SoK: A Systematic Review of TEE Usage for Developing Trusted Applications

TL;DR

This paper systematically reviews the usage, evolution, and tools of Trusted Execution Environments (TEEs), analyzing 223 references to assess their usability, deployment, and potential improvements for developing trusted applications.

Contribution

It provides a comprehensive categorization of TEE applications, analyzes developer tools, and evaluates trusted container projects to facilitate easier adoption and migration.

Findings

TEEs are increasingly adopted in various applications.

Developer tools for TEEs are diverse but need standardization.

Trusted containers show promise but require performance optimization.

Abstract

Trusted Execution Environments (TEEs) are a feature of modern central processing units (CPUs) that aim to provide a high assurance, isolated environment in which to run workloads that demand both confidentiality and integrity. Hardware and software components in the CPU isolate workloads, commonly referred to as Trusted Applications (TAs), from the main operating system (OS). This article aims to analyse the TEE ecosystem, determine its usability, and suggest improvements where necessary to make adoption easier. To better understand TEE usage, we gathered academic and practical examples from a total of 223 references. We summarise the literature and provide a publication timeline, along with insights into the evolution of TEE research and deployment. We categorise TAs into major groups and analyse the tools available to developers. Lastly, we evaluate trusted container projects, test performance, and identify the requirements for migrating applications inside them.