MAXPOWR: Memory Attestation and Export in Process-based Trusted Execution Environments

Trusted Execution Environments (TEEs) were developed to secure and attest software executed in the cloud. Current TEEs provide remote attestation of the initial software state but no mechanisms to natively and remotely analyze their internal memory during execution. We introduce MAXPOWR, a novel protocol for secure memory offloading in process-based TEEs during runtime. Our proposed solution is technology agnostic, requires only user space privileges, and works despite a compromised target process. Our concept secures the memory offload for remote analysis by enforcing temporary computational exhaustion on the system under test using Proof-of-Work challenges. We provide a PoC for Intel SGX consisting of less than 500 LoC. Our results demonstrate a less complex, though equally secure technique for memory introspection compared to the state-of-the-art. MAXPOWR requires a constant clock frequency and, therefore, assumes an honest-but-curious cloud provider.