Abstract:
Trusted execution environment (TEE) technologies are widely developed in the current computer systems along with the user’s serious concerns about privacy protection, secure computing, etc. in network services. Generally, TEEs provide an isolated execution environment for the managers and users for privacy and confidential computing even if the underlying operating systems are compromised. To build the TEEs, the device manufacturers like Intel, Arm update the hardware foundation by adding the external processor mode, memory control, cryptography engine, etc. In addition, they provide corresponding interfaces in the system following the application requirements. Except that, researchers further design compatible TEE models for various goals with the above hardware or firmware assistance. We comprehensively analyze the technical characteristics of TEE technology in mainstream system architecture (including x86, Arm, RISC-V, heterogeneous computing unit), including infrastructure and hardware facilities design, software interface definition, security boundary, etc., and explore the feasible application scenarios of TEE technology. At the same time, we analyze the challenges of current TEE technologies and discuss the limitations and the security risks, e.g., side-channel attacks. Finally, we summarize the advantages and disadvantages of various TEE technologies from the aspects of security and functionality, and consider the future development of TEE.