Skip to content

erhade/CCAegis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

220 Commits
build
build
 
 
configs
configs
 
 
figure
figure
 
 
scripts
scripts
 
 
src
src
 
 
tests
tests
 
 
toolchains
toolchains
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

CCAegis

CCAegis

More Granular, Less Trust: Enforcing Intra-Process Isolation with Arm CCA in an Untrusted Management Environment

🎯 What is CCAegis?

CCAegis is an intra-process isolation system for Arm’s Confidential Compute Architecture (CCA). It uses the Granule Protection Table (GPT) to confine sensitive data and code inside security-sensitive applications, protecting them from both intra-process adversaries and an untrusted OS while keeping the Trusted Computing Base (TCB) limited to the Secure Monitor. A bespoke LLVM pass automatically performs static points-to/taint analysis to locate functions that touch secrets (e.g., crypto keys) and injects permission-switching at call/return boundaries.

📦 1 Prerequisites

./scripts/prerequisites.sh

👷‍♂️ 2 Setup

2.1 build linux

./scripts/linux_build.sh

For subsequent compilation options, press 'Enter' to choose the default.

2.2 build arm-trusted-firmware

./scripts/atf_build.sh

2.3 run

./scripts/bootfvp.sh

About

CCAegis is an intra-process isolation system for Arm CCA.

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages