Open-TEE - An Open Virtual Trusted Execution Environment
This addresses the challenge for developers in creating trusted applications without vendor support, though it is incremental as it builds on existing TEE standards.
The paper tackles the problem of limited access to hardware-based Trusted Execution Environments (TEEs) for ordinary developers by introducing Open-TEE, a virtual, hardware-independent TEE implemented in software that conforms to GlobalPlatform specifications, enabling efficient development and debugging of trusted applications with performance measurements and a user study demonstrating its ease of use.
Hardware-based Trusted Execution Environments (TEEs) are widely deployed in mobile devices. Yet their use has been limited primarily to applications developed by the device vendors. Recent standardization of TEE interfaces by GlobalPlatform (GP) promises to partially address this problem by enabling GP-compliant trusted applications to run on TEEs from different vendors. Nevertheless ordinary developers wishing to develop trusted applications face significant challenges. Access to hardware TEE interfaces are difficult to obtain without support from vendors. Tools and software needed to develop and debug trusted applications may be expensive or non-existent. In this paper, we describe Open-TEE, a virtual, hardware-independent TEE implemented in software. Open-TEE conforms to GP specifications. It allows developers to develop and debug trusted applications with the same tools they use for developing software in general. Once a trusted application is fully debugged, it can be compiled for any actual hardware TEE. Through performance measurements and a user study we demonstrate that Open-TEE is efficient and easy to use. We have made Open- TEE freely available as open source.