Secure Edge Computing with ARM TrustZone

Robert Pettersen, Håvard D. Johansen, Dag Johansen


When connecting Internet of Things (IOT) devices and other Internet edge computers to remote back-end hybrid or pure public cloud solutions, providing a high level of security and privacy is critical. With billions of such additional client devices rapidly being deployed and connected, numerous new security vulnerabilities and attack vectors are emerging. This paper address this concern with security as a first-order design principle: how to architect a secure and integrated middleware system spanning from IOT edge devices to back-end cloud servers. We report on our initial experiences from building a prototype utilizing secure enclave technologies on IOT devices. Our initial results indicate that isolating execution on ARM TrustZone processors comes at a relatively negligible cost.


  1. Anati, I., Gueron, S., Johnson, S., and Scarlata, V. (2013). Innovative technology for cpu based attestation and sealing. In Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy, volume 13.
  2. ARM Limited (2009). ARM security technology: Building a secure system using TrustZone technology. White paper PRD29-GENC-009492C, ARM Limited.
  3. Brasser, F., Kim, D., Liebchen, C., Ganapathy, V., Iftode, L., and Sadeghi, A.-R. (2016). Regulating arm trustzone devices in restricted spaces. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, pages 413-425. ACM.
  4. Carzaniga, A., Rosenblum, D. S., and Wolf, A. L. (2001). Design and evaluation of a wide-area event notification service. ACM Transactions on Computer Systems (TOCS), 19(3):332-383.
  5. Efstathopoulos, P., Krohn, M., VanDeBogart, S., Frey, C., Ziegler, D., Kohler, E., Mazières, D., Kaashoek, F., and Morris, R. (2005). Labels and event processes in the asbestos operating system. In Proceedings of the 20th ACM Symposium on Operating Systems Principles, SOSP 7805, pages 17-30, New York, NY, USA. ACM.
  6. Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.- G., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. (2014). Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2):5.
  7. Gjerdrum, A. T., Håvard, D., and Johansen, D. (2016). Implementing informed consent as information-flow policies for secure analytics on ehealth data: Principles and practices. In Connected Health: Applications, Systems and Engineering Technologies (CHASE), 2016 IEEE First International Conference on, pages 107-112. IEEE.
  8. Global Platform (2011). TEE system architecture. Global Platform technical overview.
  9. Goldberg, I., Wagner, D., Thomas, R., Brewer, E. A., et al. (1996). A secure environment for untrusted helper applications: Confining the wily hacker. InProceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography, volume 6, pages 1-1.
  10. Hurley, J. and Johansen, D. (2014). Self-managing data in the clouds. In Cloud Engineering (IC2E), 2014 IEEE International Conference on, pages 417-423. IEEE.
  11. Jang, J., Choi, C., Lee, J., Kwak, N., Lee, S., Choi, Y., and Kang, B. (2016). Privatezone: Providing a private execution environment using arm trustzone. IEEE Transactions on Dependable and Secure Computing.
  12. Johansen, H., Gurrin, C., and Johansen, D. (2015a). Towards consent-based lifelogging in sport analytic. In Johansen, H. D., Birrell, E., Van Renesse, R., Schneider, F. B., Stenhaug, M., and Johansen, D. (2015b). Enforcing privacy policies with meta-code. In Proceedings of the 6th Asia-Pacific Workshop on Systems, page 16. ACM.
  13. Maniatis, P., Akhawe, D., Fall, K., Shi, E., McCamant, S., and Song, D. (2011). Do you know where your data are? Secure data capsules for deployable data protection. In of the 13th USENIX Conference on Hot Topics in Operating Systems, HotOS 7811, pages 22-27. USENIX Association.
  14. Ngabonziza, B., Martin, D., Bailey, A., Cho, H., and Martin, S. (2016). Trustzone explained: Architectural features and use cases. In Collaboration and Internet Computing (CIC), 2016 IEEE 2nd International Conference on, pages 445-451. IEEE.
  15. Nordal, A., Kvalnes, Å., Hurley, J., and Johansen, D. (2011). Balava: Federating private and public clouds. In Services (SERVICES), 2011 IEEE World Congress on, pages 569 -577.
  16. Rubinov, K., Rosculete, L., Mitra, T., and Roychoudhury, A. (2016). Automated partitioning of android applications for trusted execution environments. In Proceedings of the 38th International Conference on Software Engineering, pages 923-934. ACM.
  17. Sabelfeld, A. and Myers, A. (2003). Language-based information-flow security. Selected Areas in Communications, IEEE Journal on, 21(1):5-19.
  18. Santos, N., Raj, H., Saroiu, S., and Wolman, A. (2014). Using arm trustzone to build a trusted language runtime for mobile applications. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 7814, pages 67-80, New York, NY, USA. ACM.
  19. Schwab, K. (2016). The fourth industrial revolution. World Economic Forum Geneva.
  20. Shuja, J., Gani, A., Bilal, K., Khan, A. U. R., Madani, S. A., Khan, S. U., and Zomaya, A. Y. (2016). A survey of mobile device virtualization: taxonomy and state of the art. ACM Computing Surveys (CSUR), 49(1):1.
  21. TCG Published (2011). TPM main part 1 design principles. Specification Version 1.2 Revision 116, Trusted Computing Group,.
  22. Valvåg, S. V., Pettersen, R., Johansen, H., and Johansen, D. (2016). Lady: Dynamic resolution of assemblies for extensible and distributed .net applications. In CLOSER 2016 : Proceedings of the 6th International Conference on Cloud Computing and Services Science, pages 118-128.

Paper Citation

in Harvard Style

Pettersen R., Johansen H. and Johansen D. (2017). Secure Edge Computing with ARM TrustZone . In Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS, ISBN 978-989-758-245-5, pages 102-109. DOI: 10.5220/0006308601020109

in Bibtex Style

author={Robert Pettersen and Håvard D. Johansen and Dag Johansen},
title={Secure Edge Computing with ARM TrustZone},
booktitle={Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,},

in EndNote Style

JO - Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,
TI - Secure Edge Computing with ARM TrustZone
SN - 978-989-758-245-5
AU - Pettersen R.
AU - Johansen H.
AU - Johansen D.
PY - 2017
SP - 102
EP - 109
DO - 10.5220/0006308601020109