TEEm: Supporting Large Memory for Trusted Applications in ARM TrustZone

Trusted Execution Environments (TEEs), like ARM TrustZone, are increasingly crucial in fields like machine learning, blockchain, WebAssembly, and databases due to their robust security features. Despite their growing importance, TrustZone-based compact TEE operating systems such as OP-TEE are not eq...

Full description

Saved in:
Bibliographic Details
Published inIEEE access Vol. 12; pp. 108584 - 108596
Main Authors Li, Jun, Luo, Xinman, Lei, Hong, Cheng, Jieren
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 2024
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
ARM TrustZone
Large memory
Machine learning
Memory devices
Memory management
Mobile operating systems
Optimization
Performance evaluation
Program processors
Resource management
Security
Smart contracts
TEE
trusted applications
Trusted computing
Virtual memory systems
Online AccessGet full text

Cover

More Information
Summary:Trusted Execution Environments (TEEs), like ARM TrustZone, are increasingly crucial in fields like machine learning, blockchain, WebAssembly, and databases due to their robust security features. Despite their growing importance, TrustZone-based compact TEE operating systems such as OP-TEE are not equipped to support large memory for trusted applications. This is because TrustZone was primarily used in embedded and mobile devices, which typically do not require large memory capacities. However, this restriction is particularly critical as it limits TEEs' effectiveness in processing large-scale data and conducting memory-intensive computations. In this paper, we propose TEEm, a novel solution that enables large secure memory support in TEEs without compromising security. To the best of our knowledge, this is the first public method that supports large memory for Trusted Applications (TAs) to run directly within TrustZone. TEEm designs the single-to-multiple memory mapping policy to expand virtual address space for TA, and a parameter-based memory allocation mechanism that allows TAs to request more trusted memory from TEE. To validate the feasibility and performance of TEEm, we build a prototype based on OP-TEE and evaluate it using multiple memory micro-benchmarks. Security and performance evaluations demonstrate that TEEm not only achieves a performance of 3.48 times faster than Linux in memory allocation but also maintains a high level of security, providing substantial memory support for memory-intensive applications.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2024.3431231