English

HasTEE: Programming Trusted Execution Environments with Haskell

Programming Languages 2023-07-26 v1

Abstract

Trusted Execution Environments (TEEs) are hardware-enforced memory isolation units, emerging as a pivotal security solution for security-critical applications. TEEs, like Intel SGX and ARM TrustZone, allow the isolation of confidential code and data within an untrusted host environment, such as the cloud and IoT. Despite strong security guarantees, TEE adoption has been hindered by an awkward programming model. This model requires manual application partitioning and the use of error-prone, memory-unsafe, and potentially information-leaking low-level C/C++ libraries. We address the above with \textit{HasTEE}, a domain-specific language (DSL) embedded in Haskell for programming TEE applications. HasTEE includes a port of the GHC runtime for the Intel-SGX TEE. HasTEE uses Haskell's type system to automatically partition an application and to enforce \textit{Information Flow Control} on confidential data. The DSL, being embedded in Haskell, allows for the usage of higher-order functions, monads, and a restricted set of I/O operations to write any standard Haskell application. Contrary to previous work, HasTEE is lightweight, simple, and is provided as a \emph{simple security library}; thus avoiding any GHC modifications. We show the applicability of HasTEE by implementing case studies on federated learning, an encrypted password wallet, and a differentially-private data clean room.

Keywords

Cite

@article{arxiv.2307.13172,
  title  = {HasTEE: Programming Trusted Execution Environments with Haskell},
  author = {Abhiroop Sarkar and Robert Krook and Alejandro Russo and Koen Claessen},
  journal= {arXiv preprint arXiv:2307.13172},
  year   = {2023}
}

Comments

To appear in Haskell Symposium 2023

R2 v1 2026-06-28T11:39:12.185Z