A Fine-Grained General Purpose Secure Storage Facility For Trusted Execution Environment

In this paper we address the problem of enforcing data access control over the storage area of a mobile device running different and independent third party applications. To this end, we present the design of a general purpose secure file system that allows to guarantee file-grained data confidentiality at OS level. Data encryption, key management and policy enforcement are based on Trusted Execution Environment (TEE) facilities. We describe a prototype implementation and discuss preliminary performance results.