English

KEVLAR-TZ: A Secure Cache for ARM TrustZone

Cryptography and Security 2021-04-28 v1

Abstract

Edge devices are increasingly in charge of storing privacy-sensitive data, in particular implantables, wearables, and nearables can potentially collect and process high-resolution vital signs 24/7. Storing and performing computations over such data in a privacy-preserving fashion is of paramount importance. We present KEVLAR-TZ, an application-level trusted cache designed to leverage ARM TrustZone, a popular trusted execution environment available in consumer-grade devices. To facilitate the integration with existing systems and IoT devices and protocols, KEVLAR-TZ exposes a REST-based interface with connection endpoints inside the TrustZone enclave. Furthermore, it exploits the on-device secure persistent storage to guarantee durability of data across reboots. We fully implemented KEVLAR-TZ on top of the OP-TEE framework, and experimentally evaluated its performance. Our results showcase performance trade-offs, for instance in terms of throughput and latency, for various workloads, and we believe our results can be useful for practitioners and in general developers of systems for TrustZone. KEVLAR-TZ is available as open-source at https://github.com/mqttz/kevlar-tz/.

Keywords

Cite

@article{arxiv.2104.13285,
  title  = {KEVLAR-TZ: A Secure Cache for ARM TrustZone},
  author = {Oscar Benedito and Ricard Delgado-Gonzalo and Valerio Schiavoni},
  journal= {arXiv preprint arXiv:2104.13285},
  year   = {2021}
}

Comments

15 pages, 21st International Conference on Distributed Applications and Interoperable Systems (DAIS21)

R2 v1 2026-06-24T01:34:09.195Z