System Architecture Designs for Secure, Flexible and Openly-Accessible Enclave Computing

In the last decade, security architectures became prominent which protect sensitive data in isolated execution environments, called enclaves or Trusted Execution Environments (TEEs), that are backed by hardware-assisted security mechanisms. Relying on hardware mechanisms allows enclave architectures to shrink the software that is inherently trusted, called Trusted Computing Base (TCB), to a bare minimum which stands in stark contrast to the large code base that must be trusted in a commodity operating system. Moreover, in contrast to architectures which deploy security hardware in dedicated computer chips, e.g., Trusted Platform Modules (TPMs) or smart cards, enclave architectures are deeply integrated into the main processor and thus can utilize the full computational power of the processor while still reducing hardware costs. Even though enclave architectures are widely deployed in computing systems, ranging from resource-constraint microcontrollers and embedded systems over mobile devices to personal computers and servers, still many challenges must be solved to enable their full potential. In this dissertation, we design, implement and evaluate multiple novel enclave architectures and security extensions which contribute significantly to enclave computing research by tackling multiple research challenges, namely i) providing an open access to enclave computing on ARM-based systems, ii) protecting diverse sensitive applications with a single enclave architecture across platforms, and iii) providing side-channel resilient enclaves