The document discusses network performance bottlenecks in TrustZone-based applications. It presents iperfTZ, a tool that measures network throughput between a client's normal world and secure world. iperfTZ finds that throughput is often much higher from the normal world than the secure world. The document outlines the implementation of iperfTZ, which runs iperf3 in both worlds to compare performance. It also evaluates iperfTZ on different hardware platforms and shared memory types between worlds.
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications
1. 21st International Symposium on Stabilization, Safety, and
Security of Distributed Systems 2019
Pisa, Italy
iperfTZ: Understanding Network Bottlenecks for
TrustZone-based Applications
Christian Göttel, Pascal Felber, Valerio Schiavoni
University of Neuchâtel, Computer Science Department, Complex Systems
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 1 / 21
2. Introduction
What are Trusted Execution Environments?
Execution Environment (EE):
Sets of hardware and software components that can run
applications. Some examples are:
HypervisorOS
OS
OS
VM
OS OS
VM
CPU CPU CPU CPU
Trusted Execution Environment (TEE):
Any EE that satisfies sets of security requirements
?
Rack
!
Home
Lack of trust in cloud provider
Shield services from compromised
hosts
Regain control over code and data
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 2 / 21
3. Introduction
TEE Hardware and Specifications
MultiZone™
2003 201920112007 201520092005 2013 2017
ARM®
OMTP/WAC ATE: TR1
GSMA ATE: TR1
SME/SEVAMD
PSP Secure ProcessorAMD
SGXIntel®
GlobalPlatform Specifications / Technical Documents
Hex Five Security
OmniShield™Imagination
zACI/SSCIBM®
TrustZone®
HardwareSpecifications
HardwareSpecifications
AMD is a trademark of Advanced Micro Devices.
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 3 / 21
5. Introduction
Arm TrustZone
EL0
EL1
EL2
EL3
Normal World Secure World
EL0
EL1
EL2
EL3
Secure Monitor
ARM TF Dispatcher
Hypervisor
OS Driver
App
GP Client API
Hypervisor
TOS TOS
GP API
TA
TrustZone Exception Levels
TrustZone is a set of Arm
security extensions
System on a chip (SoC)
manufacturers are free to
implement any TrustZone
subset
Exception Levels layer the
architecture into a privilege
hierarchy
Secure Monitor Call (SMC)
instruction to switch worlds
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 5 / 21
6. Introduction
GlobalPlatform
Trusted OSRich OS
TEE
Trusted space
Platform Hardware
User space
REE
Secure Element
Trusted Storage
Peripherals
Comm. Agent
Driver Driver
Comm. Agent
API
Client API
CA
TA
Core API
Socket API
GlobalPlatform System Architecture
Rich Execution Environment (REE)
Trusted Execution Environment (TEE)
GlobalPlatform Specifications:
CA := Client Application
TEE Client API
TEE Internal Core API
Trusted Storage API
Crypto. Operations API
Time API
Arithmetical API
TEE Sockets API
and many more APIs
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 6 / 21
7. Introduction
OP-TEE: Open Portable TEE
EL0
EL1
EL2
EL3
Normal World Secure World
EL0
EL1
EL2
EL3
Secure Monitor Dispatcher
xen
other
Driver Driver
OP-TEE
tee-supplicant
libteeclibc
TA
libutee
OP-TEE
OS PTA
CA
Linux is running in the normal world, while OP-TEE is running in the
secure world.
Client application (CA), (pseudo) trusted application (PTA)
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 7 / 21
8. Motivating Scenario
ServerClient
CA
TEE REE
server
REE
Observing high throughput from client REE, . . .
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 8 / 21
9. Motivating Scenario
ServerClient
CA
TEE REE
server
REE
ServerClient
TA
TEE REE
server
REE
Observing high throughput from client REE, but low throughput from
client TEE
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 8 / 21
10. Motivating Scenario
ServerClient
iperfTZ
TEE REE REE
*
iperfTZ
*
Where * can be: iperf3 or netperf or nuttcp or . . .
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 9 / 21
12. Implementation
Threat Model
Client
User
CA
TA tee-supp
TEE REE Server
server
REE
SD / USBeMMC
Server
server
REE
Server
server
REENode
Networking
REE / TEE
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 11 / 21
13. Implementation
Threat Model
TA
Client
!
CA
tee-supp
TEE REE Server
server
REE
SD / USBeMMC
Server
server
REE
Server
server
REENode
Networking
REE / TEE
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 11 / 21
14. Implementation
Threat Model
TA
Client
!
CA
tee-supp
TEE REE Server
server
REE
SD / USBeMMC
Server
server
REE
Server
server
REENode
Networking
REE / TEE
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 11 / 21
15. Implementation
Threat Model
TA
Client
!
CA
tee-supp
TEE REE Server
server
REE
SD / USBeMMC
Server
server
REE
Server
server
REENode
Networking
REE / TEE
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 11 / 21
16. Implementation
Threat Model
TA
Client
!
CA
tee-supp
TEE REE Server
server
REE
SD / USBeMMC
Server
server
REE
Server
server
REENode
Networking
REE / TEE
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 11 / 21
17. Evaluation
Setup
Comparison of evaluation platforms.
Device QEMU Raspberry
CPU Model Intel Xeon E3-1270 v6 Broadcom BCM2837
CPU Frequency 3.8 GHz 1.2 GHz
Memory Size 63 GiB DDR4 944 MiB LPDDR2
Memory data rate 2400 MT/s 800 MT/s
Network Bandwidth 1 Gbit/s 100 Mbit/s
TZMA
TZPC
TZASC
TrustZone
GIC (4B )
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 12 / 21
18. Evaluation
Shared Memory Benchmark
TEE Context
Whole
Partially
Temporarily
Shared Memory
Memory Object
Evaluate the three different
types of shared memory
Static hash table
implementation of kazlib
Run operations on 1 KiB
chunks:
DEL: delete
GET: retrieve
PUT: insert
MIX20: 20% PUT
MIX50: 50% PUT
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 13 / 21
24. Evaluation
Improvements
EL0
EL1
EL2
EL3
Normal World Secure World
1
2
3
456
7
EL0
EL1
EL2
EL3
tee-supplicant
libc
Driver
OP-TEEnet
Driver
Secure Monitor
PTA
OP-TEE
OS
TA
libutee
Forward network requests directly
to the network driver
3
EL0
EL1
EL2
EL3
Normal World Secure World
1
2
4
EL0
EL1
EL2
EL3
tee-supplicant
libc
Driver
OP-TEEnet
Driver
Secure Monitor
OP-TEE
OS
TA
libutee
net
Driver
Use a network driver in the
trusted OS
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 19 / 21
25. Conclusion Future Work
Conclusion:
Performance and energy evaluation of TEEs
Shared memory, interface sockets
Implemented a network performance tool for trusted
applications in Arm TrustZone
Highlight bottlenecks in current OP-TEE design
Future:
Explore additional TrustZone features with different SoCs
Detailed breakdown of energy consumption
Comparison with Intel SGX and AMD SEV
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 20 / 21
26. Thank you
Thank you for your attention!
Code is available under https://github.com/ChrisG55/iperfTZ
The research leading to these results has
received funding from the European Union’s
Horizon 2020 research and innovation
programme under the LEGaTO Project
(legato-project.eu), grant agreement No 780681.
SSS’19 23.10.2019 | IIUN | Christian Göttel | christian.goettel@unine.ch
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications 21 / 21