SYSTEMATIZATION OF TRUSTED I/O SOLUTIONS FOR ISOLATED EXECUTION ENVIRONMENTS

Nowadays, operating systems have become increasingly complex, with codebases of millions of lines inadvertently containing security bugs. Modern CPUs promise a solution to this with Trusted Execution technologies (e.g., ARM TrustZone, Intel SGX) which can be employed to isolate critical applications from unauthorized access even from more privileged actors (e.g., system kernel or hypervisor). However, as the traditional way to interface with I/O peripherals is by using drivers part an now-considered untrustworthy OS, separate solutions must be devised to secure user input or output to trusted environments by ensuring an authenticated pathway. Our paper provides a systematization of the available trusted I/O path solutions by reviewing the scientific works in this field and extracting common attributes and differences. We categorize them by supported peripheral type and trusted platform, comparing the usability, security and complexity of their implementations. Finally, we discuss the results and give future directions for improvement.