing commitments, sharding and executing cryptographic operations for zero-knowledge responses. The proposed approach holds promise where TEEs can enhance transaction security and enterprises seeking data protection. Our approach introduces in-enclave compartments with controlled communication, facilitating domain transitions through sealed data capability delegations and hardware-assisted call/return mechanisms. This enables application layer compartmentalization by modularly separating concerns within the secure world, emphasising single responsibility, least privileges, and information hiding from unprivileged compartments. Furthermore, we ensure the integrity of lower-layer hardware and OS properties, effectively thwarting compromise attempts.
Keywords
Trusted Execution Environments (TEE) [1], CHERI architecture [8][7], Object Capability Model, Compartmentalization, Memory Protection, DoS, Application Layer Security.