KEVLAR-TZ: A Secure Cache for ARM TrustZone
This work addresses privacy preservation for edge devices like implantables and wearables, but it is incremental as it builds on existing TrustZone technology.
The paper tackles the problem of securely storing and processing privacy-sensitive data on edge devices by presenting KEVLAR-TZ, an application-level trusted cache that leverages ARM TrustZone, with experimental evaluation showing performance trade-offs in throughput and latency for various workloads.
Edge devices are increasingly in charge of storing privacy-sensitive data, in particular implantables, wearables, and nearables can potentially collect and process high-resolution vital signs 24/7. Storing and performing computations over such data in a privacy-preserving fashion is of paramount importance. We present KEVLAR-TZ, an application-level trusted cache designed to leverage ARM TrustZone, a popular trusted execution environment available in consumer-grade devices. To facilitate the integration with existing systems and IoT devices and protocols, KEVLAR-TZ exposes a REST-based interface with connection endpoints inside the TrustZone enclave. Furthermore, it exploits the on-device secure persistent storage to guarantee durability of data across reboots. We fully implemented KEVLAR-TZ on top of the OP-TEE framework, and experimentally evaluated its performance. Our results showcase performance trade-offs, for instance in terms of throughput and latency, for various workloads, and we believe our results can be useful for practitioners and in general developers of systems for TrustZone. KEVLAR-TZ is available as open-source at https://github.com/mqttz/kevlar-tz/.