Trusted Execution Environments (TEEs) have emerged as a cornerstone for securing sensitive computations by providing isolated enclaves protected from untrusted software. However, their security guarantees are undermined by vulnerabilities in both the enclave code and the underlying hardware design, which can allow sensitive data to leak despite strong isolation guarantees. This paper presents KINGSGUARD, a novel TEE design that systematically monitors and controls the propagation of sensitive data within an enclave. By enforcing fine-grained data flow tracking and checks in hardware, our approach ensures that sensitive data does not leave the enclave boundary, thus bridging the gap between the idealized threat models of TEEs and their practical realizations. Additionally, to balance security with practical functionality, we introduce controlled declassification at enclave boundaries, allowing intentional release of data to the outside world. Our implementation of KINGSGUARD on a RISC-V processor has a 10.8% hardware area overhead when synthesized on FPGA and a 5.69% performance overhead.

翻译：可信执行环境通过提供隔离飞地来保护敏感计算，已发展为保障敏感数据安全的关键技术。然而，飞地代码和底层硬件设计中的漏洞会破坏其安全保证，即便存在强隔离机制，仍可能导致敏感数据泄露。本文提出KINGSGUARD——一种新型TEE设计，能够系统性地监控并控制飞地内敏感数据的传播。通过实施细粒度的硬件级数据流追踪与检查，我们的方法确保敏感数据不会脱离飞地边界，从而弥合TEE理想化威胁模型与实际实现之间的鸿沟。此外，为平衡安全性与功能性，我们在飞地边界引入受控降密机制，允许数据在经授权的情况下对外释放。基于RISC-V处理器实现的KINGSGUARD，在FPGA上综合后的硬件面积开销为10.8%，性能开销为5.69%。