Advertisement

iperfTZ: Understanding Network Bottlenecks for TrustZone-Based Trusted Applications

  • Christian Göttel
  • Pascal Felber
  • Valerio SchiavoniEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11914)

Abstract

The growing availability of hardware-based trusted execution environments (TEEs) in commodity processors has recently advanced support (i.e., design, implementation and deployment frameworks) for network-based secure services. Examples of such TEEs include Arm TrustZone or Intel SGX, largely available in embedded, mobile and server-grade processors. TEEs shield services from compromised hosts, malicious users or powerful attackers. TEE-enabled devices are largely being deployed on the edge of the network, paving the way for large-scale deployments of trusted applications. These applications allow processing and disseminating sensitive data without having to trust cloud providers. However, uncovering network performance limitations of such trusted applications is difficult and currently lacking, despite the interest and reliance by developers and system deployers.

iperfTZ is an open-source tool to uncover network performance bottlenecks rooted at the design and implementation of trusted applications for Arm TrustZone and underlying runtime systems. Our evaluation based on micro-benchmarks shows current trade-offs for trusted applications, both from a network as well as an energy perspective; an often overlooked yet relevant aspect for edge-based deployments.

Keywords

Network Performance Bottleneck Measurement ARM TrustZone OP-TEE 

Notes

Acknowledgments

The authors would like to thank the anonymous reviewers for their helpful comments and suggestions. The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under the LEGaTO Project (legato-project.eu), grant agreement No. 780681.

References

  1. 1.
    Alciom: PowerSpy2, 1.01 edn, 4 March 2013Google Scholar
  2. 2.
    Amacher, J., Schiavoni, V.: On the performance of ARM TrustZone. In: Pereira, J., Ricci, L. (eds.) DAIS 2019. LNCS, vol. 11534, pp. 133–151. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-22496-7_9CrossRefGoogle Scholar
  3. 3.
  4. 4.
    Arm Limited: ARM Security Technology: Building a Secure System using TrustZone Technology, April 2009. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf. Accessed 30 July 2019
  5. 5.
    Arm Limited: Arm Cortex-A53 MPCore Processor: Technical Reference Manual, 8 February 2016. https://developer.arm.com/docs/ddi0500/g. Revision: r0p4
  6. 6.
    Arm Limited: Fundamentals of ARMv8-A, March 2017. https://static.docs.arm.com/100878/0100/fundamentals_of_armv8_a_100878_0100_en.pdf. Accessed 30 July 2019
  7. 7.
    Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with Haven. ACM Trans. Comput. Syst. 33(3), 8:1–8:26 (2015).  https://doi.org/10.1145/2799647CrossRefGoogle Scholar
  8. 8.
    GlobalPlatform, Inc.: TEE Client API Specification Version 1, July 2010Google Scholar
  9. 9.
    GlobalPlatform, Inc.: TEE Sockets API Specification Version 1.0.1, January 2017Google Scholar
  10. 10.
    GlobalPlatform, Inc.: TEE Internal Core API Specification 1.1.2.50, June 2018Google Scholar
  11. 11.
    GlobalPlatform, Inc.: TEE System Architecture Version 1.2, November 2018Google Scholar
  12. 12.
    Göttel, C., et al.: Security, performance and energy implications of hardware-assisted memory protection mechanisms on event-based streaming systems. In: 2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS), pp. 264–266 (2018).  https://doi.org/10.1109/SRDS.2018.00042
  13. 13.
    Göttel, C., Felber, P., Schiavoni, V.: Developing secure services for IoT with OP-TEE: a first look at performance and usability. In: Pereira, J., Ricci, L. (eds.) DAIS 2019. LNCS, vol. 11534, pp. 170–178. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-22496-7_11CrossRefGoogle Scholar
  14. 14.
    Jang, J.S., Kong, S., Kim, M., Kim, D., Kang, B.B.: SeCReT: secure channel between rich execution environment and trusted execution environment. In: NDSS, pp. 1–15 (2015)Google Scholar
  15. 15.
    Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: 40th IEEE Symposium on Security and Privacy (S&P 2019) (2019)Google Scholar
  16. 16.
    Lind, J., Eyal, I., Pietzuch, P., Sirer, E.G.: Teechan: payment channels using trusted execution environments. ArXiv preprint arXiv:1612.07766 (2016)
  17. 17.
    Lindy Electronics Ltd.: iPower Control 2x6M/2x6XM, 1 edn, June 2015Google Scholar
  18. 18.
    Lipp, M., et al.: Meltdown: reading kernel memory from user space. In: 27th USENIX Security Symposium (USENIX Security 2018) (2018)Google Scholar
  19. 19.
    Lyu, X., et al.: Selective offloading in mobile edge computing for the green internet of things. IEEE Netw. 32(1), 54–60 (2018).  https://doi.org/10.1109/MNET.2018.1700101CrossRefGoogle Scholar
  20. 20.
    Mäkinen, O.: Streaming at the edge: local service concepts utilizing mobile edge computing. In: 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies, pp. 1–6 (2015).  https://doi.org/10.1109/NGMAST.2015.35
  21. 21.
    McGillion, B., Dettenborn, T., Nyman, T., Asokan, N.: Open-TEE - an open virtual trusted execution environment. In: 2015 IEEE Trustcom/BigDataSE/ISPA, TRUSTCOM 2015, vol. 1, pp. 400–407. IEEE Computer Society, Washington, DC (2015).  https://doi.org/10.1109/Trustcom.2015.400
  22. 22.
    Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 113–124. ACM, New York (2011).  https://doi.org/10.1145/2046660.2046682
  23. 23.
    Ngabonziza, B., Martin, D., Bailey, A., Cho, H., Martin, S.: TrustZone explained: architectural features and use cases. In: 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pp. 445–451 (2016).  https://doi.org/10.1109/CIC.2016.065
  24. 24.
    Ning, Z., Kong, X., Xia, F., Hou, W., Wang, X.: Green and sustainable cloud of things: enabling collaborative edge computing. IEEE Commun. Mag. 57(1), 72–78 (2019).  https://doi.org/10.1109/MCOM.2018.1700895CrossRefGoogle Scholar
  25. 25.
    Park, H., Zhai, S., Lu, L., Lin, F.X.: StreamBox-TZ: secure stream analytics at the edge with TrustZone. In: 2019 USENIX Annual Technical Conference (USENIX ATC 2019), pp. 537–554. USENIX Association, Renton, July 2019. https://www.usenix.org/conference/atc19/presentation/park-heejin
  26. 26.
    Segarra, C., Delgado-Gonzalo, R., Lemay, M., Aublin, P.-L., Pietzuch, P., Schiavoni, V.: Using trusted execution environments for secure stream processing of medical data. In: Pereira, J., Ricci, L. (eds.) DAIS 2019. LNCS, vol. 11534, pp. 91–107. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-22496-7_6CrossRefGoogle Scholar
  27. 27.
    Sequitur Labs Inc.: Easing Access to ARM TrustZone - OP-TEE and Raspberry Pi 3, 26 September 2016Google Scholar
  28. 28.
    Shepherd, C., Akram, R.N., Markantonakis, K.: Establishing mutually trusted channels for remote sensing devices with trusted execution environments. In: Proceedings of the 12th International Conference on Availability, Reliability and Security, ARES 2017, pp. 7:1–7:10. ACM, New York (2017).  https://doi.org/10.1145/3098954.3098971
  29. 29.
    Shepherd, C., et al.: Secure and trusted execution: past, present, and future - a critical review in the context of the internet of things and cyber-physical systems. In: 2016 IEEE Trustcom/BigDataSE/ISPA, pp. 168–177 (2016).  https://doi.org/10.1109/TrustCom.2016.0060
  30. 30.
    Varghese, B., Wang, N., Barbhuiya, S., Kilpatrick, P., Nikolopoulos, D.S.: Challenges and opportunities in edge computing. In: 2016 IEEE International Conference on Smart Cloud (SmartCloud), pp. 20–26 (2016).  https://doi.org/10.1109/SmartCloud.2016.18
  31. 31.
    Volos, S., Vaswani, K., Bruno, R.: Graviton: trusted execution environments on GPUs. In: Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, pp. 681–696, OSDI 2018. USENIX Association, Berkeley (2018). http://dl.acm.org/citation.cfm?id=3291168.3291219

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University of NeuchâtelNeuchâtelSwitzerland

Personalised recommendations