What You Trust Is Insecure: Demystifying How Developers (Mis)Use Trusted Execution Environments in Practice

TL;DR

This study provides a comprehensive analysis of how developers use Trusted Execution Environments in real-world projects, revealing prevalent application domains, integration practices, and security issues to inform future improvements.

Contribution

It is the first large-scale empirical study of TEE usage in open-source projects, highlighting practical adoption patterns, usability challenges, and security vulnerabilities.

Findings

IoT security is the dominant TEE application domain (30%)

Many projects reimplement cryptographic functions instead of using SDKs (32.4%)

Over a quarter of projects show insecure coding behaviors (25.3%)

Abstract

Trusted Execution Environments (TEEs), such as Intel SGX and ARM TrustZone, provide isolated regions of CPU and memory for secure computation and are increasingly used to protect sensitive data and code across diverse application domains. However, little is known about how developers actually use TEEs in practice. This paper presents the first large-scale empirical study of real-world TEE applications. We collected and analyzed 241 open-source projects from GitHub that utilize the two most widely-adopted TEEs, Intel SGX and ARM TrustZone. By combining manual inspection with customized static analysis scripts, we examined their adoption contexts, usage patterns, and development practices across three phases. First, we categorized the projects into 8 application domains and identified trends in TEE adoption over time. We found that the dominant use case is IoT device security (30%), which contrasts sharply with prior academic focus on blockchain and cryptographic systems (7%), while AI model protection (12%) is rapidly emerging as a growing domain. Second, we analyzed how TEEs are integrated into software and observed that 32.4% of the projects reimplement cryptographic functionalities instead of using official SDK APIs, suggesting that current SDKs may have limited usability and portability to meet developers' practical needs. Third, we examined security practices through manual inspection and found that 25.3% (61 of 241) of the projects exhibit insecure coding behaviors when using TEEs, such as hardcoded secrets and missing input validation, which undermine their intended security guarantees. Our findings have important implications for improving the usability of TEE SDKs and supporting developers in trusted software development.