HasTEE - Programming Trusted Execution Environments with Haskell
Paper i proceeding, 2023

Trusted Execution Environments (TEEs) are hardware enforced memory isolation units, emerging as a pivotal security solution for security-critical applications. TEEs, like Intel SGX and ARM TrustZone, allow the isolation of confidential code and data within an untrusted host environment, such as the cloud and IoT. Despite strong security guarantees, TEE adoption has been hindered by an awkward programming model. This model requires manual application partitioning and the use of error-prone, memory-unsafe, and potentially information-leaking low-level C/C++ libraries.

We address the above with HasTEE, a domain-specific language (DSL) embedded in Haskell for programming TEE applications. HasTEE includes a port of the GHC runtime for the Intel-SGX TEE.HasTEE uses Haskell’s type system to automatically partition an application and to enforce Information Flow Control on confidential data. The DSL, being embedded in Haskell, allows for the usage of higher-order functions, monads, and a restricted set of I/O operations to write any standard Haskell application. Contrary to previous work, HasTEE is lightweight, simple, and is provided as a simple security library; thus avoiding any GHC modifications. We show the applicability of HasTEE by implementing case studies on federated learning, an encrypted password wallet, and a differentially-private data clean room.

Trusted Execution Environment

Haskell

Intel SGX

Enclave

Författare

Abhiroop Sarkar

Chalmers, Data- och informationsteknik, Funktionell programmering

Robert Krook

Chalmers, Data- och informationsteknik, Funktionell programmering

Alejandro Russo

Chalmers, Data- och informationsteknik, Informationssäkerhet

Koen Claessen

Chalmers, Data- och informationsteknik, Funktionell programmering

Haskell 2023 - Proceedings of the 16th ACM SIGPLAN International Symposium on Haskell, Co-located with ICFP 2023

72-88
979-8-4007-0298-3 (ISBN)

16th ACM SIGPLAN International Symposium on Haskell, Haskell 2023, Co-located with ICFP 2023
Seattle, USA,

Octopi: Säker Programering för Sakernas Internet

Stiftelsen för Strategisk forskning (SSF) (RIT17-0023), 2018-03-01 -- 2023-02-28.

Ämneskategorier

Datorteknik

Programvaruteknik

Datavetenskap (datalogi)

Datorsystem

Styrkeområden

Informations- och kommunikationsteknik

DOI

10.1145/3609026.3609731

Mer information

Senast uppdaterat

2023-10-26