CAP-TEE: Capability Architectures for Trusted Execution

Trusted Execution Environments (TEEs) shield computations using security-sensitive data (e.g. personal data, banking information, or encryption keys) inside a secure "enclave" from the rest of the untrusted operating system. A TEE protects its data and code even if an attacker has gained full root access to the untrusted parts of the system. Today, TEEs like ARM Trustzone and Intel SGX are therefore widely used in general-purposes devices, including most laptops and smartphones. But with increasingly wide-spread use, TEEs have proven vulnerable to a number of hardware and software-based attacks, often leading to the complete compromise of the protected data.

In this project, we will use capability architectures (as e.g. developed by the CHERI project) to protect TEEs against such state-of-the-art attacks. We address a wide range of threats from software vulnerabilities such as buffer overflows to sophisticated hardware attacks like fault injection. CAP-TEE will provide a strong, open-source basis for the future generation of more secure TEEs.

When developing such disruptive technologies, it is key to minimise the efforts for porting existing codebases to the new system to facilitate adoption in practice. In CAP-TEE, we therefore focus on techniques to ease the transition to our capability-enabled TEE. In industrial cases studies for the automotive and rail sector, we will demonstrate how complex code written in a memory-unsafe language like C(++) can be seamlessly moved to our platform to benefit from increased security without a full redesign.

The research in this project will benefit:

a) Industry

Our four direct industry partners (Samsung, HP Labs, Horiba Mira, and Thales) will be deeply involved in steering the project to maximise industrial applicability of the results. We envision that the CAP-TEE technologies will find their way into future, more secure smartphones, automotive control units, and industrial control systems. We will also engage with the wider business community through presentations and dedicated dissemination events to ensure widespread adoption of the project results. This makes use of our industrial network, among others developed within the ESPRC and NCSC-funded research insitutes RITICS, RISE, and UKRRIN.

b) Government and society

Society as a whole will benefit from more secure devices used by most of us on a day-to-day basis. We will participate at public engagement events and engage with the media to create and improve public awareness of the benefits of "secure by default" systems as promoted by CAP-TEE. We will also work closely with the government, e.g. the NCSC, to help steer public policy around secure and trustworthy industrial control, rail, and automotive systems as well as trusted execution in general.

c) Research Community

Research papers based on the project results will be submitted to the highest ranked venues in the field. This will advance the state-of-the-art in trusted execution and development of secure embedded systems. We will extend our existing academic collaborations and seek new (inter)national ones. By following an open-source dissemination strategy, we aim to maximise the re-usability of the project results to enable follow-up research and reproducibility by other scientists. For this, we will setup a dedicated project website and repository to make all research artifacts publicly available.

We will collaborate interdisciplinary with the Digital Security by Design Social Sciences Hub+ to explore ways for creating incentives to build "secure by default" products from a social sciences perspective and for informing public policy around stronger security for critical infrastructure.

d) Education

We will continue to train the next generation of cyber security experts both through PhD studentships within CAP-TEE, our GCHQ/NCSC-recognised MSc in Cyber Security, and our UG programme in Computer Science. The novel techniques developed in the project around capability architectures and TEEs will directly feed into our cyber security teaching activities.