GuaranTEE: Introducing Control-Flow Attestation for Trusted Execution Environments

Many cloud providers offer Trusted Execution Environments (TEEs) to protect critical data and processes from high privileged adversaries. Unfortunately, TEEs can only be attested at launch. To also enable attestation during run-time, we present GuaranTEE. GuaranTEE uses control-flow attestation to ensure the integrity of a service running within a TEE. To protect the attesting code from a potentially compromised service, we place it in a separate TEE. Additionally, the TEEs guard both the service and the attestation from malicious cloud providers. To reduce the overhead resulting from the use of two TEEs, we securely cache collected information and perform the attestation in parallel to executing the service. The detailed performance evaluation of our prototype based on Intel SGX in Microsoft Azure demonstrates that GuaranTEE provides a practical solution for cloud users focused on protecting the integrity of their data and processes at run-time.