Reliable Migration of WebAssembly Trusted Applications

Abstract

Trusted Execution Environments (TEE) offered by modern CPUs provide security features superior to software-based solutions, including tamper-proof code execution, secure data storage and remote attestation. A lacking area in their feature set is the availability of methods for multi-platform application development. Moreover, TEE-based trusted applications either cannot be migrated between devices, or the migration introduces additional reliability and security risks. In this thesis, we propose a design for a TEE runtime which utilizes WebAssembly to achieve a portable trusted application format. Furthermore, we describe a migration protocol with well-defined reliability guarantees. We implement a prototype of the presented runtime and protocol design, and present benchmarks of the migration performance.