SeRoT: A Secure Runtime System on Trusted Execution Environments

Trusted execution environment (TEE) is a promising technique to protect user programs and data on public cloud environments. To support unmodified applications running, many TEE runtime systems have been proposed. However, a major drawback of the existing schemes is the lack of interface protection. This problem may lead to many security problems, such as memory information leakage and malicious codes attacks. To tackle this problem, we propose SeRoT, a new secure runtime system on trusted execution environments. Our secure runtime system first provides some core functions to the enclave programs. Then we protect the host interface at two levels, binary interface level and application interface level. In these two levels, we prevent the adversary interfacing with malicious messages. Furthermore, we implement SeRoT on a RISC-V based platform and show our scheme is average about 10% faster than Keystone on two popular and representative benchmarks.