부산대학교 도서관

A secure execution environment (SEE) is basically an isolated execution environment. The SEE also provides assurance to the user about the security of the execution of their security-sensitive code. The commodity software present in the market which is used for isolated execution such as virtual machines or sandbox are well developed. However, most of the solutions require a longer time to boot and also utilize a lot of resources, affecting the overall system performance. Above all, these solutions are on top of the operating system that is at the application level. When the OS is running, an application has to trust the OS and all the components below it for execution. This can include components that are not trustworthy which may create lot of attack surfaces. Therefore, there is a need for a lightweight low-level secure execution environment that has fewer attack surfaces. This can be achieved by minimization of the Trusted Computing Base (TCB) of the execution environment. The TCB minimization can be performed to bring the execution environment to the kernel level or BIOS level. As for the user level assurance, the Merkle tree is used to provide proof of security.