KeVlar-Tz - A Secure Cache for ArmTrustZone - (Practical Experience Report).

Edge devices are increasingly in charge of storing privacy-sensitive data, in particular implantables, wearables, and nearables can potentially collect and process high-resolution vital signs 24/7. Storing and performing computations over such data in a privacy-preserving fashion is of paramount importance. We present KeVlar-Tz, an application-level trusted cache designed to leverage ArmTrustZone, a popular trusted execution environment available in consumer-grade devices. To facilitate the integration with existing systems and IoT devices and protocols, KeVlar-Tz exposes a REST-based interface with connection endpoints inside the TrustZone enclave. Furthermore, it exploits the on-device secure persistent storage to guarantee durability of data across reboots. We fully implemented KeVlar-Tz on top of the Op-Tee framework, and experimentally evaluated its performance. Our results showcase performance trade-offs, for instance in terms of throughput and latency, for various workloads, and we believe our results can be useful for practitioners and in general developers of systems for TrustZone. KeVlar-Tz is available as open-source at https://github.com/mqttz/kevlar-tz/ .