A new publication has been accepted in the 42nd IEEE International Conference on Distributed Computing Systems (ICDCS’22), titled WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone. This paper presents WebAssembly as an efficient and secure runtime for trusted execution on commodity devices leveraging TrustZone with remote attestation support. This conference is located in Bologna, Italy, from July 10 to 13, 2022.
Abstract: WebAssembly (Wasm) is a novel low-level bytecode format that swiftly gained popularity for its efficiency, versatility and security, with near-native performance. Besides, trusted execution environments (TEEs) shield critical software assets against compromised infrastructures. However, TEEs do not guarantee the code to be trustworthy or that it was not tampered with. Instead, one relies on remote attestation to assess the code before execution. This paper describes WaTZ, which is (i) an efficient and secure runtime for trusted execution of Wasm code for Arm’s TrustZone TEE, and (ii) a lightweight remote attestation system optimised for Wasm applications running in TrustZone, as it lacks built-in mechanisms for attestation. The remote attestation protocol is formally verified using a state-of-the-art analyser and model checker. Our extensive evaluation of Arm-based hardware uses synthetic and real-world benchmarks, illustrating typical tasks IoT devices achieve. WaTZ’s execution speed is on par with Wasm runtimes in the normal world and reaches roughly half the speed of native execution, which is compensated by the additional security guarantees and the interoperability offered by Wasm. WaTZ is open-source and available on GitHub along with instructions to reproduce our experiments.
The publication is part of an initiative that strengthens the trusted execution of software on edge and IoT devices, a scenario faced by VEDLIoT.
Open access here.