Arguing Assurance in Trusted Execution Environments using Goal Structuring Notation

University essay from Linköpings universitet/Programvara och system

Abstract: A trusted execution environment (TEE) is an isolated environment used for trusted execution. TEE solutions are usually proprietary and specific for a certain hardware specification, thereby limiting developers that use those TEEs. A potential solution to this issue is the use of open-source alternatives such as the TEE framework Keystone and the Reduced Instruction Set Computer V (RISC-V) hardware. These alternatives are rather young and are not as well established as the variants developed by ARM and Intel. To this end, the assurance in Keystone and RISC-V are analysed by studying a remote attestation assurance use case using the goal structuring notation (GSN) method. The aim is to investigate how GSN can be utilised to build assurance cases for TEEs on RISC-V. This thesis presents a process of how GSNs can be created to argue assurance for a TEE solution. Furthermore, Keystone operates under a specific threat model with made assumptions that may have a large impact depending on the use case. Therefore, Keystone is analysed to understand whether the framework mitigates existing vulnerabilities in TEEs. It is concluded that GSN is a viable method for arguing assurance in TEEs, providing great freedom in the creation of the GSN model. The freedom is also its weakness since the argument composition has a high impact on the argument. Furthermore, we conclude that Keystone mitigates multiple known vulnerabilities primarily through made assumptions in its threat model. These cases need to be considered by developers utilising Keystone to determine whether or not the assumptions are valid for their use case.

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)