Over the past few years, several research groups have introduced innovative hardware designs for Trusted Execution Environments (TEEs), aiming to secure applications against potentially compromised privileged software, including the kernel. Since 2015, a new class of software-enabled hardware attacks leveraging energy management mechanisms has emerged. These internal energy-based attacks comprise fault, side-channel and covert channel attacks. Their aim is to bypass TEE security guarantees and expose sensitive information such as cryptographic keys. They have increased in prevalence in the past few years. Popular TEE implementations, such as ARM TrustZone and Intel SGX, incorporate countermeasures against these attacks. However, these countermeasures either hinder the capabilities of the power management mechanisms or have been shown to provide insufficient system protection. This article presents the first comprehensive knowledge survey of these attacks, along with an evaluation of literature countermeasures. We believe that this study will spur further community efforts towards this increasingly important type of attacks.

翻译：过去几年中，多个研究团队提出了创新的可信执行环境（TEE）硬件设计方案，旨在保护应用程序免受包括内核在内的潜在特权软件威胁。自2015年以来，一类利用能量管理机制的新型软件驱动硬件攻击开始出现。这类内部能量攻击包括故障攻击、侧信道攻击和隐蔽信道攻击，其目的是绕过TEE的安全保障机制并泄露加密密钥等敏感信息。近年来此类攻击日益普遍。主流TEE实现（如ARM TrustZone和Intel SGX）已部署针对这些攻击的防护措施，但这些措施要么限制了电源管理机制的功能，要么被证明无法提供充分的系统保护。本文首次对此类攻击进行了全面系统的知识梳理，并对文献中的防护措施进行了评估。我们相信这项研究将推动学术界对这一日益重要的攻击类型展开更深入的研究。