Autonomous and robotic systems are increasingly being trusted with sensitive activities with potentially serious consequences if that trust is broken. Runtime verification techniques present a natural source of inspiration for monitoring and enforcing the desirable properties of the communication protocols in place, providing a formal basis and ways to limit intrusiveness. A recently proposed approach, RV-TEE, shows how runtime verification can enhance the level of trust to the Rich Execution Environment (REE), consequently adding a further layer of protection around the Trusted Execution Environment (TEE). By reflecting on the implication of deploying RV in the context of trustworthy computing, we propose practical solutions to two threat models for the RV-TEE monitoring process: one where the adversary has gained access to the system without elevated privileges, and another where the adversary gains all privileges to the host system but fails to steal secrets from the TEE.

翻译：自主与机器人系统正越来越多地被用于处理敏感活动，一旦信任被破坏，可能会造成严重后果。运行时验证技术为监控和强制实施通信协议的期望属性提供了自然灵感，同时提供了形式化基础并限制了侵入性。近期提出的方法RV-TEE展示了运行时验证如何增强对富执行环境（REE）的信任级别，从而在可信执行环境（TEE）周围增加额外保护层。通过反思在可信计算场景中部署RV的影响，我们针对RV-TEE监控过程的两种威胁模型提出了实用解决方案：一种场景中攻击者已获得系统访问权限但未提升权限，另一种场景中攻击者获得了宿主系统的全部权限但未能从TEE窃取秘密。