Séminaire SoSySec : Time and Availability in Trusted Execution Environments

Starting on
Ending on
IRISA Rennes
Salle Pétri/Turing
Jan Tobias Muehlberg (Université libre de Bruxelles, Belgium)
Main department

SoSySec seminar
Software and Systems Security
Inria - Rennes
May 26th, 2023, 11:00
In-person: Turing-Petri
Remotely with BBB:https://bbb.inria.fr/all-t0p-qjq-9em / Access code: 192737

Jan Tobias Muehlberg (Université libre de Bruxelles, Belgium)
Time and Availability in Trusted Execution Environments
Trusted Execution Environments (TEEs) can provide strong security guarantees in distributed systems, and even protect embedded software in the IoT or in critical control systems. Measuring the passage of time and taking actions based on such measurements is a common security-critical operation in many of these systems. Yet, few TEEs combine security with real-time processing and availability, or provide hard guarantees on the timeliness of code execution. A key difficulty here is that TEEs execute within an effectively untrusted environment, which can influence expectations on time and progress.
In this talk, I will present our research on categorising approaches to tracking the passage of time in TEEs, highlighting the respective dependability guarantees. Focusing first on the popular Intel SGX architecture, we analyse to what extend time can be securely measured and utilised. We then broaden the scope to other popular trusted computing solutions and list common applications for each notion of time and progress, concluding that not every use case requires an accurate access to real-world time.
Following this, I will present a configurable embedded security architecture that provides a notion of guaranteed real-time execution for dynamically loaded enclaves. We implement preemptive multitasking and restricted atomicity on top of strong enclave software isolation and attestation. Our approach allows the hardware to enforce confidentiality and integrity protections, while a decoupled small enclaved scheduler software component can enforce availability and guarantee strict deadlines of a bounded number of protected applications, without necessarily introducing a notion of priorities amongst these applications.


To follow the presentation remotely, please connect to the following URL with a modern web browser:
- URL:https://bbb.inria.fr/all-t0p-qjq-9em
- Access code: 192737


Seminar taking place in person with mandatory registration at least 48h beforehand for *all* in-person participants by email to Nadia Derouault<nadia [*] derouaultatinria [*] fr>. Participants non-affiliated with Inria or IRISA will be asked to present an ID at the reception desk of the IRISA building.

To receive the SoSySec announcements, please subscribe to the SoSySec mailing list:
All past and future SoSySec talks are listed at


Séminaire en présentiel ouvert à tous mais avec inscription obligatoire au moins 48h à l'avance pour *tous* les participants en présentiel auprès de Nadia Derouault<nadia [*] derouaultatinria [*] fr>.
Les participants externes devront se présenter à l'accueil avec une pièce d'identité.

Vous pouvez vous abonner à nos annonces de séminaires :
et consulter la liste des exposés passés et à venir :