Only pay for what you need: Detecting and removing unnecessary TEE-based code
| dc.contributor.author | Liu, Yin | en |
| dc.contributor.author | Dhar, Siddharth | en |
| dc.contributor.author | Tilevich, Eli | en |
| dc.date.accessioned | 2023-01-23T13:29:55Z | en |
| dc.date.available | 2023-01-23T13:29:55Z | en |
| dc.date.issued | 2022-06-01 | en |
| dc.date.updated | 2023-01-20T21:36:48Z | en |
| dc.description.abstract | A Trusted Execution Environment (TEE) provides an isolated hardware environment for sensitive code and data to protect a system's integrity and confidentiality. As we discovered, programmers tend to overuse TEE protection. When they place non-sensitive code in TEE, the trusted computing base (TCB) grows unnecessarily, leading to long execution latencies and large attack surfaces. To address this problem, we first study a representative sample of open-source projects to uncover how TEE is utilized in real-world software. To facilitate the process of removing non-sensitive code from TEE, we introduce TEE Insourcing, a new type of software refactoring that identifies and removes the unnecessary program parts out of TEE. We implemented TEE Insourcing as the TEE-DRUP framework, which operates in three phases: (1) a variable sensitivity analysis designates each variable as sensitive or non-sensitive; (2) a TEE-aware taint analysis identifies non-sensitive TEE-based functions; (3) a fully-declarative program transformation automatically moves these functions out of TEE. Our evaluation demonstrates that our approach is correct, effective, and usable. By deploying TEE-DRUP to discover and remove the unnecessary TEE code, programmers can both reduce the TCB's size and improve system performance. | en |
| dc.description.version | Accepted version | en |
| dc.format.extent | 16 page(s) | en |
| dc.format.mimetype | application/pdf | en |
| dc.identifier | ARTN 111253 (Article number) | en |
| dc.identifier.doi | https://doi.org/10.1016/j.jss.2022.111253 | en |
| dc.identifier.eissn | 1873-1228 | en |
| dc.identifier.issn | 0164-1212 | en |
| dc.identifier.orcid | Tilevich, Eli [0000-0003-2415-6926] | en |
| dc.identifier.uri | http://hdl.handle.net/10919/113352 | en |
| dc.identifier.volume | 188 | en |
| dc.language.iso | en | en |
| dc.publisher | Elsevier | en |
| dc.relation.uri | http://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcApp=PARTNER_APP&SrcAuth=LinksAMR&KeyUT=WOS:000783133900015&DestLinkType=FullRecord&DestApp=ALL_WOS&UsrCustomerID=930d57c9ac61a043676db62af60056c1 | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | TEE | en |
| dc.subject | Program analysis | en |
| dc.subject | Code transformation | en |
| dc.subject | STATIC ANALYSIS | en |
| dc.title | Only pay for what you need: Detecting and removing unnecessary TEE-based code | en |
| dc.title.serial | Journal of Systems and Software | en |
| dc.type | Article - Refereed | en |
| dc.type.dcmitype | Text | en |
| dc.type.other | Article | en |
| dc.type.other | Journal | en |
| pubs.organisational-group | /Virginia Tech | en |
| pubs.organisational-group | /Virginia Tech/Engineering | en |
| pubs.organisational-group | /Virginia Tech/Engineering/Computer Science | en |
| pubs.organisational-group | /Virginia Tech/All T&R Faculty | en |
| pubs.organisational-group | /Virginia Tech/Engineering/COE T&R Faculty | en |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- TEEInsourcingJSS[1].pdf
- Size:
- 756.91 KB
- Format:
- Adobe Portable Document Format
- Description:
- Accepted version