LASM: A Lightweight and General TEE Secure Monitor Framework
摘要
With growing security concerns in mobile and cloud environments, Trusted Execution Environment (TEE) offers secure isolation for security-critical applications. However, existing designs rely on vertical privilege mechanisms, like dedicated privilege levels and virtualization, making SM implementations complex and less portable and increasing the Trusted Computing Base(TCB). To address this, we propose LASM, a horizontally extended hardware framework that enables secure SM execution without virtualization or extra privilege levels. LASM introduces three lightweight hardware-software co-designed mechanisms: (1) SM Isolation based on horizontal state extension, (2) Secure Communication and Exception, and (3) Enclave Memory Isolation based on mapping. We prototype LASM on QEMU and FPGA, and evaluations on multiple benchmarks show the strong security with low overhead (mostly under 10%). LASM provides a lightweight, general solution for future TEE designs.