TEEs are a prominent way of securing legacy applications with trusted hardware
(See our blog post).
Along with the proliferation of vendor-specific TEEs such as Intel SGX and ARM TrustZone, many
studies have been trying to identify and overcome the limitations of the designs.
However, a lot of them (e.g., memory limitation, side-channel attacks, Foreshadow attack,
centralized trust, etc) are still in dire need of more research.
Keystone project wants to provide a highly flexible and customizable framework for TEEs that can
adapt to various deployment scenarios and threat models.
With simpler and cleaner abstractions in RISC-V, Keystone separates the core security primitives
such as physical memory isolation, cache side-channel defenses, memory encryption, and so on from
the functional features such as virtual memory management, programming model, system call interface
and so on.
Keystone wants to address many research problems around trusted execution environments.
Keystone runs in various RISC-V platforms such as QEMU, FPGA soft cores, and SoCs, and is an open-source project (Github).
For more information, see the following resources:
* Paper (EuroSys’20)
* Website
* Releases
* Mailing list
* Twitter