1 minute read
7.1 Introduction
from The Blue Book
7 Trusted Execution
7.1 Introduction
Advertisement
In the last two decades, almost every aspect of people’s daily lives and all areas of human activity have been pervaded and revolutionised by digital technology. Sectors vital to society and nations, such as the economy, industry, culture, healthcare, social and government activities, nowadays use massive amounts of software to deliver their services, benefiting from indisputable advantages in terms of time, cost and efficiency. However, IT systems are vulnerable to a huge number of cyber-attacks, that are constantly growing in both number and severity, thus trusted software execution is the goal that industry and academia are pursuing to protect IT systems and their sensitive data from cybercrime attacks.
Traditionally, hardware isolation mechanisms have been introduced to provide various protection mechanisms: virtual address spaces and memory control units protect user applications from each other, privileged instructions protect system software from user applications, and hardware virtualisation creates isolated execution environments protected from each other. However, user applications remain unprotected by the privileged software of the operating system and hypervisor, consisting of millions of lines of code that host a very high number of bugs [53, 88], exploitable by attackers to gain privileged access to the platform [187].
This scenario is further complicated by the advent of cloud computing, nowadays increasingly used by companies due to its indisputable economic advantages. In this case, the user applications have to trust the honesty of the infrastructure provider, the employees with privileged accounts or physical access to the cloud nodes, and the other tenants running their workloads on the same platform.
Trusted Execution Environments (TEEs) were introduced to allow securitysensitive user applications, or the most critical portions of them, to trust only
