Building a Secure Scheme for a Trusted Hardware Sharing Environment

Trusted hardware sharing (THS) system can provide multiple trusted execution environments (TEE) via sharing the trusted hardware (e.g., sharing trusted platform module via virtualization) for stand-alone and isolation scenarios. However, the trusted function requests (TFRs) sent to the trusted hardware are emitted by multiple TEEs, which have to be processed by THS. Since different applications in different TEEs have different security requirements, the data in TFRs need to be protected from being leaked or modified in an unauthorized manner. To address this issue, we present a secure scheme for THS systems based on an information flow model that protects the sensitive data in TFRs. Each TFR is assigned a security level according to their owner, and processed in isolated environments with different security levels. We implement the prototype and conduct the experiments in both shared memory and isolated environments. The results indicate that the introduction of security mechanisms can lead to more time consumption on processing TFRs with the increase in the dimension of security levels. However, this degradation in performance is still acceptable and can be mitigated in the real world, because intensive TFR requests are not present as they are in the experimental environment.