A Novel Memory Management for RISC-V Enclaves

Abstract

Trusted Execution Environment (TEE) is a popular technology to protect sensitive data and programs. Recent TEEs have proposed the concept of enclaves to execute code processing sensitive data, which cannot be tampered with even by a malicious OS. However, due to hardware limitations and security requirements, existing TEE architectures usually offer limited memory management, such as dynamic memory allocation, defragmentation, etc. In this paper, we present Ashman—a novel software-based memory management extension of TEE on RISC-V, including dynamic memory allocation, migration, and defragmentation. We integrate Ashman into a self-designed TEE and evaluate the performance on a real-world development board. Experimental results have shown that Ashman provides memory management functions similar to native user applications while ensuring enclave security without modifying hardware.