Abstract
The growing availability of hardware-based trusted execution environments (TEEs) in commodity processors has recently advanced support (i.e., design, implementation and deployment frameworks) for network-based secure services. Examples of such TEEs include Arm TrustZone or Intel SGX, largely available in embedded, mobile and server-grade processors. TEEs shield services from compromised hosts, malicious users or powerful attackers. TEE-enabled devices are largely being deployed on the edge of the network, paving the way for large-scale deployments of trusted applications. These applications allow processing and disseminating sensitive data without having to trust cloud providers. However, uncovering network performance limitations of such trusted applications is difficult and currently lacking, despite the interest and reliance by developers and system deployers.
iperfTZ is an open-source tool to uncover network performance bottlenecks rooted at the design and implementation of trusted applications for Arm TrustZone and underlying runtime systems. Our evaluation based on micro-benchmarks shows current trade-offs for trusted applications, both from a network as well as an energy perspective; an often overlooked yet relevant aspect for edge-based deployments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
https://www.raspberrypi.org, accessed on 30.07.2019.
- 2.
https://www.sierraware.com/open-source-ARM-TrustZone.html, accessed on 30.07.2019.
- 3.
https://www.op-tee.org, accessed on 30.07.2019.
- 4.
https://software.es.net/iperf/, accessed on 30.07.2019.
- 5.
https://hewlettpackard.github.io/netperf/, accessed on 30.07.2019.
- 6.
https://www.nuttcp.net/Welcome%20Page.html, accessed on 30.07.2019.
- 7.
https://globalplatform.org, accessed on 30.07.2019.
- 8.
https://optee.readthedocs.io/architecture/libraries.html#libutee, accessed on 30.07.2019.
- 9.
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability, accessed on 30.07.2019.
- 10.
- 11.
Numbers for individual components include local header lines of code.
- 12.
https://www.qemu.org, accessed on 30.07.2019.
- 13.
https://wiki.qemu.org/Documentation/Networking#User_Networking_.28SLIRP.29, accessed on 30.07.2019.
- 14.
Manual page: man time.h.
- 15.
Full compatibility with iperf would require substantial engineering efforts that we leave out of the scope of this work.
- 16.
See footnote 6.
- 17.
See footnote 5.
- 18.
https://www.tcpdump.org, accessed on 30.07.2019.
- 19.
www.flowgrind.net, accessed on 30.07.2019.
- 20.
https://keystone-enclave.org, accessed on 30.07.2019.
References
Alciom: PowerSpy2, 1.01 edn, 4 March 2013
Amacher, J., Schiavoni, V.: On the performance of ARM TrustZone. In: Pereira, J., Ricci, L. (eds.) DAIS 2019. LNCS, vol. 11534, pp. 133–151. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22496-7_9
Arm Limited: Isolation using virtualization in the Secure world. https://developer.arm.com/-/media/Files/pdf/Isolation_using_virtualization_in_the_Secure_World_Whitepaper.pdf?revision=c6050170-04b7-4727-8eb3-ee65dc52ded2
Arm Limited: ARM Security Technology: Building a Secure System using TrustZone Technology, April 2009. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf. Accessed 30 July 2019
Arm Limited: Arm Cortex-A53 MPCore Processor: Technical Reference Manual, 8 February 2016. https://developer.arm.com/docs/ddi0500/g. Revision: r0p4
Arm Limited: Fundamentals of ARMv8-A, March 2017. https://static.docs.arm.com/100878/0100/fundamentals_of_armv8_a_100878_0100_en.pdf. Accessed 30 July 2019
Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with Haven. ACM Trans. Comput. Syst. 33(3), 8:1–8:26 (2015). https://doi.org/10.1145/2799647
GlobalPlatform, Inc.: TEE Client API Specification Version 1, July 2010
GlobalPlatform, Inc.: TEE Sockets API Specification Version 1.0.1, January 2017
GlobalPlatform, Inc.: TEE Internal Core API Specification 1.1.2.50, June 2018
GlobalPlatform, Inc.: TEE System Architecture Version 1.2, November 2018
Göttel, C., et al.: Security, performance and energy implications of hardware-assisted memory protection mechanisms on event-based streaming systems. In: 2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS), pp. 264–266 (2018). https://doi.org/10.1109/SRDS.2018.00042
Göttel, C., Felber, P., Schiavoni, V.: Developing secure services for IoT with OP-TEE: a first look at performance and usability. In: Pereira, J., Ricci, L. (eds.) DAIS 2019. LNCS, vol. 11534, pp. 170–178. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22496-7_11
Jang, J.S., Kong, S., Kim, M., Kim, D., Kang, B.B.: SeCReT: secure channel between rich execution environment and trusted execution environment. In: NDSS, pp. 1–15 (2015)
Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: 40th IEEE Symposium on Security and Privacy (S&P 2019) (2019)
Lind, J., Eyal, I., Pietzuch, P., Sirer, E.G.: Teechan: payment channels using trusted execution environments. ArXiv preprint arXiv:1612.07766 (2016)
Lindy Electronics Ltd.: iPower Control 2x6M/2x6XM, 1 edn, June 2015
Lipp, M., et al.: Meltdown: reading kernel memory from user space. In: 27th USENIX Security Symposium (USENIX Security 2018) (2018)
Lyu, X., et al.: Selective offloading in mobile edge computing for the green internet of things. IEEE Netw. 32(1), 54–60 (2018). https://doi.org/10.1109/MNET.2018.1700101
Mäkinen, O.: Streaming at the edge: local service concepts utilizing mobile edge computing. In: 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies, pp. 1–6 (2015). https://doi.org/10.1109/NGMAST.2015.35
McGillion, B., Dettenborn, T., Nyman, T., Asokan, N.: Open-TEE - an open virtual trusted execution environment. In: 2015 IEEE Trustcom/BigDataSE/ISPA, TRUSTCOM 2015, vol. 1, pp. 400–407. IEEE Computer Society, Washington, DC (2015). https://doi.org/10.1109/Trustcom.2015.400
Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 113–124. ACM, New York (2011). https://doi.org/10.1145/2046660.2046682
Ngabonziza, B., Martin, D., Bailey, A., Cho, H., Martin, S.: TrustZone explained: architectural features and use cases. In: 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pp. 445–451 (2016). https://doi.org/10.1109/CIC.2016.065
Ning, Z., Kong, X., Xia, F., Hou, W., Wang, X.: Green and sustainable cloud of things: enabling collaborative edge computing. IEEE Commun. Mag. 57(1), 72–78 (2019). https://doi.org/10.1109/MCOM.2018.1700895
Park, H., Zhai, S., Lu, L., Lin, F.X.: StreamBox-TZ: secure stream analytics at the edge with TrustZone. In: 2019 USENIX Annual Technical Conference (USENIX ATC 2019), pp. 537–554. USENIX Association, Renton, July 2019. https://www.usenix.org/conference/atc19/presentation/park-heejin
Segarra, C., Delgado-Gonzalo, R., Lemay, M., Aublin, P.-L., Pietzuch, P., Schiavoni, V.: Using trusted execution environments for secure stream processing of medical data. In: Pereira, J., Ricci, L. (eds.) DAIS 2019. LNCS, vol. 11534, pp. 91–107. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22496-7_6
Sequitur Labs Inc.: Easing Access to ARM TrustZone - OP-TEE and Raspberry Pi 3, 26 September 2016
Shepherd, C., Akram, R.N., Markantonakis, K.: Establishing mutually trusted channels for remote sensing devices with trusted execution environments. In: Proceedings of the 12th International Conference on Availability, Reliability and Security, ARES 2017, pp. 7:1–7:10. ACM, New York (2017). https://doi.org/10.1145/3098954.3098971
Shepherd, C., et al.: Secure and trusted execution: past, present, and future - a critical review in the context of the internet of things and cyber-physical systems. In: 2016 IEEE Trustcom/BigDataSE/ISPA, pp. 168–177 (2016). https://doi.org/10.1109/TrustCom.2016.0060
Varghese, B., Wang, N., Barbhuiya, S., Kilpatrick, P., Nikolopoulos, D.S.: Challenges and opportunities in edge computing. In: 2016 IEEE International Conference on Smart Cloud (SmartCloud), pp. 20–26 (2016). https://doi.org/10.1109/SmartCloud.2016.18
Volos, S., Vaswani, K., Bruno, R.: Graviton: trusted execution environments on GPUs. In: Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, pp. 681–696, OSDI 2018. USENIX Association, Berkeley (2018). http://dl.acm.org/citation.cfm?id=3291168.3291219
Acknowledgments
The authors would like to thank the anonymous reviewers for their helpful comments and suggestions. The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under the LEGaTO Project (legato-project.eu), grant agreement No. 780681.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Göttel, C., Felber, P., Schiavoni, V. (2019). iperfTZ: Understanding Network Bottlenecks for TrustZone-Based Trusted Applications. In: Ghaffari, M., Nesterenko, M., Tixeuil, S., Tucci, S., Yamauchi, Y. (eds) Stabilization, Safety, and Security of Distributed Systems. SSS 2019. Lecture Notes in Computer Science(), vol 11914. Springer, Cham. https://doi.org/10.1007/978-3-030-34992-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-34992-9_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34991-2
Online ISBN: 978-3-030-34992-9
eBook Packages: Computer ScienceComputer Science (R0)