Trusted Execution Environments (TEEs) protect sensitive code and data from the operating system, hypervisor, or other untrusted software. Different solutions exist, each proposing different features. Abstraction layers aim to unify the ecosystem, allowing application developers and system administrators to leverage confidential computing as broadly and efficiently as possible. We start with an overview of representative available TEE technologies. We describe and summarize each TEE ecosystem, classifying them in different categories depending on their main design choices. Then, we propose a systematization of knowledge focusing on different abstraction layers around each design choice. We describe the underlying technologies of each design, as well as the inner workings and features of each abstraction layer. Our study reveals opportunities for improving existing abstraction layer solutions. It also highlights WebAssembly, a promising approach that supports the largest set of features. We close with a discussion on future directions for research, such as how future abstraction layers may evolve and integrate with the confidential computing ecosystem.

翻译：可信执行环境（TEE）能够保护敏感代码和数据免受操作系统、虚拟机监控程序或其他不可信软件的影响。当前存在多种解决方案，各自提供不同的功能特性。抽象层旨在统一生态系统，使应用程序开发人员和系统管理员能够尽可能广泛高效地利用机密计算。本文首先概述具有代表性的现有TEE技术，通过主要设计选择进行分类，对各TEE生态系统进行描述与总结。随后，我们提出围绕不同设计选择构建抽象层的知识系统化框架，阐述每种设计的基础技术，以及各抽象层的内部工作机制与功能特性。研究表明，现有抽象层解决方案存在改进空间，同时凸显了WebAssembly作为支持最广泛功能集的潜力方案。最后，我们探讨了未来研究方向，包括抽象层如何演进并与机密计算生态系统深度融合。