DM-TEE: Trusted Execution Environment for Disaggregated Memory

Trusted execution environments (TEEs) can provide hardware and system-level protection for sensitive data and computations. However, the security perimeter of existing TEEs is limited to a single centralized machine, which contradicts with the growing trend of employing disaggregated computing resources (e.g., disaggregated memory) to achieve high performance and resource utilization. To address this limitation, we develop DM-TEE, a customized trusted execution environment supporting the emerging disaggregated memory architecture. DM-TEE extends the traditional TEEs from local memory to remote disaggregated memory, which is achieved by a newly designed secure memory allocation and access workflow to ensure the data confidentiality and integrity in the disaggregated memory. We implement DM-TEE on real hardware using Intel SGX and a state-of-the-art memory disaggregation system. Our evaluations on memory allocation, read/write operations, and benchmark program executions indicate that DM-TEE achieves the desired disaggregated memory security with minimal performance overhead.