iperfTZ: Understanding Network Bottlenecks for TrustZone-based Trusted Applications

TL;DR

This paper introduces iperfTZ, a tool for identifying network performance bottlenecks in TrustZone-based trusted applications, highlighting trade-offs in network and energy efficiency on edge devices.

Contribution

The paper presents iperfTZ, an open-source tool specifically designed to analyze network bottlenecks in TrustZone environments, addressing a gap in performance evaluation for trusted applications.

Findings

Current trusted applications face significant network performance trade-offs.

Energy consumption is a critical factor in edge deployments.

iperfTZ effectively uncovers bottlenecks and trade-offs in TrustZone systems.

Abstract

The growing availability of hardware-based trusted execution environments (TEEs) in commodity processors has recently advanced support (i.e., design, implementation and deployment frameworks) for network-based secure services. Examples of such TEEs include ARM TrustZone or Intel SGX, largely available in embedded, mobile and server-grade processors. TEEs shield services from compromised hosts, malicious users or powerful attackers. TEE-enabled devices are largely being deployed on the edge of the network, paving the way for large-scale deployments of trusted applications. These applications allow processing and disseminating sensitive data without having to trust cloud providers. However, uncovering network performance limitations of such trusted applications is difficult and currently lacking, despite the interest and reliance by developers and system deployers. iperfTZ is an open-source tool to uncover network performance bottlenecks rooted at the design and implementation of trusted applications for ARM TrustZone and underlying runtime systems. Our evaluation based on micro-benchmarks shows current trade-offs for trusted applications, both from a network as well as an energy perspective; an often overlooked yet relevant aspect for edge-based deployments.